• No results found

Windows 2000 Active Directory Case Study

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Windows 2000 Active Directory Case Study"

Copied!
21
0
0

Loading.... (view fulltext now)

Download now ( 21 Page )

Full text

(1)

2 November, 2000 Windows 2000 Active Directory: An ETAC Recommendation presented by Ben Berry, CTO & Gary Walter, Dir. IT Communications Chart 1

A caring difference you can feel

Windows 2000

Windows 2000

Active

Active

Directory Case Study

Directory Case Study

presented to

presented to

Office of the CIO

Office of the CIO

Mark Gargett

Mark Gargett

Rick Skinner

Rick Skinner

Dan Robins

Dan Robins

Janet Smith

Janet Smith

prepared by

prepared by

Enterprise

Enterprise

Technology

Technology

Advisory Council

Advisory Council

Scott Denton

Scott Denton

(Alaska)(Alaska)

Jeff Springer

Jeff Springer

(Washington)(Washington)

Gary Russell

Gary Russell

(California)(California)

Ben Berry

Ben Berry

(Oregon)(Oregon)

Kirby Lott

Kirby Lott

(Health Plans)(Health Plans)

This document provides a “Solutions Framework” for the phased implement-ation of Windows 2000 and Active Directory throughout Providence.

hp

hp

ak

ak

ca

ca

or

or

wa

wa

ds

ds

wa wa.providence.org.providence.org ca

ca.providence.org.providence.org oror.providence.org.providence.org

hp hp.providence.org.providence.org ak ak.providence.org.providence.org

xyz

xyz

Xyz.org Xyz.org phsmsg phsmsg phsmsg phsmsg.providence.org.providence.org

(2)

A caring difference you can feel

Vision Statement

Corporate Network

Infrastr

uctu

re

Network

Standards

Integ

Voice-Data

rati

o

n

Security

Network

M

a

nagem

ent

Information / Databases

Windows 2000 Based

Applications

Windows 2000 Based

Applications

Access/Desktop

Enabling Tools

Exchange 2000

Enterprise

Enterprise

Infrastructure

Infrastructure

PHS will achieve standardization of its Enterprise

PHS will achieve standardization of its Enterprise

network operating system through a

network operating system through a

migration to Windows 2000, including

migration to Windows 2000, including

Active Directory as an enabling technology.

Active Directory as an enabling technology.

The successful implementation will

The successful implementation will

establish a reliable, supportable,

establish a reliable, supportable,

Internet standards

Internet standards

-

-

based foundation

based foundation

for supporting the delivery of rich

for supporting the delivery of rich

IT services and future growth.

IT services and future growth.

The migration is designed for

The migration is designed for

phased enterprise

phased enterprise

-

-

wide

wide

implementation to include

implementation to include

all regions on their own

all regions on their own

schedule throughout

schedule throughout

2001

2001

2002.

2002.

Business

Business

Goals

Goals

(3)

2 November, 2000 Windows 2000 Active Directory: An ETAC Recommendation presented by Ben Berry, CTO & Gary Walter, Dir. IT Communications Chart 3

(4)

A caring difference you can feel

Envisioned Goals

Desktop Services.

Reliable, stable, sustainable,

manage-able and cost efficient desktop services and the underlying

supporting infrastructure.

Leverage.

Leverage centralized enterprise class IT services

and minimize duplicate efforts and mistakes where technical

feasible and meeting the business needs of each region.

Strategic Services.

Establish strategic

level of IT Services, Standards and

Gover-nance across the Providence Health System

Organization to optimize services to our

(5)

2 November, 2000 Windows 2000 Active Directory: An ETAC Recommendation presented by Ben Berry, CTO & Gary Walter, Dir. IT Communications Chart 5

A caring difference you can feel

Domain Name Space (DNS) &

Domain Name Space (DNS) &

Domain Naming Scheme

Domain Naming Scheme

PROVIDENCE.ORG

PHSOR

in-place upgrade

or.providence.org

CA

upgraded with and then

split off from phsor

ca.providence.org

PHSWA

in-place upgrade

wa.providence.org

HP

migration from provhealth

hp.providence.org

AK

migration from phsant

ak.providence.org

AD

(6)

A caring difference you can feel

PHSOR

Phsornt54

PROVHEALTH

Phpordc01

PHSWA

Phswa01

PHSANT

Phsacsecure

OR1

Phsornt10

OR2

Phsornt29

PHSSQL

Phsornt40

PHSWEB

Phsornt31

PHPNT

Phpntdc01

OR99

Phsornt99

PHSMSG

Phsmsgdc01

PHSCA

Pcasj1s01

Current NT4 Domains

Current NT4 Domains

(7)

2 November, 2000 Windows 2000 Active Directory: An ETAC Recommendation presented by Ben Berry, CTO & Gary Walter, Dir. IT Communications Chart 7

A caring difference you can feel

Active Directory Domains

Active Directory Domains

(8)

A caring difference you can feel

Collapsing NT4 Domains to AD

Collapsing NT4 Domains to AD

OR1

Phsornt10

PHSWEB

Phsornt32

PHSSQL

Phsornt40

OR2

Phsornt29

OR99

Phsornt99

PHSOR Windows 2000 AD domain

OU = WEB Servers

Domain

OU = SQL Servers

OU = File & Print Servers

OU = Imnet Servers OU = Testing Servers

1 NT4 PDC

4 NT4 BDCs

4 NT4 Servers

15 Win2K Servers

PHSOR

Phsordc03

or.providence.org

1 NT4 PDC

11 NT4 BDCs

6 NT4 Servers

10 Win2K Servers

1 NT4 PDC

4 NT4 BDCs

9 NT4 Servers

6 Win2K Servers

1 NT4 PDC

11 NT4 BDCs

101 NT4 Servers

18 Win2K Servers

1 NT4 PDC

20 NT4 BDCs

1 NT4 Servers

1 NT4 PDC

1 NT4 BDCs

5 NT4 Servers

OU = Application Servers OU = Terminal Servers

+

+

PHSMSG

Phsmsgdc01

This domain will be

upgraded in-place to a

separate AD domain.

1 NT4 PDC

15 NT4 BDCs

7 NT4 Servers

1 Win2K Servers

(9)

2 November, 2000 Windows 2000 Active Directory: An ETAC Recommendation presented by Ben Berry, CTO & Gary Walter, Dir. IT Communications Chart 9

A caring difference you can feel

DNS: Domain Name Services

Current vs. Proposed

Region

Internal

DNS name

Platform

External

DNS name

Platform

SWSA

Swsa.providence.org

BIND Linux

Providence.org

BIND Linux

CWSA

Cwsa.providence.org

BIND Linux

Providence.org

BIND Linux

PHP

Provhealth.com NT

DNS*

Provhealth.org Gantlet

Solaris

PWSC

Pwsc.org NT

DNS NA

Alaska

Provak.org NT

DNS

Provak.org PIX

California

Phsca.org NT

DNS*

Phsca.org

BIND

UNIX

Oregon

Phsor.org

NT DNS

Phsor.org

BIND 8.2.1

Solaris

Everett

Provnw.org NT

DNS NA

Olympia

Providence.org BIND

Linux

Region

AD Domain

DNS domain, LDAP location

Oregon

OR Or.providence.org

California

CA Ca.providence.org

Alaska

AK Ak.providence.org

Health Plans

HP or PHP

Hp.providence.org

Washington

PHSWA Phswa.providence.org

Exchange

PHSMSG

Phsmsg.providence.org

Current

Current

Proposed

Proposed

Current DNS namespace and services across all Providence Health Systems regions:

Proposed DNS namespace in alignment with approved standard. All secondary child domains

to providence.org registered domain. This is in line with the Enterprise Network Architecture

Recommendation.

(10)

A caring difference you can feel

Active Directory Design

Recommendation

hp

hp

ak

ak

ca

ca

or

or

wa

wa

ds

ds

wa wa.providence.org.providence.org ca

ca.providence.org.providence.org oror.providence.org.providence.org

hp hp.providence.org.providence.org ak ak.providence.org.providence.org

xyz

xyz

Xyz.org

Xyz.org

phsmsg

phsmsg

phsmsg phsmsg.providence.org.providence.org

wa. providence.org

or. providence.org

ca. providence.org

ak. providence.org

hp. providence.org

phsmsg. providence

Contiguous Namespace

and Sites

(11)

2 November, 2000 Windows 2000 Active Directory: An ETAC Recommendation presented by Ben Berry, CTO & Gary Walter, Dir. IT Communications Chart 11

A caring difference you can feel

Domain

Domain

Domain

Domain

Domain

Domain

Tree

Domain

Domain

Domain

Domain

Domain

Domain

Tree

Forest

Domain

Domain

OU

OU

OU

OU

OU

OU

‹

‹

Trees and Forests

Trees and Forests

‹

‹

Domains

Domains

‹

‹

Organizational Units

Organizational Units

Active Directory &

Organizational Units

(12)

A caring difference you can feel

‹

‹

Arrange OUs According to:

Arrange OUs According to:

‹

‹

Delegate Administrative Control at OU

Delegate Administrative Control at OU

Level

Level

‹

‹

OUs Enable Single Domain Model

OUs Enable Single Domain Model

„

Organizational Structure

„

Organizational Structure

Recruiting

Human Resources

Benefits

Users

Recruiting

Computers

„

Network Administrative Model

„

Network Administrative Model

Organizational Units Expanded

(13)

2 November, 2000 Windows 2000 Active Directory: An ETAC Recommendation presented by Ben Berry, CTO & Gary Walter, Dir. IT Communications Chart 13

A caring difference you can feel

Risk Management

‹

‹

Interruption of email

Interruption of email

services

services

‹

‹

Interruption of prod

Interruption of prod

systems

systems

‹

‹

Availability of skilled

Availability of skilled

resources

resources

‹

‹

Funding

Funding

‹

‹

Executive sponsorship

Executive sponsorship

‹

‹

Cross

Cross

-

-

regional

regional

coordination

coordination

‹

‹

Splinter groups moving

Splinter groups moving

ahead with no clear

ahead with no clear

direction

direction

‹

‹

Timing to deploy

Timing to deploy

‹

‹

DNS integration

DNS integration

‹

‹

Inadequate planning on

Inadequate planning on

enterprise

enterprise

implementation

implementation

‹

‹

Microsoft and DOJ

Microsoft and DOJ

‹

‹

Cross

Cross

-

-

region buy

region buy

-

-

in

in

‹

‹

Key staff moving on

Key staff moving on

‹

‹

Scope creep

Scope creep

‹

‹

Competing priorities

Competing priorities

and other projects

and other projects

‹

‹

Incompatible

Incompatible

applications

applications

‹

(14)

A caring difference you can feel

Enterprise Support Model

Enterprise Support Model

Help Desk

Agency AD Engineer

Enterprise AD Coordinator

Region Support

Administrative Support

(account mgmt, etc.)

User Support

Escalation Path

Change Mgmt

Enterprise Issues

ETAC

OCIO

(15)

2 November, 2000 Windows 2000 Active Directory: An ETAC Recommendation presented by Ben Berry, CTO & Gary Walter, Dir. IT Communications Chart 15

A caring difference you can feel

Regional Support Roles

Regional Support Roles

Help Desk

Process

Policy

Design

Planning

ETAC

Enterprise AD

Coordinator

Regional

AD Engineer

Implementation

Training

Support

Oversight

Approval

(16)

A caring difference you can feel

Help Desk

Help Desk

‹

‹

First point of contact for

First point of contact for

operational issues

operational issues

‹

‹

Operational Administration

Operational Administration

¾

¾

Accounts

Accounts

¾

(17)

2 November, 2000 Windows 2000 Active Directory: An ETAC Recommendation presented by Ben Berry, CTO & Gary Walter, Dir. IT Communications Chart 17

A caring difference you can feel

Enterprise AD

Enterprise AD

Coordinator

Coordinator

‹

‹

Maintains full access to the root of the

Maintains full access to the root of the

forest.

forest.

‹

‹

Responsible for enterprise DNS services

Responsible for enterprise DNS services

‹

‹

Responsible for planning implementation

Responsible for planning implementation

of service packs and patches.

of service packs and patches.

‹

‹

Performs consistency checks

Performs consistency checks

‹

‹

Responsible for testing schema changes

Responsible for testing schema changes

‹

(18)

A caring difference you can feel

Agency AD Engineer

Agency AD Engineer

‹

‹

Responsible for daily operation of the

Responsible for daily operation of the

AD forest.

AD forest.

‹

‹

Responsibility and administrative

Responsibility and administrative

control of a specific Active Directory

control of a specific Active Directory

domain.

domain.

‹

‹

Supports DNS services in collaboration

Supports DNS services in collaboration

with Enterprise AD Coordinator.

with Enterprise AD Coordinator.

‹

‹

Advanced support for operational

Advanced support for operational

issues.

(19)

2 November, 2000 Windows 2000 Active Directory: An ETAC Recommendation presented by Ben Berry, CTO & Gary Walter, Dir. IT Communications Chart 19

A caring difference you can feel

Change Management

Change Management

Process is applicable for all changes to

Process is applicable for all changes to

include architectural and schema

include architectural and schema

changes.

changes.

Enterprise Review Members

Enterprise Review Members

¾

¾

Enterprise AD Coordinator

Enterprise AD Coordinator

¾

¾

Primary Agency AD Engineers

Primary Agency AD Engineers

AD Review Committee Members

AD Review Committee Members

¾

¾

Enterprise Review Members

Enterprise Review Members

¾

¾

Secondary Agency AD Engineers

Secondary Agency AD Engineers

¾

¾

Selected Members which may include CIOs, technical

Selected Members which may include CIOs, technical

experts, etc.

experts, etc.

¾

¾

Appointed Chair responsible for agendas, scheduling,

Appointed Chair responsible for agendas, scheduling,

coordinating responses, etc.

(20)

A caring difference you can feel

Change Management Process

Change Management Process

Change Request

Submit in Writing to

Enterprise AD Coordinator

Enterprise Review

Draft response submitted to

AD Review Committee

Review Committee determination

Send Assessment response

and close

Implementation Not Recommended

Short Term Break-Fix

Implement Requested Change

Submit to ETAC Group for review

Significant Enterprise Impact

High Risk

Target: 5 days

Implementation Recommended

Implement Requested Change

(21)

2 November, 2000 Windows 2000 Active Directory: An ETAC Recommendation presented by Ben Berry, CTO & Gary Walter, Dir. IT Communications Chart 21

A caring difference you can feel

Project Milestones

Windows 2000

AD Planning

Summit

10/00

Master

Project Plan

11/00

Functional

Specification

11/00

Team

Formation

OCIO Charters

ETAC

2/00

Vision /

Scope

9/00

Project

Schedule

11/00

Engineering

Environment Set-up

(Test Lab, equip.

etc.)

_12/00

Proof-of-Concept

1/01

Testing &

Pilot(s)

6/01

Deployment

7/01

References

Download now ( PDF - 21 Page - 434.85 KB )

Related documents

B312-14.pdf

Then, using the force that is necessary to produce the desired thickness at the target green density, compact three test specimens from the three test portions of powder following

Tuberculosis Intensive November 17 20, 2015 San Antonio, TX

EXCELLENCE EXPERTISE INNOVATION Tuberculosis Infection Prevention in Health Care Settings Jeffrey L.. Levin,

The Insurance Companies 2009

The statistics for authorised pension insurance companies include the financial key figures and analyses presented in the notes to the financial statements, which are published

Apparent diffusion coefficient values as an adjunct to dynamic contrast enhanced MRI for discriminating benign and malignant breast lesions presenting as mass and non-mass like enhancement

Abstract Purpose: The purpose of our study was to evaluate the diagnostic value of an imaging protocol that combines dynamic contrast-enhanced MRI (DCE-MRI) and apparent diffusion

Validity of p-LDH/HRP2-Based Rapid Diagnostic Test for the Diagnosis of Malaria on Pregnant Women in Maluku

The results of the validity of RDT Pf /Pan (samples of peripheral blood) in this study for the examination of malaria in pregnant women have a sensitivity of 9.75%, specificity

Corporate Policy & Strategy Committee

1.1 To note acceptance by the Convener of Culture and Sport to attend the inaugural meeting of a new network initiated by Geneva, alongside the Vice Principal International of

Finance Sub-Committee 30 November 2015

The Nene Wetlands, which will include the Wildlife Trust BCN’s first visitor centre facility at Rusden Lakes, sit strategically within the heart of the Trust’s Nene Valley