The Multi-Agency Enterprise Active Directory Forest

Introduction

Keith Kawamura

Network Technologies ManagerDepartment of General

AdministrationMember of the EAD Resource Group

Session Goal

To provide a better understanding of the

State of Washington's Forest Environment.

What is a Forest?

One or more domain trees that do not form a contiguous namespace.

Forests allow organizations to group divisions that operate independently but still need to communicate with one another.

Major Benefits

Economies of Shared Infrastructure Administration Technical support Installation Processes Trouble shooting Monitoring On going updates and reconfiguration

Active Directory Implementation

3 Forests WA.LCL – Production Forest WAT.TST – Pre-production – Any agency

joining at a minimum must start here and keep a presence here after joining production forest.

WAL.LAB – For base level of testing (Applications, Schema Changes, patches, join procedures, etc.)

Project History

Win2K converges network and data base (Exchange 2000 uses the OS directory)

LAN Managers group attempted to install in 1999 and not successful.

Appeal to CAB Infrastructure Subcommittee 1999

CAB Pilot Winter 2000 recommended single forest for the state.

Project Steering Committee formed - kickoff Fall 2000

Project completion June 2001

CAB Forest Objectives

Create a State Forest Win2k Server environment and install the statewide root for agencies who want to join.

Implement the first version of the Active Directory.

Provide a foundation to allow shared applications / data.

Establish governing policies for the state forest.

Implement Exchange 2003

Project To Date

Broad participation CAB authorized Governance model in practice Preparation for Exchange 2003

Perspective

Washington state is a national leader Governance model is unique and

robust—didn’t come down “from the top”

The project focuses on business results

The quality is very high The project positions agencies for the

future

CAB

Agencies Enterprise Active DirectorySteering Committee

DIS

DIS Root

Management EAD Resource EAD Application

Group Developers

Enterprise Directory Governance Model

Win2k Steering Committee

Participants: DSHS ESD DFI GA L&I OFM DOP DIS DOT DOL

Observers: LEG ECY DOR DRS

Chair: Phil Grigg

EAD Resource Group

Responsible for network infrastructure, operations, and change management

Interagency technical working group Develops project documents Makes recommendations to the

Steering Committee Chair: John Ditto (DIS)

EAD Application Developers

Two sets of responsibilities Startup and Ongoing

Define Active Directory strategic direction and recommend direction to the Windows 2000 Steering Committee in three areas: Active Directory Schema Application use of the Active Directory Approval of applications that use Active

Directory Chair: Gregg Arndt

Connected Agencies

In Production DSHS, LNI, GA, DOP, ESD, DIS (Shared Services), WSP

In Pre-Production DIS, OFM, DFI, HCA

In LAB Forest DOH, DRS Petitioning to join SAO

DIS Executes decisions made by the

Steering Committee Steering Committee

recommendations are incorporated into the DIS service level agreement

Operates the root domain structure DIS sits on the Steering Committee

(DIS does NOT make forest decisions)

Forest Root Service Level Agreement (SLA)

Forest Root Responsibilities Implement Steering Committee Policy Hardware and Software for the Root Domain 99.9% availability in Production Environment Production, Pre-production and Test

Environment Follow Change Control Processes Root administration Provides Problem Management Contracts Vendor Technical Support 7/24/365

Forest Root SLA (cont.)

Security Administration Implement all Security Policies set by Enterprise

AD Steering Committee Protect Customers from unauthorized use of their

intellectual property IPSec between all Domain Controllers Secure physical access

Change Management

Forest Root SLA (cont.)

Client Agency Responsibilities Maintain one active SLA per agency Hardware and Software for the Agency Child

Domain Designated primary and secondary technical

support staff Maintain participation in the Pre-Production

Forest Follow all security procedures Follow all change control processes Adhere to Naming Conventions and Standards

Enterprise Forest Root Support Model

Deputy Director, DIS

Multi-Agency Forest Benefits

Ability to share applications and static data with agencies connected to the Active Directory

Ability to delegate authority across agencies. OFM is reviewing this for their fiscal systems.

Simplified security model Single Sign-on. – OFM is currently working on a proof-of-concept for non-compliant applications.

Authentication/Authorization Backbone to reduce redundancy of Point solutions.

Security Emphasis

Active Directory is the Yellow Pages of our network resources.

The State of Washington as a single Enterprise.

Secure the Data. Free the Users.

Benefits of an Enterprise AD

Active Directory securely shares identity information statewide

Reduced IT administration (Centralized Root)

Supports delegation, and application development

Joining the State forest is less costly and easier than going it alone (Leverage what is already established)

Build the enterprise community

Forest Applications for Consideration

Exchange 2003 (Note: Exchange 5.5 Support ends as of 12-31-03)

E-mail Archiving and Retention System (EARS)

Mobil Messaging Ingress/Egress E-mail Virus Scanning FAX Services Automatic Distribution Lists Common Public folders Instant Messaging

Forest Applications for Consideration (cont.)

Outlook Web Access State Wide Work Flow Automatic Organizational Charting Automatic Scan Book Updates Interagency Calendar View/Meeting

Planner Single Sign on Human Resource Application

Summary CAB-approved, interagency project All decisions are made through the

interagency Steering Committee Active Directory shares user and

other information automatically Much of the work is already done and

can be accessed at:

http://sww.wa.gov/win2k

Thank you! Contacts

Phil Grigg - Chair, Enterprise AD Steering Committee

(360) 902-7452 Email: PGrigg@ga.wa.gov Gregg Arndt - Chair, Forest Application Developers

(360) 664-6418 email: GreggA@dop.wa.gov Allen Schmidt – Project Manager, Single Sign-On

Prototype (360) 725-5272 email:Allen.Schmidt@ofm.wa.gov

John Ditto – Chair, Forest Resource Group (360) 902-0349 Email: ditto@dis.wa.gov (in the GAL)

Bob Deshaye – Service Level Agreements (360) 902-3336 Email: BobD@dis.wa.gov ( in the Gal)