User Account

All Pages

Deployment of one active directory forest

Assignment Help English
Reference no: EM131465212

General

Active Directory Forest :

Deployment of one Active Directory Forest will suffice for WWTC's requirments. There are not requirements for data isolation within WWTC's Active Directory configuration and any data separation can be performed using data isolation. A single-forest was chosen because it is very cost-effective and requires the least amount of administrative support.

For example, with only one forest, the global catalog does not require synchronization across forests and management of a duplicate infrastructure is not required.

An organizational forest model will be used with user accounts and resources contained in the forest and managed independently. The forest will be used to provide service and data isolation. This has been chosen insteady of other models where resources and users are isolated in separate forests.

Active Directory Domain :

WTC will use an Organizational Domain Forest to provide autonomous groups within the forest as required. The New York office will have a separate domain from the Hong Kong office since it will be largely autonomous. In addition, a separate domain can be created to restrict access to confidential data. Since WWTC will have few IT personnel to care for day-to-day IT support activities in New York, the following functions will be maintained by forest-level administration:

· Creating and removing domain controllers

· Monitoring the functioning of domain controllers

· Managing services that are running on domain controllers

· Backing up and restoring the directory

Two domains will require that Group Policy settings as well as access control /auditing settings( required forest-wide) are implemented separately to each domain in the forest. This setup is considered a regional domain configuration and will reduce traffic over wide area network (WAN) links. While service administration will be carefully controlled at the Hong Kong office, the following functions will be maintained within the New York office:

· Creating organizational units (OUs) and delegating administration

· Repairing problems in the OU structure that OU owners do not have sufficient access rights to fix

Instead of creating a separate forest root domain, the New York office function as the forest root domain. It will be a parent domain to the other offices. Service administrator accounts will reside on the New York root domain while user accounts for each region will reside on the appropriate domain. For administration purposes, the branch officeswill functions as child domains under the New York root domain. This configuration was chosen because it is much easier to manage than a configuration with a separate domain for administrative accounts.

Active Directory Naming Convention:

WWTC.org is the Active Directory namespace used by WWTC. It is a registered fully qualified domain name for WWTC. WWTC will use the same internal and external namespace. WWTC.org will be used from inside and outside the organization without a separate namespace for internal access to resources. This means that the tree name (WWTC.org) is consistent for the private and public (Internet) allowing users to logon with the same credentials internally and externally.

This requires a separate zone outside the firewall to provide name resolution for public resources and does create security concerns to ensure that clients accessing resources from outside the organization do not have access to internal company resources. This also creates the requirement for maintaining the records on both the internal and external DNS servers simultaneously. The attached illustration shows this configuration.

Application Services:

Windows Server 2012 is installed on the network and the following Active Directory features will be implemented.

· Windows Deployment Services (WDS) will be implemented to allows network-based installation of Windows Operating Systems (OS) to reduce the complexity and cost of manual installation. This will require a WDS Server as a member of the Active Directory Domain Services (AD DS) domain. This also requires a Dynamic Host Configuration Protocol (DHCP) server with an active scope sine PXE relies on DHCP for IP addressing.

· Smart Card Authentication will require valid user principal names (UPNs) since they are required fo smart card login. Since a certificate authority (CA) will issue the domain controller certificates, the root certificate will be added to the Trusted Root Certification Authorities group policy in Active Directory.

· IP Address Management (IPAM) will be implemented to provide highly customizable administrative and monitoring capabilities for the IP address infrastructure. IPAM will be used to discover, utilize, monitor, audit, and manage IP address space in the network. This requires an IPAM server that has connectivity to existing DHCP, DNS, DC, and NPS servers in the Active Directory forest.

WDS services will be hosted on the same computer as DHCP. This requires that WDS is configured so that it doesn't listen on Port 67 and DHCP option 60 will be used to notify a booting PXE client that there is a listening PXE server on the network. The server will also be configured to respond only to known client computers. This ensures that client computers are added to Active Directory before the image is deployed.

· File Classification Infrastructure (FCI) will be implemented to ensure that automatic classification is performed. The different classifications will be identified. Currently they are listed as Public and Confidential. The proper classification will be applied to every file using FCI. This process will be used to ensure that Confidential data is properly stored on encrypted drives and that all confidential files are transmitted using encrypted methods. Reporting based on these classification tabs will allow administrators to detect and respond to violations of the WWTC's data classification policy.

· Failover cluster services will be implemented so that the entire network has hardware, software, and storage redundancy. This independent group of servers and storage devices will work together to increase the availability of applications and services. If one clustered device fails, another will provide the lost services (called failover).

The cluster validation wizard will be used to ensure that all network components are compatible prior to implementation. It will also be used after implementation and as new devices are added to the network to maintain this capability. By implementing backup for all servers and storage, WWTC ensures that users experience a minimum of disruptions in service.

· Cache encryption will be implemented to store encrypted data by default. This means that data in cache is stored encrypted by default providing data security without requiring entire drive encryption.

· BranchCache will be implemented to increase performance, manageability, scalability, and availability. Duplicate files are eliminated while hashes and local storage at branch offices drastically reduce the amount of required WAN traffic.

· Bitlocker encryption will be used to protect all user and server data. The benefit is that the entire drive is encrypted and only requires the user's normal authentication to access the data. The bitlocker system on the wired network will be set up to automatically unlock the system volume during boot to reduce the internal help desk calls because of lost PINs.

Group policy settings will be enforced that require either Used Disk Space Only or Full Encryption is used when BitLocker is enabled on a drive.

Groups:

Users and computer accounts will be grouped to simplify administration by controlling permissions and rights rather than assigning them individually. Groups in Active Directory are objects that reside in the domain. Groups have a scope that identifies the extent that they are applied in the domain or forest. The three group scopes for WWTC are outlined below:

· Domain localscope is used to manage accounts within the domain. For example, a user group that requires access to a printer can be setup so that access to a new printer can be done for the entire group at once instead of doing a permission list for all five users. The five users will have global scope and will be added to a domain local scope group that can be assigned printer access.

· Global scope is used for directory objects that require daily maintenance, such as user accounts, computer accounts, or groups that require management across domains (such as a department in multiple locations).

· Universal scope is used to consolidate groups that span domains. Changes to global scope groups doesn't affect the universal scope group, but changes to the universal scope group causes the entire membership of the group to be replicated to every global catalog in the forest.

The scope and Organizational Unit setup has been outlined in the below diagram.

The above structure was chosen so that Group Policy could be applied to a select group of users or resources without having to set policies for each individual user.

Reference no: EM131465212

Questions Cloud

What are examples of each of four types of risk mitigation : What are examples of each of the four types of risk mitigation that are associated with buying a house?
Discuss the configuration steps needed : Discuss the configuration steps needed to install and configure a highly available DNS and DHCP landscape.
Marketing issue that is relevant to marketing research : What is marketing issue that is relevant to Marketing Research? Explain the relevance and importance.
Create and test the program using eclipse : Change the file templates so that all the files you create have your name and student number in them, Create and test the program using eclipse
Deployment of one active directory forest : There are not requirements for data isolation within WWTC's Active Directory configuration and any data separation can be performed using data isolation.
Describe possible digital evidence storage formats : Also describe possible digital evidence storage formats (raw, E01 (ewf), and AFF), the advantages and disadvantages of each.
What sort of activity has more than one dependency : What sort of activity has more than one dependency arrow flowing from it - Which activities are to be completed immediately following a particular activity?
Determine the eigenvalues and natural frequencies : In Figure, for torsional motion, complete the following tasks: Select coordinates, draw a free-body diagram for each disk, and develop the equations of motion.
Elements falling within the range : Using Assembly Language - Create a procedure that returns the sum of all array elements falling within the range j...k (inclusive).

Reviews

Write a Review

English Questions & Answers

  Write a journal review of ardiovascular risk in psoriatic

Write a Journal review of ardiovascular Risk in Psoriatic Arthritis - A Cross-Sectional Study.

  Research essay paper on the short story ''neighbors

Write a research essay paper on the short story ''Neighbors" by Raymond Carver with a worked sited documentation page

  Take a drive

Take a drive or walk around your neighborhood, place of work or military station, and copy down any signs or advertisements that are incorrectly punctuated and post them.

  Write an essay about your experiance in pocatello

write a polished essay where you recall details about your experiance in pocatello. You will organize a series of events in that you have experianced in pocatello into a cohesive essay.

  Write bibliography about article is google making us stupid

Write an annotated bibliography about the article "Is Google Making Us Stupid?"

  Grammar and flow of paper to best answer

grammar and flow of paper to best answer the health policy assignment. I am going to upload the directions. Also if possible some text can be googled to add the best reference as well as check the latest statistics to replace some old ones. Th paper ..

  What are the principles of the company or organization in

five pages research paper - must be on a company involved in the travel industry you can also write about a park

  How this concept causes struggles

how this concept causes struggles/conflicts for Mary Tyrone in "Long Day's Journey into Night" (Eugene O'neill) and the main female characters in "The Yellow Wallpaper" (Charlotte Perkins Gilman) or "Trifles" (Susan Glaspell). Give specific exampl..

  Does the supporting reasoning you provide relate logically

in this assignment you will revise and edit the research essay written in unit 3. in addition to reviewing and weighing

  Write a paper about children literature in dammam

Write a paper about Children Literature in Dammam.

  Discuss the similaritiesbetween the two daughters

Write a comparison/contrast essay discussing the similarities and differences between the two daughters (Maggie and Dee) in "Everyday Use" by Alice Walker.

  Explain the core conflict represented in the given story

Describe the core conflict represented in the story. Describe the theme of the story. Select three literary elements/techniques in the story and describe them.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd