StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Role of Lightweight Directory Access Protocol - Speech or Presentation Example

Cite this document
Summary
The paper "The Role of Lightweight Directory Access Protocol" suggests that secure LDAP ensures data encryption by Kerberos and other popular encryption algorithms. The given protocol is a communication standard that provides a communication channel for the clients in a directory service. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.8% of users find it useful
The Role of Lightweight Directory Access Protocol
Read Text Preview

Extract of sample "The Role of Lightweight Directory Access Protocol"

? Full Paper Introduction to Active Directory Microsoft Active Directory operates in a client/server centralized environment, where the administration and configuration is managed from a single point. The secure Lightweight Directory Access Protocol (LDAP) ensures data encryption by Kerberos and other popular encryption algorithms. The Light Weight Directory Access Protocol is a communication standard that provides a communication channel for the clients within a directory service. A comprehensive definition of LDAP is defined as “Lightweight Directory Access Protocol, a protocol which helps find people, computers and other resources on a network. Designed to work with existing address-book standards and improve compatibility between widely differing systems, the ldap standard was adopted by the ietf in 1997 and now forms the basis of many white-page directories on the web. It has also been incorporated directly into some software programs and operating systems, making it possible to find e-mail addresses without visiting a directory site” (Ldap. 2003). LDAP was established after X.500 protocol, which was also a directory service standard protocol. However, X.500 incorporated high overhead and consequent dawdling response due to heavy X.500 clients. Consequently, keeping in mind the overheads of X.500 slow response, Light Weight Directory Access Protocol (LDAP) was created. LDAP is implemented for both Microsoft Windows and Linux / UNIX clients. In order to make LDAP operational for Linux / UNIX, windows active directory configuration is required. LDAP is proficient in terms of accessing directory information due to integration of a designed database. The architecture integrates the security protocols including Kerberos that is defined as “An access control system that was developed at MIT in the 1980s. Turned over to the IETF for standardization in 2003, it was designed to operate in both small companies and large enterprises with multiple domains and authentication servers. The Kerberos concept uses a "master ticket" obtained at logon, which is used to obtain additional "service tickets" when a particular resource is required” (Gallaher, Link, & Brent R. Rowe,). Kerberos provides authentication and authorization. Moreover, LDAP services provide, automated imitation of information to multiple workstations, providing towering performance, redundancy and elevated availability. In order to provide elasticity wile storing data, extensible schemas are incorporated. The protocols including Kerberos and LDAP are compatible to various system platforms due to standardization (Likewise storage services). However, LDAP implementations with vendor-defined directories are not efficient with the Windows environments, resulting in management of several directories and store identifications. Active directory is “an implementation of LDAP directory services by Microsoft for use in Windows environments. Active Directory allows administrators to assign enterprise-wide policies, deploy programs to many computers, and apply critical updates to an entire organization. An Active Directory stores information and settings relating to an organization in a central, organized, accessible database. Active Directory networks can vary from a small installation with a few hundred objects, to a large installation with millions of objects” (Active Directory. 2007). Few checklists are applicable including the network connectivity testing and raising the Active directory domain functional level to Windows 2003. The business benefit focusing on business continuity is also managed efficiently, as the user profiles along with sensitive data is stored in centralized Active directory servers. In case of a system failure, or crash, data can be recovered from user profiles to a new system. Moreover, total cost of ownership is also decreased, as it can be configured and managed by a centralized location. Furthermore, effective IT resource management is carried out via the entire network that will provide a certain information criteria for business to work on. Information criteria may include confidentiality, integrity, availability, effectiveness and reliability. As a result, "A directory service presents the opportunity to consolidate the number of repositories in use and realise a number of benefits: reduced administrative overheads, enhanced operational efficiency and tighter control over the security of user information" (Mohamed, 2005). The forest Structure for FPF main office located in New York City and satellite offices in Houston, Indianapolis, and Los Angeles is demonstrated in Fig 1.1 Figure 1.1(Forest Structure) If the server, holding the PDC Emulator Flexible Single Master Operating Roles (FSMO) role has inexplicably gone offline, there is a requirement of seizing of domain naming master role to a standby FSMO server. However, at the initial point, repadmin.exe will be executed, as it will provide information associated with the synchronization status. Repadmin is a tool that is already present within Windows Server 2008. Likewise, it is a command line tool that is utilized by administrators to determine replication topology, establish replication topology and force replication on the entire directory (Posey, n.d). Moreover, the tool can be used for monitoring the forest of an Active Directory. The PDC emulator server is the busiest of them all and handles all the master operations, as it is the only server that is labeled as a ‘master’ (Price, Scott Fenstermacher, & Brad Price, 2008). The name of this server confuses new network administrators, as they determine that this role is only needed in a situation where all NT backup domain controllers become offline. Moreover, the PDC emulator server enables the replication of directory information to Windows and the two more functions of a PDC emulator server are time synchronization and global policy centralization (Price, Scott Fenstermacher, & Brad Price, 2008). In case of a PDC emulator server mal functioning or not working correctly, the process of processing logon client request for the clients of old operating systems will not take place. For addressing network outage, a plan is required. Figure 1.2 (Domain Connectivity) Establishing a Global Catalog and FSMO Role Assignment Server Site Domain Global Catalog Available or Not Role Assignment DC 1 New York A DC 2 New York A DC 3 New York A DC 4 New York B DC 5 New York B DC 6 Houston C DC 7 Houston C DC 8 Los Angeles D DC 9 Indiana Polis B DC 10 Indiana Polis B Figure 1.2 (FSMO ROLE PLACEMENTS) Proposed Solution Server Site Domain Global Catalog Available or Not Role Assignment DC 1 New York A Available Domain Naming Master, Schema Master DC 2 New York A RID Master DC 3 New York A PDC Emulator, Infrastructure Master DC 4 New York B Available RID Master DC 5 New York B PDC Emulator, Infrastructure Master DC 6 Houston C PDC Emulator, Infrastructure Master DC 7 Houston C Available RID Master DC 8 Los Angeles D Available RID Master, PDC Emulator, Infrastructure Master DC 9 Indiana Polis B Not Applicable DC 10 Indiana Polis B Not Applicable Figure 1.3 (FSMO ROLE PLACEMENTS) However, for unavailability of the two other FSMO roles, a contingency plan must be created that will incorporate a recovery method in terms of steps for the schema master, Infrastructure Master, RID Master, Domain Naming Master and PDC Emulator role. Every role must incorporate an established list in case of role migration or seizure. For addressing data replication issues for augmenting replication efficiency within the network, network administrators can deactivate site link bridging. The site link bridge establishes a logical connection via two site links that provides a transitive path via two disconnected sites by utilizing the interim site. The physical connectivity is applied to the interim site for the persistence of Intersite Topology Generator (ISTG) (Sobh, n.d). Likewise, the bridge does not determine that the domain controller located in the interim site will provision a replicated path. However, in case of replicating a directory partition, hosted by a domain controller located at the interim site, there is no requirement of site link bridge (Sobh, n.d). The deactivation of site Link Bridge along with manual construction of the adequate link bridge works, as all the sites may not be 100% routed, as a result, manual site links can be established. However, prior to establish a site link, there is a requirement of deactivating site link bridging. If a Wide Area Network (WAN) connection is available at the remote site of FPF, the global catalog server located at a remote site will enhance the performance of logon times, as the users will be authenticated in a shortest possible time. For this reason, the location and configuration of a global catalog server will reduce excessive traffic on the network. Likewise, along with robust server response times, applications associated with network authentication and data transfer or exchange will only become efficient. All the mentioned reasons can facilitate a network administrator to take a decision of placing a global catalog server at remote sites, as the server will replicate the functionality of the secondary domain controller (Shapiro, ). However, there is also one drawback of this scenario, in spite of a replicated global catalog server located at a remote site; authentication is still required for all the users logging in the directory services. In case of unavailability of a global catalog server at a remote site, no one will be authenticated and no one can log in the network. Therefore, it will be considered as a 100% downtime of the whole remote office that are dependent on WAN connections used for establishing connectivity with the PDC, in case of a link goes down (Shapiro, ) References Active directory.(2007). Network Dictionary, , 21-21. Gallaher, M. P., Link, A. N., & Brent R. Rowe. Cyber security: Economic strategies and public policy alternatives Edward Elgar Publishing. Ldap.(2003). Essential Internet, , 121-121. Likewise storage services Retrieved 4/16/2012, 2012, from http://www.likewise.com/products/likewise_storage_services/index.php Mohamed, A. (2005). Understand directory services to maintain control of network information and users. Computer Weekly, , 30-32. Posey, B. The real MCTS/MCITP exam 70-649 prep kit: Independent and complete self-paced solutions Syngress. Price, J., Scott Fenstermacher, & Brad Price. (2008). Mastering active directory for windows server 2008 . Indianapolis, Ind.: Wiley Pub. Sobh, T. Innovations and advanced techniques in computer and information sciences and engineering Springer. Shapiro, J. R. Windows server 2008 bible Hoboken, N.J. : Wiley ; 2008. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Fast Paced Financial Term Paper Example | Topics and Well Written Essays - 2000 words”, n.d.)
Fast Paced Financial Term Paper Example | Topics and Well Written Essays - 2000 words. Retrieved from https://studentshare.org/information-technology/1447172-fast-paced-financial
(Fast Paced Financial Term Paper Example | Topics and Well Written Essays - 2000 Words)
Fast Paced Financial Term Paper Example | Topics and Well Written Essays - 2000 Words. https://studentshare.org/information-technology/1447172-fast-paced-financial.
“Fast Paced Financial Term Paper Example | Topics and Well Written Essays - 2000 Words”, n.d. https://studentshare.org/information-technology/1447172-fast-paced-financial.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Role of Lightweight Directory Access Protocol

Practical UNIX Security LDAP

A comprehensive definition of LDAP is defined as “lightweight directory access protocol, a protocol which helps find people, computers and other resources on a network.... The Light Weight directory access protocol is a communication standard that provides a communication channel for the clients within a directory service.... 00 protocol, which was also a directory service standard protocol.... Moreover, it also solidify network security by integrating role based access and Kereberized authentication....
7 Pages (1750 words) Essay

Network Management Tools

The big burst through that enabled the streaming revolt was the implementation of a new Internet protocol called the User Datagram protocol (UDP) and new indoctrination modus operandi that compressed audio files into tremendously small packets of data.... More up to date protocols for instance the Real Time Streaming protocol (RTSP) are making the transmission of data even better at your job (Tenenbom, 1996)....
22 Pages (5500 words) Scholarship Essay

Computer networking and management

(Herman 2006) These tools can be as simple as blocking certain domains from access using open dns or as sophisticated as virus and spyware protection software products.... Constant changes to the network environment and the incredible traffic load from various sources of data request and exchange are challenging and sometime overwhelming to the network manager....
20 Pages (5000 words) Essay

Authorization and Access Control

The paper "Authorization and access Control" highlights that authorization is the best way of accessing, maintaining, and inserting data in a particular database in a secured manner or when database and resources are to be communicated then security is very necessary that is provided by authorization.... After completion of the authentication process, the process of authorization is executed, which permits the user to access the required resources through which the user could be identified....
9 Pages (2250 words) Essay

Global Information System

Most of the Global Information Systems owned by different organizations are only in the use of government officials and its access to the general public is prohibited but it's not the case in the World Wide Web.... "Global Information System" paper considers the two major Global Information Systems i....
6 Pages (1500 words) Coursework

Practical Windows Security: Role and Function of an Active Directory

If the user wants to make a new forest, a new domain or an additional domain controller in an existing domain, the role of the domain controller can be configured by installing an Active Directory.... By definition, the role of the domain controller is to store a specific domain directory partition compromising of information about the domain where it is present, as well as the schema and configuration directory partitions of the entire forest (Windows Server TechCenter, 2010)....
10 Pages (2500 words) Term Paper

The Benefits of Mail Server

… The Internet Message access protocol, Version 4 (IMAP4) and Post Office Protocol,Version 3 (POP3), are open Internet standards for retrieving mail from a server.... The Internet Message access protocol, Version 4 (IMAP4) and Post Office Protocol,Version 3 (POP3), are open Internet standards for retrieving mail from a server.... protocol server processes which route messages to clients using the specifiedprotocol(s).... Domains A domain is a logical grouping of directory information, suchas users, with centralized administrative access through aconfiguration node....
8 Pages (2000 words) Essay

Metropolitan Police Service

Today, most directories' access mode is lightweight directory access protocol (LDAP) based on X.... 00 protocol (Clercq & Grillemnmeier 2011, p.... In determining the best kind of technology to use to manage user identities, organizational leadership has to identify factors such as different kinds of data, the possible variety of identity stores, the levels of employees who access such systems.... In determining the best kind of technology to use to manage user identities, organizational leadership has to identify factors such as different kinds of data, the possible variety of identity stores, the levels of employees who access such systems....
6 Pages (1500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us