![Page 1: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/1.jpg)
The Multi-Agency Enterprise Active Directory Forest
![Page 2: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/2.jpg)
Introduction
Keith Kawamura
Network Technologies ManagerDepartment of General
AdministrationMember of the EAD Resource Group
![Page 3: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/3.jpg)
Session Goal
To provide a better understanding of the
State of Washington's Forest Environment.
![Page 4: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/4.jpg)
What is a Forest?
One or more domain trees that do not form a contiguous namespace.
Forests allow organizations to group divisions that operate independently but still need to communicate with one another.
![Page 5: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/5.jpg)
Major Benefits
Economies of Shared Infrastructure Administration Technical support Installation Processes Trouble shooting Monitoring On going updates and reconfiguration
![Page 6: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/6.jpg)
Active Directory Implementation
3 Forests WA.LCL – Production Forest WAT.TST – Pre-production – Any agency
joining at a minimum must start here and keep a presence here after joining production forest.
WAL.LAB – For base level of testing (Applications, Schema Changes, patches, join procedures, etc.)
![Page 7: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/7.jpg)
Project History
Win2K converges network and data base (Exchange 2000 uses the OS directory)
LAN Managers group attempted to install in 1999 and not successful.
Appeal to CAB Infrastructure Subcommittee 1999
CAB Pilot Winter 2000 recommended single forest for the state.
Project Steering Committee formed - kickoff Fall 2000
Project completion June 2001
![Page 8: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/8.jpg)
CAB Forest Objectives
Create a State Forest Win2k Server environment and install the statewide root for agencies who want to join.
Implement the first version of the Active Directory.
Provide a foundation to allow shared applications / data.
Establish governing policies for the state forest.
Implement Exchange 2003
![Page 9: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/9.jpg)
Project To Date
Broad participation CAB authorized Governance model in practice Preparation for Exchange 2003
![Page 10: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/10.jpg)
Perspective
Washington state is a national leader Governance model is unique and
robust—didn’t come down “from the top”
The project focuses on business results
The quality is very high The project positions agencies for the
future
![Page 11: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/11.jpg)
CAB
Agencies Enterprise Active DirectorySteering Committee
DIS
DIS Root
Management EAD Resource EAD Application
Group Developers
Enterprise Directory Governance Model
![Page 12: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/12.jpg)
Win2k Steering Committee
Participants: DSHS ESD DFI GA L&I OFM DOP DIS DOT DOL
Observers: LEG ECY DOR DRS
Chair: Phil Grigg
![Page 13: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/13.jpg)
EAD Resource Group
Responsible for network infrastructure, operations, and change management
Interagency technical working group Develops project documents Makes recommendations to the
Steering Committee Chair: John Ditto (DIS)
![Page 14: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/14.jpg)
EAD Application Developers
Two sets of responsibilities Startup and Ongoing
Define Active Directory strategic direction and recommend direction to the Windows 2000 Steering Committee in three areas: Active Directory Schema Application use of the Active Directory Approval of applications that use Active
Directory Chair: Gregg Arndt
![Page 15: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/15.jpg)
Connected Agencies
In Production DSHS, LNI, GA, DOP, ESD, DIS (Shared Services), WSP
In Pre-Production DIS, OFM, DFI, HCA
In LAB Forest DOH, DRS Petitioning to join SAO
![Page 16: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/16.jpg)
DIS Executes decisions made by the
Steering Committee Steering Committee
recommendations are incorporated into the DIS service level agreement
Operates the root domain structure DIS sits on the Steering Committee
(DIS does NOT make forest decisions)
![Page 17: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/17.jpg)
Forest Root Service Level Agreement (SLA)
Forest Root Responsibilities Implement Steering Committee Policy Hardware and Software for the Root Domain 99.9% availability in Production Environment Production, Pre-production and Test
Environment Follow Change Control Processes Root administration Provides Problem Management Contracts Vendor Technical Support 7/24/365
![Page 18: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/18.jpg)
Forest Root SLA (cont.)
Security Administration Implement all Security Policies set by Enterprise
AD Steering Committee Protect Customers from unauthorized use of their
intellectual property IPSec between all Domain Controllers Secure physical access
Change Management
![Page 19: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/19.jpg)
Forest Root SLA (cont.)
Client Agency Responsibilities Maintain one active SLA per agency Hardware and Software for the Agency Child
Domain Designated primary and secondary technical
support staff Maintain participation in the Pre-Production
Forest Follow all security procedures Follow all change control processes Adhere to Naming Conventions and Standards
![Page 20: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/20.jpg)
Enterprise Forest Root Support Model
Deputy Director, DIS
![Page 21: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/21.jpg)
Multi-Agency Forest Benefits
Ability to share applications and static data with agencies connected to the Active Directory
Ability to delegate authority across agencies. OFM is reviewing this for their fiscal systems.
Simplified security model Single Sign-on. – OFM is currently working on a proof-of-concept for non-compliant applications.
Authentication/Authorization Backbone to reduce redundancy of Point solutions.
![Page 22: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/22.jpg)
Security Emphasis
Active Directory is the Yellow Pages of our network resources.
The State of Washington as a single Enterprise.
Secure the Data. Free the Users.
![Page 23: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/23.jpg)
![Page 24: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/24.jpg)
![Page 25: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/25.jpg)
![Page 26: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/26.jpg)
![Page 27: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/27.jpg)
![Page 28: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/28.jpg)
Benefits of an Enterprise AD
Active Directory securely shares identity information statewide
Reduced IT administration (Centralized Root)
Supports delegation, and application development
Joining the State forest is less costly and easier than going it alone (Leverage what is already established)
Build the enterprise community
![Page 29: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/29.jpg)
Forest Applications for Consideration
Exchange 2003 (Note: Exchange 5.5 Support ends as of 12-31-03)
E-mail Archiving and Retention System (EARS)
Mobil Messaging Ingress/Egress E-mail Virus Scanning FAX Services Automatic Distribution Lists Common Public folders Instant Messaging
![Page 30: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/30.jpg)
Forest Applications for Consideration (cont.)
Outlook Web Access State Wide Work Flow Automatic Organizational Charting Automatic Scan Book Updates Interagency Calendar View/Meeting
Planner Single Sign on Human Resource Application
![Page 31: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/31.jpg)
Summary CAB-approved, interagency project All decisions are made through the
interagency Steering Committee Active Directory shares user and
other information automatically Much of the work is already done and
can be accessed at:
http://sww.wa.gov/win2k
![Page 32: The Multi-Agency Enterprise Active Directory Forest](https://reader033.vdocuments.net/reader033/viewer/2022061507/56815737550346895dc4dad7/html5/thumbnails/32.jpg)
Thank you! Contacts
Phil Grigg - Chair, Enterprise AD Steering Committee
(360) 902-7452 Email: [email protected] Gregg Arndt - Chair, Forest Application Developers
(360) 664-6418 email: [email protected] Allen Schmidt – Project Manager, Single Sign-On
Prototype (360) 725-5272 email:[email protected]
John Ditto – Chair, Forest Resource Group (360) 902-0349 Email: [email protected] (in the GAL)
Bob Deshaye – Service Level Agreements (360) 902-3336 Email: [email protected] ( in the Gal)