1 / 25

Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration. Author: Liming Liao Date: 2/23/2001. What is Directory Services. It is the central authority that manages the identities and brokers the relationships between the distributed resources, enabling them to work together.

rae-mccarty
Download Presentation

Active Directory: Final Solution to Enterprise System Integration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Directory:Final Solution to Enterprise System Integration Author: Liming Liao Date: 2/23/2001

  2. What is Directory Services • It is the central authority that manages the identities and brokers the relationships between the distributed resources, enabling them to work together. • Examples: Yellow Pages, Shopping List • It is composed of objects like people, printers, servers, etc.

  3. Functions of Directory Service • A place to store information about network-based entities. • A consistent way to name, describe, locate, access, manage, and secure information about these individual resources.

  4. Why Directory Service is needed • local area networks (LANs) and wide area networks (WANs) grow larger and more complex. • networks are connected to the Internet. • applications require more from the network and are linked to other systems through corporate intranets.

  5. Life without a Central Directory Service

  6. Life without a Central Directory Service

  7. Disadvantages of life without a Central Directory Service • Data duplicates prone to user errors • same data for one object has to be input several times enterprise-widely • Update information for a single object may require changes to be made to numerous places • Multiple logins for a single user trying to access different databases or networks • Each database in the enterprise requires a separate login name and password • Each network in the enterprise requires a separate login name and password

  8. With Centralized Directory Services

  9. With Centralized Directory Services

  10. Advantages of Directory Services • Entry and management of personal data, such as name, phone number and supervisor, is centralized • These information is entered and stored in one place. If some of the information is entered wrongly or needs to be changed, it is easy to fix • No pain for duplicate inputs and updates

  11. Advantages of Directory Services • Information on user ID and password locations for computer systems is centralized • Instead of having user IDS and passwords scattered over several systems, they are managed form the central directory service • Security is improved because there are much less userIDs and passwords • Management of users’ userIDs is much easier for system admins

  12. Advantages of Directory Services • The procedure for determining the status and role of an individual in the organization is standardized • In a large organization, there will be a number of people that will come and go. It is important to determine the exact status or relationship to the company they represent

  13. Advantages of Directory Services • Lookup of names, addresses, phone numbers and other “white pages” information is standardized • Lookup of network resources like printers, servers, certificates and other “ yellow pages” information is standardized • Centralizing the management of the system will increase reliability and make it easier to keep it up to date

  14. Vendor-specific Directory Service Solution and Open Standards Directory Service Solutions • Directory Services- • Sun Microsystems NIS+ (Network Information Service Plus) • Novell’s NDC (NetWare Directory Service) • Microsoft’s Active Directory • Open Directory Service Solutions- • An Open Solution: X.500 • An Open Gateway Service • LDAP - the Lightweighted Directory Access Protocal

  15. Microsoft Active Directory • Active Directory is the first enterprise-class directory service that is scaleable, built from the ground up using Internet-standard technologies, and fully integrated with the operating system.

  16. Characteristics of Active Directory • Hierarchical Organization • It uses objects to represent network resources. • It uses containers to represent organizations. • It organizes information in a tree structure made up of these objects and containers. • Object-oriented Storage • Different objects can be assigned different attributes. • Administrators can assign access privileges to objects • Multi-Master Replication • Directories can be replicated on different servers and can be maintained locally across the network • User can locate resources using the local directory service rather than contact the central domain controller every time as in NT 4.0.

  17. Hierarchical Organization

  18. Object-oriented Storage

  19. Important ADS concepts • Workgroup AWindows 2000 workgroup is a logical grouping of networked computers that share resources, such as files and printers, and maintain a local security database, which is a list of user accounts and resource security information for the computer it is on. • Domain A Windows 2000 domain is a logical grouping of networked computers that share a central directory database, which contains user accounts and security information for the domain.

  20. Important ADS concepts • Domain Tree and Forest Adomain tree refers to a hierarchical grouping of domains that share a contiguous namespace, a common schema, and a common global catalog. A domain forest is a collection of two or more domain trees that do not share a contiguous namespace, but do share common schema and global catalog. • Namespace A collection of unique domain names.

  21. Important ADS concepts • Object and Organizational unit An object is a representation of a network resource, including users, computers, printers, and so forth. Organizational unit is an object that can hold other objects. • Multimaster replication The process by which Active Directory domains replicate with each other and resolve conflicting updates. • Lightweight Directory Access Protocol (LDAP) An Internet standard by which Active Directory clients and servers communicate.

  22. Benefits of Active Directory Service • Simplifies management- • Administrators have a single point of management for user accounts, clients, servers and applications • Administrators can delegate specific administrative privileges and tasks to individual users and groups to make better use of system administration resources • Strengthens security • It supports a number of authentication mechanisms used to prove identity upon logon to Windows 2000 • It support a fully integrated public key infrastructure and Internet secure protocols to let organizations securely extend selected directory information beyond their firewall to Extranet users and e-commerce customers

  23. Benefits of Active Directory Service • Extends interoperatbility • Expose all of the Windows 2000 directory features through standards-based interfaces. • It provides a development platform for directory-enabled applications. • More efficient usage of resources • Centralized security control and shared logon information saves the trouble of creating security-admin functions of each specific system • Users are exempted of the headache of maintaining multiple security information within a single domain

  24. How to implement ADS • LDAP ??? • Multi-Platform (Unix, Windows NT, OS2 and IBM mainframes) • Multi-Vendor support (Microsoft, Netscape, Sun and Novell) • Common standard • Centralizes the entry and management of personal data like name, phone number, and supervisor • Centralizes the location of user ID and passwords for computer systems • Provides the Simple Authentication and Security Layer(SASL) providers, and the Secure Socket Layer(SSL) Protocol • Centralizes the procedure for determining the status and role of an individual in the organization • Centralizes the lookup of names, addresses, phone numbers and other ‘white page’ information

  25. Summary • Directory Services are essential to daily life in a networked world • Personal information that is needed for the running of any organization is being kept in many separate systems • Centralized directory services can improve productivity and increase security while reducing management overhead

More Related