Preparing Domain and Group Structure Essay

active Directory documentation operate active agent Directory Certificate operate agile Directory Certificate run (AD CS) provides customiz satisfactory services for issuing and managing certificates in software gage systems that physical exertion public key technologies. You go off habit AD CS to shit hotshot or more protection authorities (CA) to receive certificate requests, verify the culture in the requests and the individuality of the requester, issue certificates, revoke certificates, and publish certificate revocation data. covers supported by Active Directory Certificate Services include Secure/Multipurpose mesh Mail Extensions (S/MIME), secure wireless profitss, virtual private engagements (VPN), IP auspices (IPSec), Encrypting File System (EFS), smart card logon, Secure Socket Layer/ place Layer Security (SSL/TLS), and digital signatures.Active Directory man ServicesActive Directory Domain Services (AD DS) neckcloths teaching about utilisationrs, c omputing machines, and other devices on the internet. AD DS helps administrators securely pull off this in runation and facilitates resource sharing and quislingism between functionrs. AD DS is overly required to be installed on the network in order to install directory-enabled coats such as Microsoft strain-and- stock host and for applying other Windows host technologies such as Group Policy.Active Directory Federation ServicesActive Directory Federation Services (AD FS) provides Web star-sign-on (SSO) technologies to authenticate a employr to nine-fold Web applications that use a single user tarradiddle. AD FS accomplishes this by securely federating, or sharing, user identities and permissions, in the form of digital claims, between partner organizations.Active Directory Lightweight Directory ServicesOrganizations that have applications which require a directory for storing application data preserve use Active Directory Lightweight Directory Services (AD LDS) as the data store. AD LDS go alongs as a non- run-system service. in that respectfore, AD LDS does non require positionment on a earthly concern controller. Running as a non-operating-system service allows multiple instances of AD LDS to run at the same time on a single innkeeper, and each instance corporation be configured independently for servicing multiple applications.Active Directory Rights Management Services (AD RMS)Active Directory Rights Management Services is tuition protection technology that works with AD RMS -enabled applications to help safeguard digital information from unauthorized use. Content owners can define exactly how a recipient can use the information, such as who can open, change, print, forward, or take other actions with the information. Organizations can create custom usage rights templates such as Confidential Read-Only that can be applied directly to information such as financial reports, product specifications, customer data, and e-mail messages .Application ServerApplication Server provides a realized solution for hosting and managing high-performance distrisolelyed business applications. Integrated services,such as the .NET Framework, Web Server Support, inwardness Queuing, COM+, Windows Communication Foundation, and Failover Clustering support improve productivity throughout the application life cycle, from design and development through deployment and operations.Dynamic Host class Protocol ServerThe Dynamic Host Configuration Protocol (DHCP) allows servers to assign, or l lull, IP addresses to computers and other devices that are enabled as DHCP clients. Deploying DHCP servers on the network automatically provides computers and other TCP/IP based network devices with valid IP addresses and the additional configuration parameters these devices guide./these are known as DHCP options, which allow them to touch base to other network resources, such as DNS servers, WINS servers, and routers.DNS ServerDomain public fig ure System (DNS) provides a standard method for associating names with numeric network addresses. This lets users refer to network computers by victimization easy-to-remember names instead of a long series of numbers. Windows DNS services can be integrated with DHCP services, eliminating the need to add DNS records as computers are added to the network.Fax ServerFax Server sends and receives faxes, and lets you manage fax resources such as jobs, ranktings, reports, and fax devices on this computer or on the network.File ServicesFile Services provides technologies for remembering management, file tax return, distributed namespace management, fast file searching, and streamlined client access to files, such as UNIX-based client computers. Hyper-VHyper-V provides the services that you can use to create and manage virtual computing environments and their resources. Virtual computers operate in an isolated operating environment. This lets you to run multiple operating systems at the same time. You can use a virtualized computing environment to improve the efficiency of your computing resources by exploitation more of your hardware resources. communicate Policy and Access ServicesNetwork Policy and Access Services delivers m both antithetical methods to giveusers local and remote network connectivity, to connect network segments, and to allow network administrators to centrally manage network access and client health policies. With Network Access Services, you can deploy VPN servers, dial-up servers, routers, and 802.11-protected wireless access. You can also deploy RADIUS servers and proxies, and use Connection Manager Administration Kit to create remote access profiles to let client computers to connect to the network.Print and roll ServicesPrint and Document Services enables you to centralize print server and network printer management tasks. With this case, you can also receive scanned documents from network scanners, and route the documents to a shared network resource, a Windows SharePoint Services turn up, or to e-mail addresses.Remote Desktop ServicesRemote Desktop Services provides technologies that enable users to access Windows-based programs that are installed on a remote scope server, or to access the Windows desktop itself, from almost any computing device. Users can connect to a remote desktop server to run programs and to use network resources on that server. Web Server (IIS)The Web Server (IIS) role in Windows Server 2008 R2 lets you share information with users on the Internet, an intranet, or an extranet. Windows Server 2008 R2 delivers IIS 7.5, a unified Web platform that integrates IIS, ASP.NET, and Windows Communication Foundation.Windows Deployment ServicesYou can use Windows Deployment Services to install and configure remotely Windows operating systems on computers that have Pre-boot Execution Environment (PXE) boot ROMs. Administration overhead is fall through the implementation of the WdsMgmt Microsoft Man agement Console (MMC) snap-in that manages all aspects of Windows Deployment Services. Windows Deployment Services also provides end-users an experience consistent with Windows Setup.Windows Server modify ServicesWindows Server Update Services allows network administrators to specify the Microsoft updates that should be installed, to create separate groups ofcomputers for different sets of updates, and to obtain reports on the compliance levels of the computers and on the updates that must be installed. organizational Units (OUs) testament be set up for each location. There volition be two OUs for each management and employee. These OUs go forth be use to control user access to resources and login. Administrators pass on be able to track down users through the organization if their roles change without having to recreate their accounts. Kudler amercement Foods explosive growth has brought the company to the point where it is time to shift paradigms to a unfermented, modern n etwork and information technology infrastructure. The cornerst integrity of this impudently bag is going to be Windows Server 2008 R2 (W2k8R2).W2k8R2 is able to maximize IT efficiencies and security victimisation the Active Directory system of administration and organization. It uses a forest-based system which we bequeath use to efficiently manage Kudlers multiple existing and future locations.The go under of the Kudler sphere of influence go out be physically located in La Jolla at incarnate Headquarters. It allow for be named kudler.com. The La Jolla branch Domain Controller pass on be lajolla.kudler.com. Each subsequent branch get out also have a Domain Controller, also in the stem kudler.com domain, and also named its location. Del Mar will have delmar.kudler.com as its DC and Encinitas will have encinitas.kudler.com as its local DC.Each DC will hold a copy of the global catalog for fault gross profit purposes. This will enable each location to provide login servic es in the egress that the link to corporeal headquarters is broken.Having a single domain with Domain Controllers spread out at each location will make security maintenance a simpler task. With only one domain, attached via order links, a single administrator can push security policies to remote locations. This enables lower administration costs because each site does not require an admin on payroll. This model also allow corporate to go steady that proper policies are being implemented, and conform toed, at all locations.Another proceeds of this model is that users only need to be input in to one Active Directory and they will be able to access their login at any authorized company location. Authorized locations will be enforced with organizational Units (OUs). Users will be placed in OUs that signify what resources they are allowed to access. The Corporate OU will be allowed to login at any location. Each store will also have an OU named for them, and employees at those st ores will only be able to log in at their store. A benefit in ease of administration is that if a user moves stores, they do not need a new account. They only need to be moved in to the new applicable OU.In order to view the system runs smoothly there will be new ongoing Management Tasks. These will ensure that the system is kept up to date and that necessary legal and security requirements are met. It will be up to Kudler Management to determine the form requirements, or authorize P&G to draft them, but the follow should be considered at a minimum1) New User prepare This will be completed at employee onboarding. It will suffer a Notice of Monitoring and Proper Use rules so that in the cause of any misconduct by the employee legal action can take place. It will also give the system administrator all the information needed to create the users account and place them in the proper OUs. When the form is completed it should be faxed (since it requires a signature) to headquarters w ithout delay for action.2) Employee Transfer Form This will be completed if an existing employee moves from one store to another. This will be used to move the employees account from their existing OU to the new proper one. It will include things like username, up-to-the-minute location, new location, and effective date. Store managers can complete it online and email it to corporate administrators.3) Employee Termination Form This form will be sent from a store manager to terminate an employees access to the network. It will contain the username, current location, and effective date.4) Active Directory Backup A procedure will need to be vetted that backs up the current Active Directory State and verifies it. The butt periodicity will need to be determined as wellhead as the backup location. We recommend that it be completed at least weekly and the backup be replicated to each ofthe company sites. This ensures that in the unconstipatedt of a Active Directory malfunction that all users, group policies, and computer accounts can be restored. The purpose of replicating it to each site is so that if any site is destroyed, the other sites still have it. This is less costly than dedicated offsite storage.5) military control Data Backup A procedure for business data, ie invoices, commission disk operating systemments, payroll, personnel files, inventory control, etc, must be created as well. Like the AD Backup, we recommend that it be replicated to each site, and for the same reasons. However we recommend that the periodicity of this backup be done at least daily, possibly even hourly, due to the extremely high value of the data to the business. P&G can begin implementation immediately if these methods are acceptable to Kudler.Kudler Fine Foods new IT Infrastructure is based on Windows Active Directory. Active Directory requires properly configured Domain Name Services (DNS) in order to function. We will be configuring Active Directory Integrated DNS in the ne w Infrastructure rollout.While DNS and Active Directory naming conventions can be the same, they do not necessarily HAVE to be the same. We will be using a tiered approach to DNS that will not directly mimicker the AD naming convention. The tiers will be based on geographic location, unlike the AD naming convention that is unified.The DNS hierarchy will be arranged like thisAs previously discussed, each store will have a Active Directory Domain Controller as well. There is no need for Read-Only Domain Controllers (RODCs) in Kudlers architecture. Each stores AD Domain Controller will host a copy of the Global Catalog. This will ensure that in the event of a site link outage that each store is still able to procedure logins.Active Directory Sites and Services will handle domain Controller repercussion natively. Each store will be assigned a network subnet. That subnet will be entered in as the network ID for that stores site. SinceKudler has high speed links at all current sites, r eplication will be set to occur at all times, using high-bandwidth. A site-link called CA-Intra-State will be created and used for these connections.The strategy will be different for new stores outside California. Each new state that Kudler expands to will have a single location connected to La Jolla via a high-speed link. This location, like those in California, will be set to to eternally replicate using high-bandwidth. A new site-link for each state will be created called StateX-Corp-Sync.Where things differ now is that each subsequent site in that new state will have a low-speed connection the state hub. A site link called StateX-Intra-State will be created, and each site in that state will be added to that link. It will be set to a low-speed link and told to only replicate when needed. This will preserve bandwidth but still ensure that remote sites get updates from corporate, albeit at a sulky pace.If Kudler continues to grow past two or three states, it would be deserving looking at regionalizing so that La Jolla does not have to work on all the load.ReferencesKudler Fine Food. (2013). Retrieved fromhttp//https//ecampus.phoenix.edu/secure/aapd/cwe/citation_generator/web_01_01.asp Morimoto, R., Noel, M., Droubi, O., Mistry, R., & Amaris, C. (2010). Windows Server 2008 R2 unleashed. Indianapolis, IN Sams.Panek, W. (2011). MCTS Windows Server 2008 R2 complete study guide (exams 70-640, 70- 642 and 70-643). Indianapolis, IN Wiley Technology.