The Multi-Agency Enterprise Active Directory Forest
Introduction Keith Kawamura Network Technologies Manager Department of General Administration Member of the EAD Resource Group
Session Goal To provide a better understanding of the State of Washington's Forest Environment.
What is a Forest? One or more domain trees that do not form a contiguous namespace. Forests allow organizations to group divisions that operate independently but still need to communicate with one another.
Major Benefits Economies of Shared Infrastructure Administration Technical support Installation Processes Trouble shooting Monitoring On going updates and reconfiguration
Active Directory Implementation 3 Forests WA.LCL – Production Forest WAT.TST – Pre-production – Any agency joining at a minimum must start here and keep a presence here after joining production forest. WAL.LAB – For base level of testing (Applications, Schema Changes, patches, join procedures, etc.)
Project History Win2K converges network and data base (Exchange 2000 uses the OS directory) LAN Managers group attempted to install in 1999 and not successful. Appeal to CAB Infrastructure Subcommittee 1999 CAB Pilot Winter 2000 recommended single forest for the state. Project Steering Committee formed - kickoff Fall 2000 Project completion June 2001
CAB Forest Objectives Create a State Forest Win2k Server environment and install the statewide root for agencies who want to join. Implement the first version of the Active Directory. Provide a foundation to allow shared applications / data. Establish governing policies for the state forest. Implement Exchange 2003
Project To Date Broad participation CAB authorized Governance model in practice Preparation for Exchange 2003
Perspective Washington state is a national leader Governance model is unique and robustdidnt come down from the top The project focuses on business results The quality is very high The project positions agencies for the future
CAB Agencies Enterprise Active Directory Steering Committee DIS Root Management EAD Resource EAD Application GroupDevelopers Enterprise Directory Governance Model
Win2k Steering Committee Participants: DSHS ESD DFI GA L&I OFM DOP DIS DOT DOL Observers: LEG ECY DOR DRS Chair: Phil Grigg
EAD Resource Group Responsible for network infrastructure, operations, and change management Interagency technical working group Develops project documents Makes recommendations to the Steering Committee Chair: John Ditto (DIS)
EAD Application Developers Two sets of responsibilities Startup and Ongoing Define Active Directory strategic direction and recommend direction to the Windows 2000 Steering Committee in three areas: Active Directory Schema Application use of the Active Directory Approval of applications that use Active Directory Chair: Gregg Arndt
Connected Agencies In Production DSHS, LNI, GA, DOP, ESD, DIS (Shared Services), WSP In Pre-Production DIS, OFM, DFI, HCA In LAB Forest DOH, DRS Petitioning to join SAO
DIS Executes decisions made by the Steering Committee Steering Committee recommendations are incorporated into the DIS service level agreement Operates the root domain structure DIS sits on the Steering Committee (DIS does NOT make forest decisions)
Forest Root Service Level Agreement (SLA) Forest Root Responsibilities Implement Steering Committee Policy Hardware and Software for the Root Domain 99.9% availability in Production Environment Production, Pre-production and Test Environment Follow Change Control Processes Root administration Provides Problem Management Contracts Vendor Technical Support 7/24/365
Forest Root SLA (cont.) Security Administration Implement all Security Policies set by Enterprise AD Steering Committee Protect Customers from unauthorized use of their intellectual property IPSec between all Domain Controllers Secure physical access Change Management
Forest Root SLA (cont.) Client Agency Responsibilities Maintain one active SLA per agency Hardware and Software for the Agency Child Domain Designated primary and secondary technical support staff Maintain participation in the Pre-Production Forest Follow all security procedures Follow all change control processes Adhere to Naming Conventions and Standards
Enterprise Forest Root Support Model Deputy Director, DIS
Multi-Agency Forest Benefits Ability to share applications and static data with agencies connected to the Active Directory Ability to delegate authority across agencies. OFM is reviewing this for their fiscal systems. Simplified security model Single Sign-on. – OFM is currently working on a proof-of-concept for non- compliant applications. Authentication/Authorization Backbone to reduce redundancy of Point solutions.
Security Emphasis Active Directory is the Yellow Pages of our network resources. The State of Washington as a single Enterprise. Secure the Data. Free the Users.
Benefits of an Enterprise AD Active Directory securely shares identity information statewide Reduced IT administration (Centralized Root) Supports delegation, and application development Joining the State forest is less costly and easier than going it alone (Leverage what is already established) Build the enterprise community
Forest Applications for Consideration Exchange 2003 (Note: Exchange 5.5 Support ends as of ) Archiving and Retention System (EARS) Mobil Messaging Ingress/Egress Virus Scanning FAX Services Automatic Distribution Lists Common Public folders Instant Messaging
Forest Applications for Consideration (cont.) Outlook Web Access State Wide Work Flow Automatic Organizational Charting Automatic Scan Book Updates Interagency Calendar View/Meeting Planner Single Sign on Human Resource Application
Summary CAB-approved, interagency project All decisions are made through the interagency Steering Committee Active Directory shares user and other information automatically Much of the work is already done and can be accessed at:
Thank you! Contacts Phil Grigg - Chair, Enterprise AD Steering Committee (360) Gregg Arndt - Chair, Forest Application Developers (360) Allen Schmidt – Project Manager, Single Sign-On Prototype (360) John Ditto – Chair, Forest Resource Group (360) (in the Bob Deshaye – Service Level Agreements (360) ( in the