|
|
 |
 |
| |
Centralized Administration Facility:
The Challenge
Our client was in urgent need of a centralized administration facility for their extensive network of systems. Their current setup was that all systems maintained their individual security and access control configurations. This added considerable administration overhead and sometimes gave rise to many manual errors. It also required users to remember and maintain credentials for several different systems. This made it difficult to implement the organizational hierarchy in a strict way and relate access controls to job responsibilities. This caused many situations where management had to intercede to arbitrate and to resolve access control issues.
Solution
We clearly recognized that the best solution for our client was moving to a LDAP version 3 architecture. We worked with the client in clarifying the existing organizational structure and defining the precise inputs required for each step outlined below in implementing LDAP v3.
Designing and implementing a LDAP Version 3 Infrastructure
A general design LDAP Version 3 infrastructure consists of the following:
- Organizational Heirarchy.
- Systems, Projects and Job responsibilities on each.
- Systems and their components. Responsibilities of the components and access they need.
(This is similar to 2. but concentrates on non-human components.)
- Default Policies for Each Component.
- DNS
- PKI infrastructure
- LDAP Version 3
- Kerberos Version 5 setup
- Kerberization of Components and Information access tools.
Result
Over a period of nine months we closely worked with our client’s network and system administration staff in gradually and carefully moving to a centralized administration facility where structure and organization replaced unpredictability and chaos. Among the benefits derived from this implementation are the savings in time spent on trying to identify and resolve system/network problems, improvement in staff morale, and most significantly, a much-improved relationship with their clients.
|
|
