Campus Active Directory Update Jim Green, Academic Technology Services Victor Lounds, Administrative Information Services Dave Carter, College of Agriculture.

Slides:



Advertisements
Similar presentations
Agenda AD to Windows Azure AD Sync Options Federation Architecture
Advertisements

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Access Control Chapter 3 Part 3 Pages 209 to 227.
CORNELL Campus Active Directory Consolidation Campus IT Forum September 27, 2011 Andrea Beesing, CIT Infrastructure Division CORNELL.
Integration: Office 365 Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer Identity and Access Management, UW-IT.
1 Preparing Windows 2000 installation (Week 3, Wednesday 2/25/2006) © Abdou Illia, Spring 2006.
Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
UW Windows Infrastructure: Delegated OUs Brian Arkills Software Engineer, LDAP geek, AD bum, and Associate Troublemaking Officer Identity and Access Management,
Introduction to Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Windows 2000 Arizona State University Windows 2000 Infrastructure Mehran Yahya Information Technology Patricia M. Schneider Information Technology – East.
Colorado State University’s Active Directory Environment Presented by the ACNS Windows Group Windows Administrators Advisory Group Meeting Feb
Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.
Streamlining Support and Management through the Implementation of Active Directory Educause 2003 Mid-Atlantic Regional Gale D. Fritsche –
Enabling Cloud Services & Federated Authentication UPN & Infrastructure Changes Chris Pruess ITS AIS Directory & Authentication Services.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.
Active Directory Lecture 3 – Domain Services Primer.
Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.
Active Directory: OU Administration December 17th, pm Daniels 407.
Introduction to Active Directory December 10th, pm Daniels 407.
UW Windows Authentication Group Multiple forest scenario task force - Testing report and recommendations.
Update to TIMGroup January Outline Introduction Where are we now? Where are we going? What can be done to prepare? What are the options?
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Designing Active Directory for Security
Single Sign-On with Microsoft Azure
Active Directory Academic IT Directors December 6 th 2005.
NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID By Jonathan Higgins Presentation Template available from.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
World of Windows, Policies and Concerns Is it only getting worse?
Windows 2000 Presented to CCC by Pat Schneider May 23, 2001.
Windows 2000 University of Colorado. Background Limited enterprise services: MIT K5 in labs, modems and some desktops, starting directories now, no identifier.
W2K and Kerberos at FNAL Jack Mark
Scaling NT To The Campus Integrating NT into the MIT Computing Environment Danilo Almeida, MIT.
University of Michigan Directory Services Ellen Vaughan Mike La Haye
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Identity and Access Management Roadmap Presentations for Committee on Technology and Architecture March 21, 2012 Amy Day, MBA Director of GME IAM Committee.
FSU Metadirectory Project The Issue of Identity Management Executive Overview
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Some Thoughts and Questions on Centralized vs. Distributed I.T. Functions 1. (mainly questions) 2.Classroom / Faculty / Desktop support 3.Governance.
FROM MIT KERBEROS TO MICROSOFT ACTIVE DIRECTORY The Pennsylvania State University’s move from a lower case MIT Kerberos realm to a Standard Microsoft Active.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
7.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 7: Planning.
Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
AD.CAM.AC.UK An Active Directory For You!? Wednesday 28th May 2014.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
BUILDING A NEW ACTIVE DIRECTORY Smita Carneiro, GCWN Active Directory Systems engineer Purdue University.
Group policy.
UW Windows Authentication Group
Secure Connected Infrastructure
New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.
Guy D. Falsetti Sr. Systems Architect University of Iowa
City-wide Active Directory Project Town Hall II
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
ESA Single Sign On (SSO) and Federated Identity Management
ASU West Windows 2000 Environment
Identity Management at the University of Florida
Presentation transcript:

Campus Active Directory Update Jim Green, Academic Technology Services Victor Lounds, Administrative Information Services Dave Carter, College of Agriculture Matt Stehouwer, College of Natural Science

ATS Active Directory Update Jim Green Manager, Identity Management Team Academic Technology Services

Background Summer, 2009 – U. of Iowa visit by AIS and ATS upper management Proposal for ATS Identity Management-operated AD domain – w/Kerberos, LDAP/Directory services, Netid, Shibboleth Fall 2009 – research, setup for Computer Labs standalone domain – Penn State, U. of Iowa conference calls Spring, 2010 – ATS reorganization – ATS’s “services” domain, Mel Micke joins Identity Management

Short term goals Research to discover best practices for designing/operating AD infrastructure Support Windows login in the Computer Labs Evolve into a generalized institution-wide service offering – AD infrastructure for a centrally-supported MS Exchange service offering – Other authentication/authorization applications, e.g x Coordinate with AIS and other units Work toward a coherent plan

Computer Labs AD domain Standalone domain – To be replaced by proposed central AD domain Will be rolled out to all labs by Fall, 2010 Four domain controllers Populated with all MSU netids, not just current Licensed via machine CALs Authenticates via pass-through to MIT Kerberos – Kerberos registry patch applied to workstations

Tentative design proposals Top level domain Authentication with MSU netid and password – Pass-through or sync Populate with current faculty, staff, students, affiliates Populate with attributes needed for authorization – E.g. departments for x, etc. MS Exchange, other service offerings to be operated by ATS Systems & Infrastructure team Delegated management through Organizational Units

Coordination Activities Meetings with College of Agriculture and College of Natural Science AIS shared consultant’s report and information about their AD initiative Working group formed with representatives from Ag, Nat Sci, AIS, and ATS Joint testbed put up

Issues Competing priorities, notably including EBSP Licensing Is Identity Management the best location for this service? Organizational and policy logistics Security Design choices to best meet MSU institutional needs

AIS Active Directory Update Victor Lounds, Administrative Information Services

What has AIS learned from our Development Environment? After discussions with Microsoft AD support groups and contractors we were able to identify several issues A multi-domain forest does not scale A domain is not a security boundary Although an empty forest can separate higher level roles, it does not gain any additional functionality or reliability Single Forest / Single Domain

How can a centralized AD be managed? Establishing methods for Adding Removing Tracking changes Reporting Naming Conventions Establishing a Processes for Administrative Changes

What about Kerberos & Active Directory? MSUNet Kerberos authentication is a concern because of… o Password Management o AD / MSU Kerberos o Test o Q/A o Production

CANR and CNS Active Directory Update Dave Carter, College of Agriculture Matt Stehouwer, College of Natural Science

Sharing of Resources Exchange SharePoint Knowledge Datacenter Cost CANR and CNS Partnership

Exchange CANR Forest CANR Forest CNS Forest CNS Forest SharePoint One way trust Resource Forest FIM TMG FIM – Forefront Identity Manager

Shared DataCenter at Computer Center

ANR & CNS Environment

Campus Active Directory Under Testing

Campus AD Campus Resource Forest College Forest Exchange AD Servers MIT Kerberos FIM

Campus Active Directory Update Jim Green, ATS– Victor Lounds, AIS - Dave Carter, CANR – Matt Stehouwer, CBS –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.