WIN.MIT.EDU  Where are we today  Related services  Current enhancements  Some future enhancements  SharePoint  Panel Discussion.

Slides:



Advertisements
Similar presentations
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Advertisements

 This session details common scenarios for deploying Office 365 services. Office 365 provides a breadth of capability, but often there is a key scenario.
File Server Organization and Best Practices IT Partners June, 02, 2010.
Windows Deployment Services WDS for Large Scale Enterprises and Small IT Shops Presented By: Ryan Drown Systems Administrator for Krannert.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
An overview of IS&T's Citrix An overview of IS&T's Citrix Architecture and Applications Architecture and Applications Network & Infrastructure Services.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.
What do User-Centric deployments mean for OSD NE Ohio System Center User Group February 2012 Jason Condo
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
SP2 Mikael Nystrom. Agenda Översikt Installation.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
Active Directory Lecture 3 – Domain Services Primer.
WCA-B324 Get Up!!! YAAAWWWN! App-V 5.0 Get Ready for… Are You Ready?
31/10/2000NT Domain - AD Migration - JLab 2000 NT DOMAIN - ACTIVE DIRECTORY MIGRATION Michel Jouvin LAL Orsay
Active Directory: OU Administration December 17th, pm Daniels 407.
Overview of Active Directory Domain Services Lesson 1.
Introduction to Active Directory December 10th, pm Daniels 407.
Changing the Way Systems are Deployed 1. 2 * Ghost since 1999 * Almost 4500 licenses * Prior to 2007 license count increase of 5% or greater a year *
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Two Deploying Windows Servers.
Hands-On Microsoft Windows Server 2008 Chapter 2 Installing Windows Server 2008.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Tim Vander Kooi Systems
Module 8 Configuring and Securing SharePoint Services and Service Applications.
Chapter 7: WORKING WITH GROUPS
Windows 2003 Overview Lecture 1. Windows Networking Evolution Windows for Workgroups – peer-to-peer networking built into the OS Windows NT – separate.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
A detailed look at the Microsoft Windows Infrastructure at UWE including Active Directory (AD), MIIS, Exchange, SMS, IIS, SQL Server, Terminal Services.
Harris Schneiderman Account Manager Kloud Solutions.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Managing User Desktops with Group Policy
SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Workstation Imaging Process Overview Thomson Reuters –Manoj Shah –Mike Bowers –Curt Ricard –Sangkhone Stoltz –Joe Ness March 26 th, 2009.
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Scaling NT To The Campus Integrating NT into the MIT Computing Environment Danilo Almeida, MIT.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Microsoft Management Seminar Series SMS 2003 Change Management.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Microsoft Virtual Academy Preparing for the Windows 8.1 MCSA Module 5: Managing Devices & Resource Access.
FROM MIT KERBEROS TO MICROSOFT ACTIVE DIRECTORY The Pennsylvania State University’s move from a lower case MIT Kerberos realm to a Standard Microsoft Active.
Introduction to Active Directory
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
Automating Installations by Using the Microsoft Windows 2000 Setup Manager Create setup scripts simply and easily. Create and modify answer files and UDFs.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
© ExplorNet’s Centers for Quality Teaching and Learning 1 Describe applications and services. Objective Course Weight 5%
Planning Server Deployments Chapter 1. Server Deployment When planning a server deployment for a large enterprise network, the operating system edition.
Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
MED-V - Managing virtual PCs for IT Pros
WIN.MIT.EDU Update Where are we today Related services
People-Centric Management
Active Directory Administration
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Access and Information Protection Product Overview October 2013
WIN.MIT.EDU Update Where are we today Related services
SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM
Preparing for the Windows 8.1 MCSA
John Taylor, Deputy CISO Martin Myers, IT Architect
Presentation transcript:

WIN.MIT.EDU  Where are we today  Related services  Current enhancements  Some future enhancements  SharePoint  Panel Discussion

Where are we today  Domain has been running since 2001, single forest model Initially with the release of Windows 2000 Active Directory, Microsoft recommended the use of a dedicated forest root domain, MIT did not follow this model and deployed a single forest model. A number of years later Microsoft retracted the dedicated forest root model in favor of the single forest model MIT was able to address the security concerns the dedicated root model was intended to provide while avoiding security issues found in some multi-domain models  Integration with MIT Kerberos, single sign-on User accounts are mapped to MIT Kerberos principals Cross-Realm tickets are copied from MS LSA cache at logon to the MIT Kerberos cache in Kerberos for Windows Requirement to have host SPN record in mit.edu namespace

Where are we today  Integration with Moira Users - Centralized identity management, OU admins manage groups Groups – Manage access to resources via group memberships Computers – host record in moira is for OU mapping  not DNS dependent Container Hierarchy – Computer to OU mapping  Preserves OU assignment across OS reinstalls or hardware replacement.  No need to pre-stage computer objects in Active Directory  MITnet DNS No need to run Microsoft specific DNS services Active Directory does not record the address of client computers Domain controller DNS records are stored in a separate DNS subdomain win.mit.edu

Where are we today  Original design similar to Athena model except that container’s are more of bare-bones build your own The Athena model was a standard configuration and software set while the WIN domain provides a baseline framework then allows OU admins to modify computer policies and software distribution The WIN domain also provides support for hosting departmental servers in dedicated server OU’s with the ability to configure server specific policies  User home directories Home directories in DFS with Previous Versions support Users files are available via multiple computers Users files and some applications are available via Citrix including support for tablets such as iPad

Related services  WAUS – Windows Automated Updated Services MIT repository for patching of Microsoft products In service since 2004 Allows testing of new updates before release to the community  Citrix Virtual application delivery to cross platform clients In service since 2003 Now running on XenApp6, Presentation Server 4.5 being phased out  Altiris Hardware and Software Inventory collection In service since 2007 Upgraded to version 7, adding Software Deployment and patching of third party products

Related services  McAfee ePO: Enterprise Policy Orchestrator Centralized management of McAfee products, In service since 2009  PXE Boot installation services Originally RIS, in service 2002 WDS, supporting Vista, Windows 7, server 2008, since 2008 LiteTouch - new  KMS: In service 2007 Campus Wide Activation of Windows OS and Office Products  PCI Compliant environment for Merchant Systems managed by ePO (2009)  Terminal Server Licensing RDP CAL licensing for Terminal Server and Citrix  Casper – Mac management

Current enhancements  Password Synchronization from MIT Kerberos Implemented in 2010 for Secure MIT WiFi Authentication  Citrix Upgrade to XenApp Server 6 on Server 2008 R2 Addition support for mobile devices such as iPad’s  Altiris Adding software deployment and phasing out GPO deployment Adding patching of 3 rd party software such as Adobe and Firefox  PXE: LiteTouch deployment Adding LiteTouch deployment to WDS as a replacement for Ghost Ability to pick software bundles and automatic joining to AD  AD Upgrades: Upgrading to 2008 R2  KfW and Perl Upgrades domain wide (now opt-in)

Some future enhancements  Microsoft ADFS (AD Federation Services) Enhance integration with other MIT systems or providers  Microsoft AD LDS Integration Run your own Windows based LDAP instance Import Active Directory data Supplement your own principals for non-MIT users SharePoint integration  Native Windows Authentication Model Can we retire the cross-realm model with MIT Kerberos and authenticate just against Active Directory or related services What are the dependencies  Applications: SAP, etc.  Manually getting MIT Kerberos tickets  PowerShell scripts Moving away from Perl and VB to PowerShell post retirement of XP

Some future enhancements  New Container Mapping models Can we manage OU’s and container mapping natively in AD What would we lose without the Moira integration Would it easier, more difficult, or the same amount of effort to use  Which tools or processes are more straightforward for an OU admin new to MIT What are the dependencies attached to making such a change  Software distribution / wince  SPN’s and cross-realm authentication  Bit Locker Encryption Should we move to Bit Locker for encryption instead of PGP Built into the Windows OS Does it meet the business requirements How does it compare in ease of use and administration MDOP (Desktop Optimization Pack) Advanced Bit Locker Tools  Covered under campus agreement

Some future enhancements  VDI IS&T is currently building a production like development environment Ability to use Virtual Terminals instead of Desktop computers Supports access via traditional clients  XenApp6 Support for streaming cached applications to clients  Windows 8 and UAC The UAC is off in order to address some KfW compatibility issues. Windows 8 requires the UAC to be on to run most Metro apps. Change in the user experience when clients receive UAC prompts  Cloud Integration ADFS may facilitate integration with certain services  SharePoint Central SharePoint services

SharePoint  Work on SharePoint is currently focused in two areas Well documented guidelines for integrating departmental SharePoint servers in WIN Design for a central service  Authentication methods and practices, pros and cons Windows authentication Forms based authentication Federated services  Directory service options Active Directory AD LDS (your own LDAP instance)  Import Active Directory data  Supplement your own principals for non-MIT users Database authentication  Central Service More than one service level for departments, teams, etc. Mounting document repositories in Outlook Office Web Apps

Panel Discussion  What are your comments and questions regarding current features and how they can be improved  What would be the impact of the suggested future enhancements and changes on how you use the WIN domain  What would be on your wish list for features and/or changes

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.