Consider the business model Essay Example for Free

Consider the business poser EssayThe easiest way to start a design is to consider the business model that you sat down with when starting these designs. You now need to recreate that structure in Active Directory using organisational Units as the building blocks. Create a complete organisational Unit structure that exactly mirrors your business model as represented by that domain. In new(prenominal) words, if the domain you ar designing is the Finance domain, implement the finance organizational structure within the Finance domain. You dont create the entire organizations business model within each Organizational Unit you create only the part of the model that would actually apply to that Organizational Unit. Draw this structure out on a piece of paper. Figure 8-3 shows the Organizational Unit structure of mycorp.coms domain. Weve expanded only the Finance Organizational Unit here for the example. Figure 8-3. The Mycorp domains internal Organizational Unit structureOnce you h ave drawn an Organizational Unit structure as a template for your Active Directory hierarchy within the domain, you notify begin to tailor it to your specific requirements. The easiest way to tailor the initial Organizational Unit design is to consider the hierarchy that you wish to create for your delegation of administration. both Tier HierarchiesA two tier hierarchy is a design that meets most companys needs. In some ways it is a agree mingled with the one and Three Tier hierarchies. In this design there is a Root CA that is offline, and a subordinate issuing CA that is online. The level of security is additiond because the Root CA and Issuing CA roles are separated. But more importantly the Root CA is offline, and so the private draw of the Root CA is better protected from compromise. It also increases scalability and flexibility. This is due to the fact that there preempt be multiple Issuing CAs that are subordinate to the Root CA. This allows you to have CAs in different geographical location, as well as with different security levels. Manageability is more or less increased since theRoot CA has to be brought online to sign CRLs. Cost is increased marginally.Marginally speaking, because all you need is a hard drive and Windows OS authorise to implement an Offline Root. Install the hard drive, install your OS, build your PKI hierarchy, and then remove the hard drive and store it in a safe. The hard drive can be attached to existing hardware when CRLs need to be re-signed. A virtual machine could be used as the Root CA, although you would still call for to store it on a separate hard drive that can be stored in a safe. Three Tier HierarchiesSpecifically the difference between a Two Tier Hierarchy is that second tier is placed between the Root CA and the issuing CA. The placement of this CA can be for a couple different reasons. The first reason would be to use the second tier CA as a Policy CA. In other words the Policy CA is configured to issue c ertificates to the Issuing CA that is restricted in what type of certificates it issues. The Policy CA can also vindicatory be used as an administrative boundary. In other words, you only issue certain certificates from subordinates of the Policy CA, and perform a certain level of chip before issuing certificates, but the policy is only enforced from an administrative not technical perspective.The other reason to have the second tier added is so that if you need to revoke a number of CAs due to a key compromise, you can perform it at the Second Tier level, leaving other branches from the tooth root available. It should be noted that Second Tier CAs in this hierarchy can, like the Root, be kept offline. Following the paradigm, security increases with the addition of a Tier, and flexibility and scalability increase due to the increased design options. On the other hand, manageability increases as there are a larger number of CAs in the hierarchy to manage. And, of course, salute g oes up.