Www.netdesk.com Let’s Get It Together The Statewide Active Directory Forest.
The Multi-Agency Enterprise Active Directory Forest
description
Transcript of The Multi-Agency Enterprise Active Directory Forest
The Multi-Agency Enterprise Active Directory Forest
Introduction
Keith Kawamura
Network Technologies ManagerDepartment of General
AdministrationMember of the EAD Resource Group
Session Goal
To provide a better understanding of the
State of Washington's Forest Environment.
What is a Forest?
One or more domain trees that do not form a contiguous namespace.
Forests allow organizations to group divisions that operate independently but still need to communicate with one another.
Major Benefits
Economies of Shared Infrastructure Administration Technical support Installation Processes Trouble shooting Monitoring On going updates and reconfiguration
Active Directory Implementation
3 Forests WA.LCL – Production Forest WAT.TST – Pre-production – Any agency
joining at a minimum must start here and keep a presence here after joining production forest.
WAL.LAB – For base level of testing (Applications, Schema Changes, patches, join procedures, etc.)
Project History
Win2K converges network and data base (Exchange 2000 uses the OS directory)
LAN Managers group attempted to install in 1999 and not successful.
Appeal to CAB Infrastructure Subcommittee 1999
CAB Pilot Winter 2000 recommended single forest for the state.
Project Steering Committee formed - kickoff Fall 2000
Project completion June 2001
CAB Forest Objectives
Create a State Forest Win2k Server environment and install the statewide root for agencies who want to join.
Implement the first version of the Active Directory.
Provide a foundation to allow shared applications / data.
Establish governing policies for the state forest.
Implement Exchange 2003
Project To Date
Broad participation CAB authorized Governance model in practice Preparation for Exchange 2003
Perspective
Washington state is a national leader Governance model is unique and
robust—didn’t come down “from the top”
The project focuses on business results
The quality is very high The project positions agencies for the
future
CAB
Agencies Enterprise Active DirectorySteering Committee
DIS
DIS Root
Management EAD Resource EAD Application
Group Developers
Enterprise Directory Governance Model
Win2k Steering Committee
Participants: DSHS ESD DFI GA L&I OFM DOP DIS DOT DOL
Observers: LEG ECY DOR DRS
Chair: Phil Grigg
EAD Resource Group
Responsible for network infrastructure, operations, and change management
Interagency technical working group Develops project documents Makes recommendations to the
Steering Committee Chair: John Ditto (DIS)
EAD Application Developers
Two sets of responsibilities Startup and Ongoing
Define Active Directory strategic direction and recommend direction to the Windows 2000 Steering Committee in three areas: Active Directory Schema Application use of the Active Directory Approval of applications that use Active
Directory Chair: Gregg Arndt
Connected Agencies
In Production DSHS, LNI, GA, DOP, ESD, DIS (Shared Services), WSP
In Pre-Production DIS, OFM, DFI, HCA
In LAB Forest DOH, DRS Petitioning to join SAO
DIS Executes decisions made by the
Steering Committee Steering Committee
recommendations are incorporated into the DIS service level agreement
Operates the root domain structure DIS sits on the Steering Committee
(DIS does NOT make forest decisions)
Forest Root Service Level Agreement (SLA)
Forest Root Responsibilities Implement Steering Committee Policy Hardware and Software for the Root Domain 99.9% availability in Production Environment Production, Pre-production and Test
Environment Follow Change Control Processes Root administration Provides Problem Management Contracts Vendor Technical Support 7/24/365
Forest Root SLA (cont.)
Security Administration Implement all Security Policies set by Enterprise
AD Steering Committee Protect Customers from unauthorized use of their
intellectual property IPSec between all Domain Controllers Secure physical access
Change Management
Forest Root SLA (cont.)
Client Agency Responsibilities Maintain one active SLA per agency Hardware and Software for the Agency Child
Domain Designated primary and secondary technical
support staff Maintain participation in the Pre-Production
Forest Follow all security procedures Follow all change control processes Adhere to Naming Conventions and Standards
Enterprise Forest Root Support Model
Deputy Director, DIS
Multi-Agency Forest Benefits
Ability to share applications and static data with agencies connected to the Active Directory
Ability to delegate authority across agencies. OFM is reviewing this for their fiscal systems.
Simplified security model Single Sign-on. – OFM is currently working on a proof-of-concept for non-compliant applications.
Authentication/Authorization Backbone to reduce redundancy of Point solutions.
Security Emphasis
Active Directory is the Yellow Pages of our network resources.
The State of Washington as a single Enterprise.
Secure the Data. Free the Users.
Benefits of an Enterprise AD
Active Directory securely shares identity information statewide
Reduced IT administration (Centralized Root)
Supports delegation, and application development
Joining the State forest is less costly and easier than going it alone (Leverage what is already established)
Build the enterprise community
Forest Applications for Consideration
Exchange 2003 (Note: Exchange 5.5 Support ends as of 12-31-03)
E-mail Archiving and Retention System (EARS)
Mobil Messaging Ingress/Egress E-mail Virus Scanning FAX Services Automatic Distribution Lists Common Public folders Instant Messaging
Forest Applications for Consideration (cont.)
Outlook Web Access State Wide Work Flow Automatic Organizational Charting Automatic Scan Book Updates Interagency Calendar View/Meeting
Planner Single Sign on Human Resource Application
Summary CAB-approved, interagency project All decisions are made through the
interagency Steering Committee Active Directory shares user and
other information automatically Much of the work is already done and
can be accessed at:
http://sww.wa.gov/win2k
Thank you! Contacts
Phil Grigg - Chair, Enterprise AD Steering Committee
(360) 902-7452 Email: [email protected] Gregg Arndt - Chair, Forest Application Developers
(360) 664-6418 email: [email protected] Allen Schmidt – Project Manager, Single Sign-On
Prototype (360) 725-5272 email:[email protected]
John Ditto – Chair, Forest Resource Group (360) 902-0349 Email: [email protected] (in the GAL)
Bob Deshaye – Service Level Agreements (360) 902-3336 Email: [email protected] ( in the Gal)