28th september 2011 maddox project nigel brown / adrian parks oucs 1

28th September 2011

MADDOX Project

Nigel Brown / Adrian Parks

OUCS

1

Breakout Session 1: How do you use AD?

Authentication and authorisation?

Domain-based workstations and services?

Third-party applications?

Network appliances?

Does it use a cross-realm trust?

Does it have schema extensions?

How are accounts provisioned?

Any other usage?

Background

1999:

• Initial AD design work

2000-2007:

•Increased use of AD

•Direct cross-realm trust

2008 :

•Initial work on Nexus

1999 Initial AD design work

2000-2007 Increased use of AD

Direct cross realm trust

2008 Initial work on Nexus AD

2011 Project MADDOX

Background

In 2008, we considered offering the Nexus AD for wider use

Four scenarios considered

https://talkshop.itss.ox.ac.uk/talkshop/viewtopic.php?t=69

Scenarios 1 & 2: Central AD Forest

Project MADDOX

• To offer an enhanced level of support for integration of Microsoft Active Directory based domains with central identity and access management services

Project MADDOX

- Investigate/examine feasible scenarios

- Test the scenarios

- Pick the most sensible scenario

- Implement it

Project MADDOX Scenarios

• Native AD trust

• Indirect cross-realm trust

• Direct cross-realm trust

Scenario A: Native AD trust

Scenario B: Indirect cross-realm trust

Scenario C: Direct cross-realm trust

What we tested

• Domain authentication (and Group Policy)

• File & Print access

• IIS authentication (from browser)

• SharePoint

• SQL Server

…but only from Windows clients

Results & Conclusions

* Microsoft support call raised.

NOTE: For all tests the workstation must be a member of the local AD.

Native AD Indirect Trust* Direct Trust

Domain Authentication

File and Print Access

IIS Authentication

Sharepoint

SQL Server

Breakout Session 2:How does a central AD help you?

• Processes/Procedures?

• Applications?

• Appliances?

…what else?

Every Service has Benefits and Costs

• How do you place a value on a service?

• Would the service save you time?

• Would the service save you money?

• Could it be chargeable?

• What is its worth?

Breakout Session 3:Costs and Benefits

Value Cost

Next Steps

• Incorporate Feedback

• Assess the Options

• Consider cost-effectiveness

• Pick a solution

• Implement the selected solution

28th September 2011

Questions?

Contact Details:

[email protected]

[email protected]

18

28th september 2011 maddox project nigel brown / adrian parks oucs 1

Documents

ad deployments

local ad

direct crossrealm trustwhat

native ad trustscenario

central authentication

direct xrealm trust

use cases

central identity