Active Directory
Increase IT Operational EfficiencyIncrease IT Operational Efficiency
Strengthen SecurityStrengthen Security
Improve Information Worker ProductivityImprove Information Worker Productivity
Presented by: Nguyen Duc Hoang Hai
Title: Account Manager
Feb 27, 2009
Hpt Microsoft Solution Center
CONTENT
Common IT Challenges
What is Active Directory?
IT and the Business Benefits of ADIncreases IT Operational EfficiencyStrengthens Network SecurityIncreases Information Worker Productivity
HMSC projects
Common IT Challenges
Common IT Challenges
Identity Management Too many userids and directories Weak passwords Secure access to networks and applications Rising help desk costs
Server and Desktop Management Getting to standard configurations Managing server and desktop settings Rogue applications on the desktop Keeping systems up-to-date
Core Infrastructure Optimization
Standardized Rationalized DynamicBasic
Uncoordinated, manual
infrastructure
Managed IT infrastructure with limited automation
Managed and consolidated IT
infrastructure with maximum automation
Fully automated management,
dynamic resource usage, business
linked SLA’s
Efficient Cost Center Business Enabler Strategic AssetCost Center
Data Protection and Recovery Data Protection and Recovery
IT &Security Proces s es IT &Security Proces s es
What is Active Directory?
What is Active Directory?Foundation for Identity & Access Management
•Account Information•Privileges•Profiles•Policies•Single Sign-On
Windows Users
•Network Resources•File Shares•Printers•Policies
Windows Servers
•Configuration•Security•Quarantine•Policies
Windows Clients
•Directories•Databases•Mainframes•UNIX
Other Systems
•Product Information•Privileges•Profiles•Policies•Automated deployment
Microsoft Products•Configuration•Quality of Service•Security Policies•Single Sign-On
Network Devices
•Configuration•Security Policy•VPN & Remote Access•Quarantine•Single Sign-On
Firewall Services
•Single Sign-On•Automated deployment•Configuration•App-specific directory data
3rd Party Applications
•Operational Efficiency•Improved Security•Improved Productivity•Interoperability
Active Directory
Focal point for network & user managementCentral authority for network & application securityIntegration point for bringing systems together
IT and the Business Benefits of AD
The Role of AD…
Automate the lockdown of Windows systemsAutomate the lockdown of Windows systemsEnforce the use of strong passwords & credentialsEnforce the use of strong passwords & credentialsSimplify managing access to network resourcesSimplify managing access to network resources
Increase efficiency of managing WindowsIncrease efficiency of managing WindowsReduce the number of directories and passwordsReduce the number of directories and passwordsCentral management of Windows servers & desktopsCentral management of Windows servers & desktops
Find people, applications, and resources fasterFind people, applications, and resources fasterEmpower employees with rich collaboration capabilitiesEmpower employees with rich collaboration capabilitiesSingle Sign-on to integrated applications and resourcesSingle Sign-on to integrated applications and resources
Increase ITOperational
Efficiency
StrengthenSecurity
Improve Employee
Productivity
IT Operational EfficiencyIncrease Efficiency
1. Simplify identity administrationProvide single sign-on to network resourcesEasily manage users & network resourcesStandards-based for interoperability with other products
2. Distribute IT workloadEasily delegate administrative tasksCustomizable administrative interfaces ease useDistribute tasks by role, group or individual
3. Automate IT workloadCentrally manage software deploymentIncrease accessibility of dataSelectively control computer settings
* - Study of 56 AD-specific case studies showed an average efficiency increase of 31% or $91,476
IT Operational EfficiencyReduce Directories or Domains Through Consolidation
AD as a multi-purpose directory– NOS infrastructure directory– Applications directory
– Network devicesVPN Firewall
LOBApplication
B2B/B2C InternetApplication
ActiveDirectory
NT Domains
LDAPDirectories
Mainframe/UNIX
IT Operational EfficiencyOne-to-Many Management of Users & Computers
Use Group Policy to:
Manage configuration of servers, desktops & groups of usersAutomate enforcement of IT policiesAutomate system updates &application installationsConsistently implement security settings across the enterpriseImplement standard computingenvironments for users
Active Directory IT Staff
Group Policy
Many Users
Many Desktops& Servers
The Role of AD…
Automate the lockdown of Windows systemsAutomate the lockdown of Windows systemsEnforce the use of strong passwords & credentialsEnforce the use of strong passwords & credentialsSimplify managing access to network resourcesSimplify managing access to network resources
Increase efficiency of managing WindowsIncrease efficiency of managing WindowsReduce the number of directories and passwordsReduce the number of directories and passwordsCentral management of Windows servers & desktopsCentral management of Windows servers & desktops
Find people, applications, and resources fasterFind people, applications, and resources fasterEmpower employees with rich collaboration capabilitiesEmpower employees with rich collaboration capabilitiesSingle Sign-on to integrated applications and resourcesSingle Sign-on to integrated applications and resources
Increase ITOperational
Efficiency
StrengthenSecurity
Improve Employee
Productivity
Strengthen SecurityAutomate the Lockdown of Windows Systems
Security templates can ensure enterprise-wide security
Prevent end-users from modifying desktop configurations or settings
Software Restriction Policies precisely control what software can be run
Enable audit of events & changes
Control hundreds of settings via Group Policy
Strengthen SecurityStrong Passwords and Logon Credentials
Granular control of password policyHistory, age, min/max length, complexity
Define account lockout policiesDuration, threshold, reset time
Enable use of two-factor authenticationSmartcards, biometrics, other tokens
Extend security policy to non-Windows systems via Kerberos & LDAP
Strengthen SecuritySimplify Managing Access to Network Resources
Use AD for remote single sign-on
Group Policy can control dial-in & VPN access
Policies apply regardless of how clients connect
Once connected, network access control can: Isolate & check the “health” of client
Healthy clients get network access
Clients who do not pass can be isolated
Isolated clients can be given access to resources to get to a healthy state
Require strong authentication for remote users
The Role of AD…
Automate the lockdown of Windows systemsAutomate the lockdown of Windows systemsEnforce the use of strong passwords & credentialsEnforce the use of strong passwords & credentialsSimplify managing access to network resourcesSimplify managing access to network resources
Increase efficiency of managing WindowsIncrease efficiency of managing WindowsReduce the number of directories and passwordsReduce the number of directories and passwordsCentral management of Windows servers & desktopsCentral management of Windows servers & desktops
Find people, applications, and resources fasterFind people, applications, and resources fasterEmpower employees with rich collaboration capabilitiesEmpower employees with rich collaboration capabilitiesSingle Sign-on to integrated applications and resourcesSingle Sign-on to integrated applications and resources
Increase ITOperational
Efficiency
StrengthenSecurity
Improve Employee
Productivity
Employee ProductivityFind IT Resources Faster
End-users can easily findprinters based on their current location or capability required
Integrated with Exchange, Outlook, SharePoint & presence technologiesEasily search AD for users, groups or distribution lists
Employee ProductivityEnable Rich Collaboration
AD enables “smart connections”
Connect users & teams to share knowledge
– Provide just-in-time communication
– Enable end-user self-service– Locate & connect with experts– Share contacts & groups across
products
Single sign-on enhances productivity
OnlineMeetings
Documents
ContactsTasks
Team
Calendar
Discussions
…
Members
& Active Directory
Employee ProductivitySingle Sign-on to Integrated Applications
One credential – Multiple usesReduce time spent logging inReduce number of passwordsReduce helpdesk costsProvision or suspend users
faster
ExchangeExchange
SharePointSharePointPortalPortal
File ShareFile Share
Windows IntegratedWindows IntegratedApplicationsApplications
FirewallFirewall& VPN& VPN
B2B/B2C/LOB B2B/B2C/LOB ApplicationsApplications
Mainframe/Mainframe/UNIXUNIX
HMSC PROJECTS
HMSC Projects
Directory Consolidation
Active Directory
Delegated AdminDesktop Lockdown
Group Policy
• 12,000 employees, 138 Branches• 50% reduction in helpdesk costs
Microsoft Exchange Server 2007
10,000 mailboxes
HMSC Projects
Unified CommunicationUnified Communication
Directory ConsolidationDirectory Consolidation
Active DirectoryActive Directory
Delegated AdminDelegated AdminDesktop LockdownDesktop Lockdown
Group PolicyGroup Policy
Microsoft Microsoft Exchange Server 2007Exchange Server 2007
Microsoft Live Microsoft Live Communication Communication ServerServer
HMSC Projects
Unified CommunicationUnified Communication
Directory ConsolidationDirectory Consolidation
Active DirectoryActive Directory
Delegated AdminDelegated AdminDesktop LockdownDesktop Lockdown
Group PolicyGroup Policy
Microsoft Microsoft Exchange Server 2007Exchange Server 2007
Microsoft Offices Microsoft Offices Communication Communication ServerServer
HMSC Projects
Am t ng công ngh - Th u hi u thông tinườ ệ ấ ể
Thank you!
Am t ng công ngh - Th u hi u thông tinườ ệ ấ ể
For more Information, please contact:
hpt Microsoft Solution Center
HPT VIETNAM CORPORATION
Add: 139B Pasteur, Dist 3, HCMC, VietnamTel: 08. 38204505Fax: 08. 38204504Email: [email protected] Website: www.hpt.vn