1 / 16

W2K Migration Status Report

W2K Migration Status Report. W2k Migration Working Group February 21, 2001. W2K Migration Working Group. Objective- “Provide Windows users with a secure environment to easily share resources across the site and with other labs.”. W2K Migration Working Group.

metta
Download Presentation

W2K Migration Status Report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. W2K Migration Status Report W2k Migration Working Group February 21, 2001

  2. W2K Migration Working Group Objective- “Provide Windows users with a secure environment to easily share resources across the site and with other labs.”

  3. W2K Migration Working Group • Meetings- Every Wednesday from 1-3:30pm since October of 2000. • Training- Implementing Active Directory and Securing Windows 2000 Server. • Web Page- http://www-win2k.fnal.gov/

  4. Members (Major NT Domains) • BD – Brian Drendel • BSS – Roger Fahnestock, Tom Ackenhusen • OSS – Ken Fidler, Al Lilianstrom, Andy Romero, Jack Schmidt • D0 – Greg Cisko • Networking – Vyto Grigaliunas, David Tang • TD – John Konc Successful Migration to W2K requires communication and planning!

  5. Present Structure File Servers, Email and Web FNAL D0 TD ESE trust trust CDF,ESH,FESS,LS, PPD, VMS BSS BEAMS Controls Systems D0Level3 BDControls DMACS

  6. Proposed Structure (Not Complete) Root win.fnal.gov Child bss.win.fnal.gov Child bdcontrols.win.fnal.gov fermi.win.fnal.gov Child OU OU OU OU OU OU OU OU OU groups Admin computer print queue user

  7. Basic Concepts • Active Directory- Directory service for W2K. Hierarchical directory that stores information about objects ( Users, Groups, Files, Printers, Computers) on the network. • Objects- All objects have attributes that provide descriptive information about the object. A user’s Name is an attribute. • Domain- Boundary for an Active Directory. A group of computers that share a common directory database. Domains designate specific security policies and administration. • DC- Domain Controller. There are no PDC/BDCs. Domain controllers operate as equals and replicate information to each other. • OU- Organizational Units. Container objects designed for managing users,groups, computers and other resources in a domain. • Primary purpose is to allow delegation of administrative tasks. • Microsoft recommends using OUs to mirror a company’s organizational structure.

  8. Proposed Structure (Not Complete) Root win.fnal.gov Child bss.win.fnal.gov Child bdcontrols.win.fnal.gov fermi.win.fnal.gov Child OU OU OU OU OU OU OU OU OU groups Admin computer print queue user

  9. Domain Proposal Domain designs were discussed: • Concensus toward root domain with sub domains and OUs: • win.fnal.gov root domain (reviewed by committee) • fermi.win.fnal.gov – general domain for desktops • bss.win.fnal.gov – separate because of audit requirements • bdcontrols.win.fnal.gov – BEAMS control systems. Tighter security than general domain.

  10. Proposal Benefits • Root domain provides central place to manage accounts (need to verify) • Root domain provides site security policy • OUs provide stricter security policies • Child domains broken into OUs: • Top level divisions/sections/major experiments • Organizational OUs can be defined by OU administrator • OUs can be configured to be seen only by members. • Design provides easier access to site resources • Design provides tighter control of DDNS for Networking (machines must register in W2K domain)

  11. Domain Proposal Exceptions • D0-Online.fnal.gov • Controls system boxes. Need to be tightly controlled. • No real need for Active Directory or access from outside domains.

  12. Present Status • Test domain structure in place. • Defining tests • Strong Authentication Issues • Identify Applications • Defining Policies • Examine OU resource access • Design Note development

  13. Migration Issues • User Account Cleanup- • Possibility of duplicate accounts • Identify dis-usered accounts • Interface to CNAS for new accounts? • Hardware • Verify systems meet OS requirements • Remove inactive computer accounts • Software • Licensing (buying new os?) • W2K Certification

  14. Timeline • Feb 2001 • Examine 3rd party Tools • SA testing • Domain testing • Mar 2001 • Domain testing • SA testing • design note draft • Apr 2001 • Release design note to Divisions

  15. Timeline • June – Aug 2001 • Create pilot domain • Limited production tests • Sept 2001 • Begin Domain Migration • Nov 2001 • Review progress

  16. Concerns • How to handle standalone systems? • Visitors – provide access to printers • Lab – must have a user account in W2K domain to access resources. • Should standalone domains be allowed? • Strong Authentication

More Related