Студопедия

Главная страница Случайная страница

КАТЕГОРИИ:

АвтомобилиАстрономияБиологияГеографияДом и садДругие языкиДругоеИнформатикаИсторияКультураЛитератураЛогикаМатематикаМедицинаМеталлургияМеханикаОбразованиеОхрана трудаПедагогикаПолитикаПравоПсихологияРелигияРиторикаСоциологияСпортСтроительствоТехнологияТуризмФизикаФилософияФинансыХимияЧерчениеЭкологияЭкономикаЭлектроника






Choosing the proper deployment scenario in the perimeter network






 

This section provides information to help you choose the correct AD DS deployment model for your perimeter network. The following table is a decision matrix that summarizes the advantages and disadvantages of all the domain models to help you determine which model is best for your environment.

 

Consideration No AD DS Isolated forest perimeter network Extended corporate forest in the perimeter network Forest trust in the perimeter network
What are my identity management requirements? There is no need for large-scale identity management. Identities in the perimeter have meaning only in the perimeter network, or another identity discovery solution. The environment requires shared identities for the corporate network and the perimeter network to provide access to resources in the perimeter network. The environment requires shared identities for the corporate network and the perimeter network to provide access to resources in the perimeter network.
         
What are my centralized management needs?     No centralized management solution is needed because of the small number of computers. The centralized management benefits of AD DS are needed in the perimeter network. The greater the number of computers in the environment, the more benefit AD DS provides for actions such as defining Group Policy. However, models with separate corporate and perimeter networks result in administration of two or more separate Active Directory environments. The centralized management benefits of Active Directory are needed in the perimeter network. The greater the number of computers in the environment, the more benefit AD DS provides for actions such as defining Group Policy. The centralized management benefits of AD DS are needed in the perimeter network. The greater the number of computers in the environment, the more benefit AD DS provides for actions such as defining Group Policy. However, models with separate corporate and perimeter networks result in administration of two or more separate Active Directory environments.
What are my SSO requirements? No SSO is required. Identity discovery is not needed or resides in a single computer in this model. SSO between the corporate network and the perimeter network is not desired. However, SSO is desired in perimeter network. Windows Integrated Authentication based on security protocol features such as Kerberos delegation can provide SSO functionality. SSO can also maintain the levels of authentication and authorization. SSO between the corporate network and the perimeter network is desired. Windows Integrated Authentication based on security protocol features such as Kerberos delegation can provide SSO functionality. SSO can also maintain the levels of authentication and authorization. SSO between the corporate network and the perimeter network is desired. Windows Integrated Authentication based on security protocol features such as Kerberos delegation can provide SSO functionality. SSO can also maintain the levels of authentication and authorization.
What type of access to and exposure control of personally identifiable information (PII) and high business impact (HBI) information do I want in my perimeter solution? The corporate environment cannot afford any exposure of intranet data to perimeter network. The corporate environment cannot afford any exposure of intranet data to perimeter network. No PII or HBI is held by the corporate AD DS, or an appropriate Password Replication Policy (PRP) and filtered attribute set (FAS) to control the attributes that are replicated to the RODCs can help avoid exposure of the information. For more information about the FAS, see RODC Filtered Attribute Set, Credential Caching, and the Authentication Process with an RODC (https://go.microsoft.com/fwlink/? LinkId=133355). The corporate environment cannot afford any exposure of intranet data to the perimeter network.
Do my perimeter applications store information in AD DS, and what are their compatibility requirements? Perimeter applications do not store information in AD DS. Perimeter applications store information in AD DS. Applications can write information to the directory or have compatibility issues that prevent the use of new RODC technology in the extended corporate forest model. Perimeter applications store information in AD DS. Applications do not write information to the directory, without the need of opening extra ports in the firewall, and new RODC technology can be used. Perimeter applications store information in AD DS. Applications can write information to the directory or have compatibility issues that prevent the use of new RODC technology in the extended corporate forest model.

 


Поделиться с друзьями:

mylektsii.su - Мои Лекции - 2015-2024 год. (0.007 сек.)Все материалы представленные на сайте исключительно с целью ознакомления читателями и не преследуют коммерческих целей или нарушение авторских прав Пожаловаться на материал