1 / 23

UFL-HSC-ITC Microsoft Active Directory Financial Applications

Agenda. Microsoft Active DirectoryAD ConceptsNDS

maren
Download Presentation

UFL-HSC-ITC Microsoft Active Directory Financial Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. UFL-HSC-ITC Microsoft Active Directory Financial Applications Jaime Ilundáin August 12, 2003

    2. Agenda Microsoft Active Directory AD Concepts NDS & AD Passwords Financial Applications Hyperion Solomon IV

    3. MS AD: Concepts Organize and manage network resources Key features Structured Data Store Integrated Security Policy-based administration Active Directory overview Active Directory is the directory service for Windows 2000 Server. It stores information about objects on the network and makes this information easy for administrators and users to find and use. Active Directory directory service uses a structured data store as the basis for a logical, hierarchical organization of directory information. Security is integrated with Active Directory through logon authentication and access control to objects in the directory. With a single network logon, administrators can manage directory data and organization throughout their network, and authorized network users can access resources anywhere on the network. Policy-based administration eases the management of even the most complex network. Security is integrated with Active Directory through logon authentication and access control to objects in the directory. With a single network logon, administrators can manage directory data and organization throughout their network, and authorized network users can access resources anywhere on the network. Policy-based administration eases the management of even the most complex network. Security is fully integrated with Active Directory. Access control can be defined not only on each object in the directory but also on each property of each object. For more information, see Security. Active Directory provides both the store and the scope of application for security policies. A security policy can include account information, such as domain-wide password restrictions or rights to particular domain resources. Security policies are implemented through Group Policy settings. For more information, see Group Policy. Policy-based administration Active Directory directory service includes both a data store and a logical, hierarchical structure. As a logical structure, it provides a hierarchy of contexts for the application of policy. As a directory, it stores the policies (called Group Policy objects) that are assigned to a particular context. A Group Policy object expresses a set of business rules containing settings that, for the context to which it is applied, can determine: Access to directory objects and domain resources What domain resources (such as applications) are available to users How these domain resources are configured for use For example, a Group Policy object can determine what applications users see on their computer when they log on, how many users can connect to Microsoft SQL Server when it starts on a server, and what documents or services users can access when they move to different departments or groups. Group Policy objects enable you to manage a small number of policies rather than a large number of users and computers. Active Directory enables you to apply Group Policy settings to the appropriate contexts, whether this is your entire organization or specific units of your organization. For more information about policies, see Group Policy. For more information about the Active Directory contexts to which Group Policy settings can be applied, see Understanding Group Policy. Active Directory overview Active Directory is the directory service for Windows 2000 Server. It stores information about objects on the network and makes this information easy for administrators and users to find and use. Active Directory directory service uses a structured data store as the basis for a logical, hierarchical organization of directory information. Security is integrated with Active Directory through logon authentication and access control to objects in the directory. With a single network logon, administrators can manage directory data and organization throughout their network, and authorized network users can access resources anywhere on the network. Policy-based administration eases the management of even the most complex network. Security is integrated with Active Directory through logon authentication and access control to objects in the directory. With a single network logon, administrators can manage directory data and organization throughout their network, and authorized network users can access resources anywhere on the network. Policy-based administration eases the management of even the most complex network. Security is fully integrated with Active Directory. Access control can be defined not only on each object in the directory but also on each property of each object. For more information, see Security. Active Directory provides both the store and the scope of application for security policies. A security policy can include account information, such as domain-wide password restrictions or rights to particular domain resources. Security policies are implemented through Group Policy settings. For more information, see Group Policy. Policy-based administration Active Directory directory service includes both a data store and a logical, hierarchical structure. As a logical structure, it provides a hierarchy of contexts for the application of policy. As a directory, it stores the policies (called Group Policy objects) that are assigned to a particular context. A Group Policy object expresses a set of business rules containing settings that, for the context to which it is applied, can determine: Access to directory objects and domain resources What domain resources (such as applications) are available to users How these domain resources are configured for use For example, a Group Policy object can determine what applications users see on their computer when they log on, how many users can connect to Microsoft SQL Server when it starts on a server, and what documents or services users can access when they move to different departments or groups. Group Policy objects enable you to manage a small number of policies rather than a large number of users and computers. Active Directory enables you to apply Group Policy settings to the appropriate contexts, whether this is your entire organization or specific units of your organization. For more information about policies, see Group Policy. For more information about the Active Directory contexts to which Group Policy settings can be applied, see Understanding Group Policy.

    4. AD Components Logical Forests Trees Domains OUs Trust Relationships Physical Sites Subnets

    5. AD Logical Components Domains: A group of computers that share a common directory database. Domain Trees: One or more domains that share a contiguous namespace. Domain Forests: One or more domain trees that share common directory information. Organization Units: A subgroup of domains that often mirrors the business or functional structure of the company. Trust Relationships Logical structures help you organize directory objects and manage network accounts and shared resourcesLogical structures help you organize directory objects and manage network accounts and shared resources

    6. AD: Domains Group of computers that share a common directory database. Each domain has its own security policies and trust relationships with other domains. Domains can span more than one physical location

    7. AD: Trees One or more domains sharing a contiguous DNS name.

    8. AD: Forests One or more domains (trees) sharing the same directory data: Global Directory Domain names within a forest can be: Contiguous: In the same domain tree Discontiguous: DNS names form separate domain trees within the forest

    9. AD: OUs Logical containers into which you can place accounts, shared resources, and other OUs Often mirror an organization's functional or business structure Allows delegation of Control of resources (ie. users and computers) For example, you could create organizational units named HumanResources, IT, Engineering, and Marketing for the microsoft.com domain. You could later expand this scheme to include child units. Child organizational units for Marketing could include OnlineSales, ChannelSales, and PrintSales. For example, you could create organizational units named HumanResources, IT, Engineering, and Marketing for the microsoft.com domain. You could later expand this scheme to include child units. Child organizational units for Marketing could include OnlineSales, ChannelSales, and PrintSales.

    10. AD Physical Components Sites: One or more subnets; they're used to configure directory access and replication Subnets: A network group with a specific IP address range and network mask. Sites and subnets, on the other hand, are physical structures that help you map the physical network structure. Physical structures serve to facilitate network communication and to set physical boundaries around network resources. Sites and subnets, on the other hand, are physical structures that help you map the physical network structure. Physical structures serve to facilitate network communication and to set physical boundaries around network resources.

    11. AD Sites Sites consist of subnets and computers that are be well connected (1+ IP subnets) You can create multiple sites within a single domain or create a single site that serves multiple domains. Sites map the physical structure of your network (independent from logical domain structures) There is no connection between the IP address ranges used by a site and the domain namespace Sites are important to improve efficiency in service requests and replication Sites: 1329 - Communicore Sites: 1329 - Communicore

    12. AD Subnets You can think of a subnet as a group of network addresses. Unlike sites, which can have multiple IP address ranges, subnets have a specific IP address range and network mask. Subnet names are shown in the form network/bits-masks, such as 192.168.19.9/32.

    13. Sites vs. Domains Sites map the physical structure of the network Domains map the logical structure of the organization There is no necessary correlation between your network's physical structure and its domain structure: Can have multiple sites within a single domain or a single site that serves multiple domains Active Directory allows multiple domains in a single site, as well as multiple sites in a single domainActive Directory allows multiple domains in a single site, as well as multiple sites in a single domain

    14. health.ufl.edu.

    15. health.ufl.edu

    16. ufl.edu

    17. AD Passwords All Users Located in Health-AD Login Name Formats: health-ad\username username@health.ufl.edu Change Instructions http://www.health.ufl.edu/itcenter/projects/solomon/ITCPasswordFS.shtml ITC TCP/IP Settings http://www.health.ufl.edu/itcenter/projects/ITCNetSet.shtml

    18. Financial Applications Hyperion Hyperion Enterprise Enterprise 6.1 Reporting 3.8 Spiderman Hyperion Planning Planning Analyzer Reports Solomon IV & FRx

    19. Hyperion Enterprise Entreprise 6.1 Application Installed on CRONUS M: drive mapped to \\cronus\hypxa http://www.health.ufl.edu/itcenter/sa/internal/Applications/Hyperion/HYPEN6.htm Reporting 3.8 http://www.health.ufl.edu/itcenter/sa/internal/Applications/Hyperion/HYPEN6.htm

    20. Spiderman http://spiderman.health.ufl.edu Initial Authentication: MS AD 2nd Authentication: Hyperion Enterprise User Login Instructions http://www.health.ufl.edu/itcenter/projects/hyp/spider/ITCSpiderLoginGuide.shtml

    21. Hyperion Planning Hyperion Planning http://epaphus.itc.health.ufl.edu:8300/HyperionPlanning/ Hyperion Analyzer http://hephaestus.itc.health.ufl.edu/Analyzer6_Server/index.html Instructions:http://www.med.ufl.edu/finance/HYPPlanning/HYPA_JRE13.htm Hyperion Reports http://epaphus itc.health.ufl.edu: 8200/HReports/Logon_Main.jsp

    22. Solomon IV Application on CRONUS Database on GALEN K: drive mapped to \\cronus\solomon http://www.health.ufl.edu/itcenter/projects/solomon/Solomon%20V%20Client%20installation.pdf FRx http://www.health.ufl.edu/itcenter/projects/solomon/FRX65Install.txt

    23. the end

More Related