Table of Contents

Editor’s Corner

Featured In This Issue

New Partnerships

Best Practices For Securing Your DNS Architecture

The Problem and Growth of Spyware

Ciph t’s IronMail Spam Profiler Tool

Five Steps to Enforcing Your Endpoint Security

The Costs of Managing Internal Passwords

Case Study

Akibia Partners

Contact Akibia

 

A Manhattan financial services company had grown to 3,400+ employees in 15 locations located on 3 continents and was supported by aging Windows NT Domains. To improve the management, extensibility, and security of their infrastructure, their IT management planned to migrate to Active Directory. They partnered with Akbia to reduce their exposure to migration issues and to address their complex requirements for how Active Directory would be configured and used.

Business Challenge
Financial institutions support a myriad of applications and have data depositories spread across multiple locations and companies - access and management becomes cumbersome as the number of applications and users increase. Active Directory can be used to provide single sign-on capabilities across the infrastructure, regardless of the application.

Active Directory with Windows Server 2003 provides a universally compatible version of LDAP that can extract or synchronize data with a multitude of data sources such as PeopleSoft, iPlanet, Informix or SQL. Microsoft created Active Directory with the ability to provide extensibility that allows companies to integrate and tailor these applications to the needs of their organization.

Design Goals
Some of the crucial requirements for the firm’s infrastructure and Active Directory included:

  • Single sign-on throughout enterprise applications.
  • Customize LDAP for integration & synchronization of PeopleSoft, ERP and CRM.
  • Make environment centrally manageable.
  • Utilize Group Policy Objects to lockdown workstations and useraccounts.
  • Active Directory Child Domains will be used for continents and remote locations within those domains will be administered as OUs.


The biggest technical challenge was to ensure that Active Directory’s Schema was customized so that all heterogeneous database repositories would communicate. To support this requirement, special LDAP fields had to be created to ensure proper synchronization of data using Active Directory.

Solution
During the first project phase, Akibia designed the Active Directory structure to be scalable (to accommodate changes and acquisitions) and easy to centrally administer. The Active Directory structure used an empty root forest with child domains for each of the continents. Akibia delegated permissions based on OU structure that allowed the central IT infrastructure to delegate select operational functions to remote administrators while main-taining complete control of the infrastructure. To further enhance consistency and security, Group Policies were used for securing computer configurations.

The second phase of the project provided accessibility to external applications. Akibia designed and implemented a customized LDAP field within the Active Directory Schema to accommodate an Employee ID and a picture of the user or resource. These custom fields were used to port and synchronize data between heterogeneous data sources to improve data consistency and reduce data input.
The final phase was to migrate users from their existing NT4 domain structure into Active Directory while providing a seamless transition. Akibia used a handful of utilities that ranged from Microsoft products to 3rd party products to migrate end users with minimal disruption to their daily activities.

Benefit
By partnering with Akibia, a Microsoft Gold Partner, this financial services company successfully migrated to Active Directory and Windows 2003. The Company’s internal data is now administered centrally which has provided significant cost savings in IT personnel and time. In addition, the resulting infrastructure is secure, stable, and scalable. Due to the success of the project, the firm decided to bring their outsourced Exchange infrastructure back in-house to integrate and leverage their Active Directory infrastructure.