1 / 32

The Multi-Agency Enterprise Active Directory Forest

The Multi-Agency Enterprise Active Directory Forest. Introduction. Keith Kawamura Network Technologies Manager Department of General Administration Member of the EAD Resource Group. Session Goal. To provide a better understanding of the State of Washington's Forest Environment.

koen
Download Presentation

The Multi-Agency Enterprise Active Directory Forest

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Multi-Agency Enterprise Active Directory Forest

  2. Introduction Keith Kawamura Network Technologies Manager Department of General Administration Member of the EAD Resource Group

  3. Session Goal To provide a better understanding of the State of Washington's Forest Environment.

  4. What is a Forest? • One or more domain trees that do not form a contiguous namespace. • Forests allow organizations to group divisions that operate independently but still need to communicate with one another.

  5. Major Benefits • Economies of Shared Infrastructure • Administration • Technical support • Installation Processes • Trouble shooting • Monitoring • On going updates and reconfiguration

  6. Active Directory Implementation 3 Forests • WA.LCL – Production Forest • WAT.TST – Pre-production – Any agency joining at a minimum must start here and keep a presence here after joining production forest. • WAL.LAB – For base level of testing (Applications, Schema Changes, patches, join procedures, etc.)

  7. Project History • Win2K converges network and data base (Exchange 2000 uses the OS directory) • LAN Managers group attempted to install in 1999 and not successful. • Appeal to CAB Infrastructure Subcommittee 1999 • CAB Pilot Winter 2000 recommended single forest for the state. • Project Steering Committee formed - kickoff Fall 2000 • Project completion June 2001

  8. CAB Forest Objectives • Create a State Forest Win2k Server environment and install the statewide root for agencies who want to join. • Implement the first version of the Active Directory. • Provide a foundation to allow shared applications / data. • Establish governing policies for the state forest. • Implement Exchange 2003

  9. Project To Date • Broad participation • CAB authorized • Governance model in practice • Preparation for Exchange 2003

  10. Perspective • Washington state is a national leader • Governance model is unique and robust—didn’t come down “from the top” • The project focuses on business results • The quality is very high • The project positions agencies for the future

  11. Enterprise Directory Governance Model CAB Enterprise Active Directory Agencies DIS Steering Committee DIS EAD Application Root EAD Resource Group Developers Management

  12. Participants: DSHS ESD DFI GA L&I OFM DOP DIS DOT DOL Observers: LEG ECY DOR DRS Win2k Steering Committee Chair: Phil Grigg

  13. EAD Resource Group • Responsible for network infrastructure, operations, and change management • Interagency technical working group • Develops project documents • Makes recommendations to the Steering Committee • Chair: John Ditto (DIS)

  14. EAD Application Developers • Two sets of responsibilities • Startup and Ongoing • Define Active Directory strategic direction and recommend direction to the Windows 2000 Steering Committee in three areas: • Active Directory Schema • Application use of the Active Directory • Approval of applications that use Active Directory • Chair: Gregg Arndt

  15. Connected Agencies • In Production DSHS, LNI, GA, DOP, ESD, DIS (Shared Services), WSP • In Pre-Production DIS, OFM, DFI, HCA • In LAB Forest DOH, DRS • Petitioning to join SAO

  16. DIS • Executes decisions made by the Steering Committee • Steering Committee recommendations are incorporated into the DIS service level agreement • Operates the root domain structure • DIS sits on the Steering Committee (DIS does NOT make forest decisions)

  17. Forest Root Service Level Agreement (SLA) • Forest Root Responsibilities • Implement Steering Committee Policy • Hardware and Software for the Root Domain • 99.9% availability in Production Environment • Production, Pre-production and Test Environment • Follow Change Control Processes • Root administration • Provides Problem Management • Contracts Vendor Technical Support 7/24/365

  18. Forest Root SLA (cont.) • Security Administration • Implement all Security Policies set by Enterprise AD Steering Committee • Protect Customers from unauthorized use of their intellectual property • IPSec between all Domain Controllers • Secure physical access • Change Management

  19. Forest Root SLA (cont.) • Client Agency Responsibilities • Maintain one active SLA per agency • Hardware and Software for the Agency Child Domain • Designated primary and secondary technical support staff • Maintain participation in the Pre-Production Forest • Follow all security procedures • Follow all change control processes • Adhere to Naming Conventions and Standards

  20. Enterprise Forest Root Support Model DeputyDirector, DIS

  21. Multi-Agency Forest Benefits • Ability to share applications and static data with agencies connected to the Active Directory • Ability to delegate authority across agencies. OFM is reviewing this for their fiscal systems. • Simplified security model Single Sign-on. – OFM is currently working on a proof-of-concept for non-compliant applications. • Authentication/Authorization Backbone to reduce redundancy of Point solutions.

  22. Security Emphasis • Active Directory is the Yellow Pages of our network resources. • The State of Washington as a single Enterprise. • Secure the Data. • Free the Users.

  23. Benefits of an Enterprise AD • Active Directory securely shares identity information statewide • Reduced IT administration (Centralized Root) • Supports delegation, and application development • Joining the State forest is less costly and easier than going it alone (Leverage what is already established) • Build the enterprise community

  24. Forest Applications for Consideration • Exchange 2003 (Note: Exchange 5.5 Support ends as of 12-31-03) • E-mail Archiving and Retention System (EARS) • Mobil Messaging • Ingress/Egress E-mail Virus Scanning • FAX Services • Automatic Distribution Lists • Common Public folders • Instant Messaging

  25. Forest Applications for Consideration (cont.) • Outlook Web Access • State Wide Work Flow • Automatic Organizational Charting • Automatic Scan Book Updates • Interagency Calendar View/Meeting Planner • Single Sign on • Human Resource Application

  26. Summary • CAB-approved, interagency project • All decisions are made through the interagency Steering Committee • Active Directory shares user and other information automatically • Much of the work is already done and can be accessed at: http://sww.wa.gov/win2k

  27. Thank you! • Contacts • Phil Grigg - Chair, Enterprise AD Steering Committee • (360) 902-7452 Email: PGrigg@ga.wa.gov • Gregg Arndt - Chair, Forest Application Developers • (360) 664-6418 email: GreggA@dop.wa.gov • Allen Schmidt – Project Manager, Single Sign-On Prototype • (360) 725-5272 email:Allen.Schmidt@ofm.wa.gov • John Ditto – Chair, Forest Resource Group • (360) 902-0349 Email: ditto@dis.wa.gov (in the GAL) • Bob Deshaye – Service Level Agreements • (360) 902-3336 Email: BobD@dis.wa.gov ( in the Gal)

More Related