ESI Active Directory Configuration - Essay Example

?ESI Active Directory Configuration Elliott’s Solutions Inc. finally decided on its IP Scheme, Domain DNS Configuration, and valued website to allow its many employees to access resources for greater productivity in many branches nationwide and to forthcoming new locations, and to facilitate the effort of customers to gather more information about ESI. It is time to design its new Active Directory and to define the corresponding policies. Top View or Forest ESI will have a single domain AD forest with centralized authentication and authorization. Security boundaries and specifications will be defined starting with the urgent requirements that will prevent cybercrime from forcing the entire network to start from scratch. The strategy of developing with precaution will allow all the officers and employees to become familiar with the actual implementation, without experiencing too much security threats from external sources.. First of all, the AD DS will be installed in Microsoft Windows Server 2008. Due to the rapid expansion of business operations, the aim will be to have three (3) Domain Controllers. This is to take the least probability of having to recover from backup files in case of technical troubles somewhere in the system. All branches will be connected by a single DNS name. Thus, from the Central Office of ESI.com, each branch will have a subdomain that employees can access after passing security authentication. Illustrated with a diagram below are the Servers /.Controllers and that the branches will access daily to be connected to a Single Forest, Single Domain startup design. (Rommel, Florian 2009a). All branches will access the server via Internet, more specifically by logging into the domain ESI.com. However, these servers can only share software but not printers and other devices that are within the branch vicinity. These are the three (3) controllers or servers for the entire network. One will serve as automatic backup. The 3rd should backup only after internal audit has double checked the active or real time backup data. For security purposes, the three servers will be located in a well-guarded, fireproof, temperature-controlled offices near the top 10 most trustworthy Executives. and where calamity cannot destroy them. Furthermore, one of them will be under daily audit by the IT Security Department. Servers will then link all the branches nationwide so that their computer work stations can share in the use of resources found in the centralized server. Note that only one server is mentioned because the other two are backup servers wherein one backup is most protected. It is foreseen that eventually, each branch will have to maintain a server of its own to handle activities that do not need to be strictly secured. “The AD DS role is what enables the server to act as Domain Controller.” says the System Administrator (2012). But the AD DS should first be installed. In Windows Server 2008, open Server Manager from the Quick Launch Toolbar icon, or by going to Administrative Tools.The next steps are as follows: Click “Roles” > “Add Roles” > Next > “Select Server Roles”> Click on Active Directory Domain Services.> Next> Confirm Selected Roles Installation> Wait for Installation Success> Doublecheck if AD DS got installed by going back to Server Manager. See Figure 2, 3 under Appendix. Once AD DS has been installed in Windows Server 2008, run DCPROMO as follows: Run> dcpromo > OK > Welcome to Active Directory Domain Services Installation Wizard > Next > Open system Compatibility > Next > Choose a Deployment Configuration > Select Create a New Domain > Be sure to type the exact Fully Qualified Domain Name (FQDN)., e.g. ESI.com > Set the Forest Functional Level. > Select additional Domain Controller Options by placing a check mark on the DNS Server.> Select DHCP > Continue until AD DS Installation is complete. When asked for a Directory Service Restore Mode Administrator Password, be sure to “control” and keep the password in writing for the time when the system might need to be restored. For the AD DS to completely install, the computer will ask to be restarted. In creating a new Active Directory, there is a checklist of things to consider, namely, Exact name of the DNS owned by ESI Number of Users in the all branches combined What is the bandwidth for authentication versus the prescribed bandwidth ? Who are the administrators of the system? Which server will be the Global Server? Who will handle the Flexible Single Master Operation (FSMO) roles The FSMO roles consist of (a) the Relative ID (RID) Master role, (b) the Infrastructure Master role, (c) the Primary Domain Controller (PDC) Emulator which synchronizes time, handles password changes, handles authentication failures, handles accounts that get locked, handles editing of Group Policies. (d) the Schemata Master Domain Controller who updates and modifies the scheme of the forest, and (e) Domain Name Master Controller who adds domains and links in the Active Directory. (Rommel, Florian 2009b). Group Policy Microsoft (2008) has certain requirements for Windows Server 2008 to be able to utilize the Group Policy preferences. Due to the length of those steps, Figure 4 (Appendix Section) was created. Definitely, the Remote Service Administration Tools (RSAT) will be installed in all computers to facilitate technical support via remote access. The Group Policy Objects that will be selected must first be approved by top management. Only employees of ESI may access files from the domain. There will be restrictions depending on what does not concern the user and what will be needed by the user. Authority limits will define who should have access to which files. All these can be done gradually. It is admitted that at the start, the rules will be strict in order to prevent the possibility of having to start all over again as a result of a “crash” or corrupted sets of hard drive which will cost the company substantial amounts if most computer hard drives have to be replaced or provided with a professional IT personnel who can remove all the corrupted files or fix them. However, as time passes and some level of familiarization is finally gained through actual implementation, centralization will be relaxed. Sites Only those related to work will be accessible to employees in computers connected to the servers. All websites containing Active X files or potentially dangerous downloads should be blocked. Trust IT Department will define all the highly trusted resource websites that can do no more to the files within ESI.com and will be held responsible for security breach as well as preventive measures to protect all sensitive files. Other departments have to be consulted. (Microsoft 2010) Authentication Methods “Windows Server 2008 uses Kerberos as the default authentication method…” according to Bender, Michael.(2009, p.393) In situations when it is not possible to provide authentication, IT may decide to utilize the NT LAN Manager Protocol. Disaster / Emergency Systems of Control As a matter of policy, ESI.com will not resort to any backup utilizing the Cloud Technology other than the Central Office backup facilities. This will prevent any 3rd party entity from breaking into the confidential files or any scammer/spammer and anonymouos cybercriminal from infiltrating the system and causing unnecessary troubles or threats to the business security. Definitely, there will be an IT Security Team who will be made responsible for various scenarios like sudden loss of power or cyber attacks. Summary To ensure long-term progress without being interrupted by system failures, downtimes, and too much focus on maintenance and repairs, the decision is to have a high-end set of Servers configured to maintain Active Directory. Those servers will be turned into Domain Controllers. And the DNS will be integrated with Active Directory. Domain Name System translates computer names into IP addresses and is capable of connecting computers to one another. It makes it easier for the server to find any of the client computers linked to the server. Policies of Active Directory will tend to be restrictive in the immediate term. Definitely, only employees may access business private files. The public will be allowed only those meant to inform them about ESI.com. This restrictive policy will eventually be relaxed after some time of implementations and the IT Department has already strengthened the entire system against various threats. What will be crucial for the short to medium term will be the ability of ESI Central Management to control operations positively by sharing some intangible yet valuable resources for its employees. For example, employees should not be disrupted by computer problems. Instead, their work should be facilitated by Head Office by the provision of adequate services for the maintenance of computers, for faster communications with branches, and to allow them to focus on their primary purpose for being employed. Also equally important will be the accessibility of great information to encourage potential clients to stay with ESI.com anywhere they may be around the country or outside the country. References Bender, Michael (2009). Microsoft Windows Server 2008: Network infrastructure Configuration. USA: Cengage Learning, March 2, 2009. p.393 Microsoft (2010). Active Directory Design Guide: Version 2.0.0.0. USA & UK: Microsoft Corporation and National Health Service, February 26, 2010. Rommel, Florian (2009a). Active Directory Design Principles – Part I. Microsoft Networking & Telephony. August 2009. Viewed October 1, 2012 @ http://www.packtpub.com/article/active-directory-design-principles-part-1 Rommel, Florian (2009b). Active Directory Design Principles – Part 2. Microsoft Networking & Telephony. August 2009. Viewed October 1, 2012 @ http://www.packtpub.com/article/active-directory-design-principles-part-2 System Administrator (2012). Installing Active Directory (Domain) in Windows Server 2008. SA Paravur, February 28, 2012. Viewed October 1, 2012 @ http://saparavur.blogspot.com/2012/02/installing-active-directorydomain-in.html Appendix Figure 1. Windows Server 2008 Service Manager Figure 2. WS2008 Active Domain Server Roles Figure 3. WS2008 AD DS Installed in Server Manager Figure 4. Conditions to Allow Use of Group Policy Preferences (Source: Microsoft 2008 http://technet.microsoft.com/en-us/library/cc731892(v=ws.10).aspx ) Read More