Preparing Domain and Group Structure Essay

lively Directory award ServicesActive Directory Certificate Services Active Directory Certificate Services (AD CS) provides customizable services for issuing and managing certificates in software security systems that use public key technologies. You evict use AD CS to create unmatched or more certification authorities (CA) to receive certificate requests, verify the training in the requests and the identity of the requester, issue certificates, revoke certificates, and publish certificate invalidation entropy. Applications supported by Active Directory Certificate Services include Secure/Multipurpose Internet Mail Extensions (S/MIME), secure wireless net profits, virtual private net incomes (VPN), IP security (IPSec), Encrypting register System (EFS), smart card logon, Secure Socket Layer/Transport Layer Security (SSL/TLS), and digital signatures.Active Directory field of force ServicesActive Directory Domain Services (AD DS) injects in hurlation about substance abusers, computers, and separate devices on the network. AD DS helps administrators securely manage this information and facilitates resource sharing and collaboration mingled with users. AD DS is too required to be installed on the network in order to install directory-enabled applications such as Microsoft Exchange horde and for applying other Windows Server technologies such as Group Policy.Active Directory Federation ServicesActive Directory Federation Services (AD FS) provides Web single-sign-on (SSO) technologies to authenticate a user to denary Web applications that use a single user account. AD FS accomplishes this by securely federating, or sharing, user identities and permissions, in the form of digital claims, between checkmate organizations.Active Directory Lightweight Directory ServicesOrganizations that drive home applications which require a directory for storing application data fanny use Active Directory Lightweight Directory Services (AD LDS) as the data store. AD L DS runs as a non-operating-system service. Therefore, AD LDS does not require deployment on a domain controller. Running as a non-operating-system service allows seven-fold instances of AD LDS to run at the same(p) time on a single master of ceremonies, and separately instance back end be configured independently for servicing multiple applications.Active Directory Rights Management Services (AD RMS)Active Directory Rights Management Services is information protection technology that works with AD RMS -enabled applications to help safeguard digital information from unauthorized use. Content owners can define exactly how a recipient can use the information, such as who can open, change, print, forward, or take other actions with the information. Organizations can create custom usage rights templates such as Confidential Read-Only that can be applied directly to information such as m unmatchedtary reports, product specifications, customer data, and e-mail messages.Application Se rverApplication Server provides a complete solution for hosting and managing high-performance distrisolelyed business applications. Integrated services,such as the .NET Framework, Web Server Support, Message Queuing, COM+, Windows Communication Foundation, and Failover Clustering support improve productivity throughout the application life cycle, from design and development through deployment and operations. energetic Host Configuration Protocol ServerThe Dynamic Host Configuration Protocol (DHCP) allows servers to assign, or lease, IP addresses to computers and other devices that are enabled as DHCP clients. Deploying DHCP servers on the network automatically provides computers and other TCP/IP establish network devices with valid IP addresses and the additional configuration parameters these devices need./these are known as DHCP options, which allow them to consociate to other network resources, such as DNS servers, WINS servers, and routers.DNS ServerDomain Name System (DNS) pro vides a standard method for associating names with numeric Internet addresses. This lets users uphold to network computers by using easy-to-remember names instead of a long series of numbers. Windows DNS services can be integrated with DHCP services, eliminating the need to add DNS records as computers are added to the network.Fax ServerFax Server sends and receives faxes, and lets you manage fax resources such as jobs, settings, reports, and fax devices on this computer or on the network.File ServicesFile Services provides technologies for storage management, file replication, distributed namespace management, fast file searching, and streamlined client access to files, such as UNIX-based client computers. Hyper-VHyper-V provides the services that you can use to create and manage virtual computing environments and their resources. Virtual computers operate in an isolated operating environment. This lets you to run multiple operating systems at the same time. You can use a virtua lized computing environment to improve the efficiency of your computing resources by using more of your hardware resources.Network Policy and glide slope ServicesNetwork Policy and Access Services delivers many dissentent methods to giveusers local and remote network connectivity, to connect network segments, and to allow network administrators to centrally manage network access and client health policies. With Network Access Services, you can deploy VPN servers, dial-up servers, routers, and 802.11-protected wireless access. You can also deploy rung servers and proxies, and use Connection Manager Administration Kit to create remote access profiles to let client computers to connect to the network. target and Document ServicesPrint and Document Services enables you to centralize print server and network printer management tasks. With this role, you can also receive scanned documents from network scanners, and route the documents to a share network resource, a Windows SharePoint S ervices site, or to e-mail addresses.Remote Desktop ServicesRemote Desktop Services provides technologies that enable users to access Windows-based programs that are installed on a remote desktop server, or to access the Windows desktop itself, from almost any computing device. Users can connect to a remote desktop server to run programs and to use network resources on that server. Web Server (IIS)The Web Server (IIS) role in Windows Server 2008 R2 lets you share information with users on the Internet, an intranet, or an extranet. Windows Server 2008 R2 delivers IIS 7.5, a unified Web platform that integrates IIS, ASP.NET, and Windows Communication Foundation.Windows Deployment ServicesYou can use Windows Deployment Services to install and configure remotely Windows operating systems on computers that throw Pre-boot Execution Environment (PXE) boot ROMs. Administration overhead is decreased through the implementation of the WdsMgmt Microsoft Management Console (MMC) snap-in that ma nages all aspects of Windows Deployment Services. Windows Deployment Services also provides end-users an go consistent with Windows Setup.Windows Server Update ServicesWindows Server Update Services allows network administrators to specify the Microsoft updates that should be installed, to create separate groups ofcomputers for different sets of updates, and to obtain reports on the compliance levels of the computers and on the updates that must be installed.Organizational Units (OUs) leave behind be set up for from severally one location. There ordain be two OUs for each management and employee. These OUs give be used to control user access to resources and login. Administrators will be able to move users through the organization if their roles change without having to interest their accounts. Kudler Fine Foods explosive growth has brought the company to the point where it is time to shift paradigms to a new, modern network and information technology infrastructure. The hin dquarters of this new Infrastructure is going to be Windows Server 2008 R2 (W2k8R2).W2k8R2 is able to maximize IT efficiencies and security using the Active Directory system of administration and organization. It uses a forest-based system which we will use to efficiently manage Kudlers multiple existing and future locations.The root of the Kudler domain will be physically located in La Jolla at Corporate Headquarters. It will be named kudler.com. The La Jolla branch Domain Controller will be lajolla.kudler.com. Each subsequent branch will also have a Domain Controller, also in the root kudler.com domain, and also named its location. Del Mar will have delmar.kudler.com as its DC and Encinitas will have encinitas.kudler.com as its local DC.Each DC will hold a copy of the global catalog for fault tolerance purposes. This will enable each location to provide login services in the event that the contact lens to embodied headquarters is broken.Having a single domain with Domain Controll ers spread out at each location will make security maintenance a simpler task. With only one domain, connected via site links, a single administrator can push security policies to remote locations. This enables lower administration costs because each site does not require an admin on payroll. This model also allow corporate to checker that proper policies are being implemented, and followed, at all locations.Another advantage of this model is that users only need to be input in to one Active Directory and they will be able to access their login at any authorized company location. Authorized locations will be enforced with Organizational Units (OUs). Users will be placed in OUs that signify what resources they are allowed to access. The Corporate OU will be allowed to login at any location. Each store will also have an OU named for them, and employees at those stores will only be able to log in at their store. A benefit in ease of administration is that if a user moves stores, they do not need a new account. They only need to be moved in to the new applicable OU.In order to ensure the system runs smoothly there will be new ongoing Management Tasks. These will ensure that the system is kept up to date and that requisite legal and security requirements are met. It will be up to Kudler Management to determine the form requirements, or authorize P&G to draft them, but the follow should be considered at a minimum1) New User Form This will be completed at employee onboarding. It will contain a Notice of Monitoring and Proper Use rules so that in the event of any misconduct by the employee legal action can take place. It will also give the system administrator all the information needed to create the users account and place them in the proper OUs. When the form is completed it should be faxed (since it requires a signature) to headquarters immediately for action.2) Employee Transfer Form This will be completed if an existing employee moves from one store to another. This will be used to move the employees account from their existing OU to the new proper one. It will include things like username, catamenia location, new location, and effective date. Store managers can complete it online and email it to corporate administrators.3) Employee Termination Form This form will be sent from a store manager to terminate an employees access to the network. It will contain the username, current location, and effective date.4) Active Directory accompaniment A procedure will need to be vetted that backs up the current Active Directory country and verifies it. The process periodicity will need to be determined as well as the backup location. We recommend that it be completed at least weekly and the backup be take overd to each ofthe company sites. This ensures that in the event of a Active Directory malfunction that all users, group policies, and computer accounts can be restored. The purpose of replicating it to each site is so that if any site is destr oyed, the other sites still have it. This is less costly than dedicated offsite storage.5) Business Data Backup A procedure for business data, ie invoices, billing statements, payroll, personnel files, inventory control, etc, must be created as well. Like the AD Backup, we recommend that it be replicated to each site, and for the same reasons. However we recommend that the periodicity of this backup be done at least daily, possibly even hourly, due to the extremely high prize of the data to the business. P&G can begin implementation immediately if these methods are acceptable to Kudler.Kudler Fine Foods new IT Infrastructure is based on Windows Active Directory. Active Directory requires properly configured Domain Name Services (DNS) in order to function. We will be configuring Active Directory Integrated DNS in the new Infrastructure rollout.While DNS and Active Directory naming conventions can be the same, they do not necessarily HAVE to be the same. We will be using a tiered app roach to DNS that will not directly mimic the AD naming convention. The tiers will be based on geographic location, unconnected the AD naming convention that is unified.The DNS hierarchy will be arranged like thisAs previously discussed, each store will have a Active Directory Domain Controller as well. There is no need for Read-Only Domain Controllers (RODCs) in Kudlers architecture. Each stores AD Domain Controller will host a copy of the Global Catalog. This will ensure that in the event of a site link outage that each store is still able to process logins.Active Directory Sites and Services will handle domain Controller Replication natively. Each store will be designate a network subnet. That subnet will be entered in as the network ID for that stores site. SinceKudler has high speed links at all current sites, replication will be set to occur at all times, using high-bandwidth. A site-link called CA-Intra-State will be created and used for these connections.The strategy will be different for new stores outside California. Each new state that Kudler expands to will have a single location connected to La Jolla via a fast link. This location, like those in California, will be set to to always replicate using high-bandwidth. A new site-link for each state will be created called StateX-Corp-Sync.Where things differ now is that each subsequent site in that new state will have a low-speed connection the state hub. A site link called StateX-Intra-State will be created, and each site in that state will be added to that link. It will be set to a low-speed link and told to only replicate when needed. This will preserve bandwidth but still ensure that remote sites get updates from corporate, albeit at a slower pace.If Kudler continues to grow past two or terce states, it would be worth looking at regionalizing so that La Jolla does not have to process all the load.ReferencesKudler Fine Food. (2013). Retrieved fromhttp//https//ecampus.phoenix.edu/secure/aapd/cwe/c itation_generator/web_01_01.asp Morimoto, R., Noel, M., Droubi, O., Mistry, R., & Amaris, C. (2010). Windows Server 2008 R2 unleashed. Indianapolis, IN Sams.Panek, W. (2011). MCTS Windows Server 2008 R2 complete study guide (exams 70-640, 70- 642 and 70-643). Indianapolis, IN Wiley Technology.