Riordan Manufacturing Active Directory
POS 421
Riordan Manufacturing Active Directory
Riordan Manufacturing or “RM” is a company that operates throughout the world and has offices all throughout the North American continent as well as China. With such a broad base of operation, RM requires a means to make communication and operations streamline while still allowing individual plants the ability to tap into resources necessary to complete their job. Looking back at past operations, RM has run into many problems that limited their ability to communicate effectively between individual plants. By implementing a Microsoft Windows Server Active Directory, many of the problems that have been evident will no longer exist. Many of the mundane and cumbersome operations that often cause issues can be eliminated by changing these functions into less complex tasks as noted in an article about Active Directory, “A directory service presents the opportunity to consolidate the number of repositories in use and realize a number of benefits in doing so: reduced administrative overheads, enhanced operational efficiency and tighter control over the security of user information,” (Mohamed. 2005)
RM’s corporate headquarters located in San Jose California will be the focal point of consolidation efforts. The departments and facilities will fall under the headquarters plant. In essence our goal is to create a tree utilizing various grouping to help streamline the flow of information between plants and departments in order to expedite processes and speed up the sharing of information. The tree root being RM’s headquarters will then branch out into sub groups or Organizational Units, “OU”. Organizational Units allow groups to be broken into a logical hierarchal structure that allows administrators to delegate control using permissions.
The Management, Sales and Marketing, Finance and Accounting, Human Resources, Operations, Information Technology, and Legal Departments will each be contained within a specific group of branch that will be assigned the permissions needed to complete each individual’s tasks. Management and upper management will have fewer restrictions on the permissions given in order to control access to information. Another valuable tool that the administrator of the Active Directory will have is the ability to assign passwords and user names which will not only help to prevent outside access but will also work to identify where unwanted access may be occurring. Passwords can be programed to be updated periodically in order to further ensure the systems security and prevent unwanted access.
Another valuable tool that Active Directory has is called nesting. What nesting does is to allow grouping of separate OU’s and assigns them permissions to Objects within a facility. These accesses will be controlled by the Chief Information and Technology Administrator otherwise known as the Domain Administrator and or the Facilities Information and Technology Administrator depending on the needs of the company.
At each location there are Objects also referred to as resources which occur in the form of users, and services. All of the hardware devices such as computers, scanners, fax machines, and copiers will be supported by the Active Directory and access to these sources will be assigned within each group to these objects using permissions created by the Administrator.
Riordan Manufacturing’s Active Directory structure will be comprised as a Tree, Domains, Organizational Units, and Groups. The forest root will be housed at the San Jose facility headquarters. This is where the Domain Controllers and Domains come into play. A Domain acts as a security boundary with the Domain Administrator being the individual that assigns permissions to other Domains, OU’s, and Objects within the network. Domain Controllers are used to replicate information and perform master operations within that Domain. RM’s forest will consist of one tree with multiple domains in each tree which will represent San Jose as the Domain Administrator, and China along with the remaining North American plants having their own Domain. Active Directory has three basic network services that will improve and streamline operations. These services are Authentication, Directory, and Domain.
Authentication Services
Authentication services consist of user names and passwords which will be used to verify users who want to access data within the network. These will be assigned by the Domain Administrator or the IT Department in charge of each Domain. This will also work to keep unauthorized individuals from outside the network from accessing information keeping data secure. Kerberos a network authentication protocol will be the primary means of authentication used in this system and expedite user login to the network. Kerberos works by using strong cryptography which allows users can prove their identity to a server. This is additional software not contained in Active Directory but is freely available from MIT, under copyright permission.
Directory Services
Directory Services will work to identify resources within the network and will also enable the network to be accessed by applications and multiple users. Some Examples of these resources include e-mail, computers, printers, and hubs, servers, and objects within the network that individuals will use to do their job.
Domain naming
Domain Name System or “DNS” allows the Administrator to content, accessibility, and the ability to modify content through Active Directory. This is accomplished through the use of server(s) which allow individuals to access a website. DNS servers communicate with each other by using network protocols. DNS Servers are organized within a hierarchy with the root server containing the complete database of Internet Domain Names and IP addresses. This will give the Administrator control of this network and help to make managing the network much simpler. This will also help to keep RM’s network secure from outside attack using authentication and work to maintain the vital data that is used by RM’s clients and vendors.
Scope
Scope details the groups within the network. Within Riordan Manufacturing the groups will be broken up into CEO/ Upper Management, Management, and individual departments. Each will require separate access and scope will allow for this access. Global group represents a group or individuals who have access to resources within any domain within that tree. Domain Local Group represents individuals or group being able to access information or resources within that local domain. The last class of scope is the Universal Group which will have access to all resources and also have the ability to add and remove users within the entire tree. Administrators will utilize the Universal Group, management will utilize the Global Group, and individual facilities will incorporate the Local Group. This will also help to control the flow of information and resources within Riordan Manufacturing’s network.
Conclusion
Riordan Manufacturing will benefit not only in operation unification but also in the ability to maintain data within their network. Implementing an Active Directory will allow the networks Administrator to assign and implement policies, organize and protect data, deploy software and critical updates from a centralized location, and work to improve communications as well as operations within and throughout the company. One other key to this puzzle is that Riordan needs to centralize operations and by making their central database facility in San Jose, California will help to alleviate the stress, time, and cost of trying to shift data between the various offices that make up Riordan Manufacturing. The benefits of implementing an Active Directory will only grow as the need for improving data management grows. The benefits of consolidating the Riordan Manufacturing’s data will also help to improve operations as well as reduce the costs involved with how communications are currently handled within Riordan Manufacturing.
References
Mohamed, A. (2005). Understand directory services to maintain control of network information and users. Computer Weekly, 30. Retrieved from EBSCOhost.