320 likes | 485 Views
The Multi-Agency Enterprise Active Directory Forest. Introduction. Keith Kawamura Network Technologies Manager Department of General Administration Member of the EAD Resource Group. Session Goal. To provide a better understanding of the State of Washington's Forest Environment.
E N D
Introduction Keith Kawamura Network Technologies Manager Department of General Administration Member of the EAD Resource Group
Session Goal To provide a better understanding of the State of Washington's Forest Environment.
What is a Forest? • One or more domain trees that do not form a contiguous namespace. • Forests allow organizations to group divisions that operate independently but still need to communicate with one another.
Major Benefits • Economies of Shared Infrastructure • Administration • Technical support • Installation Processes • Trouble shooting • Monitoring • On going updates and reconfiguration
Active Directory Implementation 3 Forests • WA.LCL – Production Forest • WAT.TST – Pre-production – Any agency joining at a minimum must start here and keep a presence here after joining production forest. • WAL.LAB – For base level of testing (Applications, Schema Changes, patches, join procedures, etc.)
Project History • Win2K converges network and data base (Exchange 2000 uses the OS directory) • LAN Managers group attempted to install in 1999 and not successful. • Appeal to CAB Infrastructure Subcommittee 1999 • CAB Pilot Winter 2000 recommended single forest for the state. • Project Steering Committee formed - kickoff Fall 2000 • Project completion June 2001
CAB Forest Objectives • Create a State Forest Win2k Server environment and install the statewide root for agencies who want to join. • Implement the first version of the Active Directory. • Provide a foundation to allow shared applications / data. • Establish governing policies for the state forest. • Implement Exchange 2003
Project To Date • Broad participation • CAB authorized • Governance model in practice • Preparation for Exchange 2003
Perspective • Washington state is a national leader • Governance model is unique and robust—didn’t come down “from the top” • The project focuses on business results • The quality is very high • The project positions agencies for the future
Enterprise Directory Governance Model CAB Enterprise Active Directory Agencies DIS Steering Committee DIS EAD Application Root EAD Resource Group Developers Management
Participants: DSHS ESD DFI GA L&I OFM DOP DIS DOT DOL Observers: LEG ECY DOR DRS Win2k Steering Committee Chair: Phil Grigg
EAD Resource Group • Responsible for network infrastructure, operations, and change management • Interagency technical working group • Develops project documents • Makes recommendations to the Steering Committee • Chair: John Ditto (DIS)
EAD Application Developers • Two sets of responsibilities • Startup and Ongoing • Define Active Directory strategic direction and recommend direction to the Windows 2000 Steering Committee in three areas: • Active Directory Schema • Application use of the Active Directory • Approval of applications that use Active Directory • Chair: Gregg Arndt
Connected Agencies • In Production DSHS, LNI, GA, DOP, ESD, DIS (Shared Services), WSP • In Pre-Production DIS, OFM, DFI, HCA • In LAB Forest DOH, DRS • Petitioning to join SAO
DIS • Executes decisions made by the Steering Committee • Steering Committee recommendations are incorporated into the DIS service level agreement • Operates the root domain structure • DIS sits on the Steering Committee (DIS does NOT make forest decisions)
Forest Root Service Level Agreement (SLA) • Forest Root Responsibilities • Implement Steering Committee Policy • Hardware and Software for the Root Domain • 99.9% availability in Production Environment • Production, Pre-production and Test Environment • Follow Change Control Processes • Root administration • Provides Problem Management • Contracts Vendor Technical Support 7/24/365
Forest Root SLA (cont.) • Security Administration • Implement all Security Policies set by Enterprise AD Steering Committee • Protect Customers from unauthorized use of their intellectual property • IPSec between all Domain Controllers • Secure physical access • Change Management
Forest Root SLA (cont.) • Client Agency Responsibilities • Maintain one active SLA per agency • Hardware and Software for the Agency Child Domain • Designated primary and secondary technical support staff • Maintain participation in the Pre-Production Forest • Follow all security procedures • Follow all change control processes • Adhere to Naming Conventions and Standards
Enterprise Forest Root Support Model DeputyDirector, DIS
Multi-Agency Forest Benefits • Ability to share applications and static data with agencies connected to the Active Directory • Ability to delegate authority across agencies. OFM is reviewing this for their fiscal systems. • Simplified security model Single Sign-on. – OFM is currently working on a proof-of-concept for non-compliant applications. • Authentication/Authorization Backbone to reduce redundancy of Point solutions.
Security Emphasis • Active Directory is the Yellow Pages of our network resources. • The State of Washington as a single Enterprise. • Secure the Data. • Free the Users.
Benefits of an Enterprise AD • Active Directory securely shares identity information statewide • Reduced IT administration (Centralized Root) • Supports delegation, and application development • Joining the State forest is less costly and easier than going it alone (Leverage what is already established) • Build the enterprise community
Forest Applications for Consideration • Exchange 2003 (Note: Exchange 5.5 Support ends as of 12-31-03) • E-mail Archiving and Retention System (EARS) • Mobil Messaging • Ingress/Egress E-mail Virus Scanning • FAX Services • Automatic Distribution Lists • Common Public folders • Instant Messaging
Forest Applications for Consideration (cont.) • Outlook Web Access • State Wide Work Flow • Automatic Organizational Charting • Automatic Scan Book Updates • Interagency Calendar View/Meeting Planner • Single Sign on • Human Resource Application
Summary • CAB-approved, interagency project • All decisions are made through the interagency Steering Committee • Active Directory shares user and other information automatically • Much of the work is already done and can be accessed at: http://sww.wa.gov/win2k
Thank you! • Contacts • Phil Grigg - Chair, Enterprise AD Steering Committee • (360) 902-7452 Email: PGrigg@ga.wa.gov • Gregg Arndt - Chair, Forest Application Developers • (360) 664-6418 email: GreggA@dop.wa.gov • Allen Schmidt – Project Manager, Single Sign-On Prototype • (360) 725-5272 email:Allen.Schmidt@ofm.wa.gov • John Ditto – Chair, Forest Resource Group • (360) 902-0349 Email: ditto@dis.wa.gov (in the GAL) • Bob Deshaye – Service Level Agreements • (360) 902-3336 Email: BobD@dis.wa.gov ( in the Gal)