Sage Company has partnership with the large and leading company named Bottler Company. Both companies have some issues but they still want their business to be expanded. For solving their issues both of them need digital identity. They both have different strategy to handle authorization and resources. Bottler Company decided to solve their issue of management by ADFS (Active Directory Federated Services) for the relationship of both companies. On the base of this given scenario I will evaluate solution for the issues of identity management for both companies.
For both Companies Load balance mode is good with their DHCP Server they can easily configure IP address range between them. When Bottler Company will be updating still they can run it with DHCP Server. Two types of DHCP Failover relations are given below:
a) LOAD BALANCE (ACTIVE - ACTIVE CONFIGURATION)
In the operation of this mode client get response from both servers and distribution of request of clients are given below:
When receiving request of client it calculate MAC Address Hash as per specification of Hash algorithm [RFC3074]. Any MAC Address can be Hashed in server from [1 and 256] value. Between two servers if the ratio of load distribution is between [50:50] and for first server MAC Address Hash fall between [1 and 128] then client request should be responded by first server but if the value of Hash is between [129 and 256] then the client is responded by other server, which means that in one time a single server can response to client If admin change the ratio of Load Distribution to another value then the Hash bucket would distributed in other proportion. On Server Configuration of MAC Address is not compulsory (DHCP).
Fig1: Load balances Failover Mode.
b) HOT STANDBY (ACTIVE - PASSIVE CONFIGURATION)
In Contrast to Load balance mode where Hot Standby mode is different because in load balance mode has both active servers. But here we have active DHCP Server and another one is passive. For client only active server has lease IP Address and another one is on standby mode. Client request would be handling by second server and the server that is active would be down. Once first active server got ready then second server stop down to be a passive server. In its server it does not count MAC Address Hash because it has to respond to the requests of clients. In Load balance two servers are divided by pool of IP Address but here it has one server in pool but if it gets fail then IP Address should be taken by second server for responding request (standby).
Fig2: Hot standby Failover Mode.
BENIFITS FOR BOTTLER COMPANY
With this failover both of the companies have benefits of security and it handle both the servers with IP Address range and server request will be less because it will be divided among clients. In server the scope of DHCP will be replicated in outage time.
Bottler Company can also save the time and the cost with the certificates assigned by them. They can get easy certification by Admin with the help of certificate management.
It is a task of Administration in system that deals with the identity of the individuals and in systems it controls the recourse access but it is based on the established identity. It means that it defines to the tasks that admin can do or cannot do with their credentials within the network. It is also being used for workplace for its productivity and security. It also decreases the efforts of redundancies. Internet is also important for ID management. (Joshi, 2015).
Fig3: conceptual diagram (Arch).
It’s Purity: Identity of delegation and management.
Working or Access: Users have Authority for resources.
Facilities: Application authenticity.
Federation of Identity: Users have Authenticity of identity of federation.
ISSUES AND SOLUTIONS
Issue of OPT certification.
Management server should be configured as CA.
Server connectivity to direct Access.
Internet should be connected properly.
CAC(Computer account certificate)
Existing certification of computer should be valid.
Non configured server address direct access.
Use (get direct) address. (Patti, 2018)
Table1: Solutions for issues.
Its full form is (Active Directory Lightweight Directory Services). It is also known as LDAP (Lightweight Directory Access Protocol) which work for enabled applications that help to support it. It works same as ADDS but it do not deploy domain controller. On single PC we can run many instances with ADLDS schema.
Directory services should be provided by ADDS for operating server of Microsoft windows server and applications are directly enabled. ADDS store information about users, groups and network infrastructure. With entire forest ADDS adhere with a schema that is single (Microsoft).
Fig4: ADLDS Extranet instance.
To make different instances of ADLDS we can use its role with a single PC. In the context of execution separate service runs on particular PC. There are some features that make it easy to use is given below:
- There is brief guide that tells us how we can make instance of ADLDS.
- By using tools like command line we can remove instances of ADLDS.
- We can configure instances of ADLDS with its schema.
- Some command line tools of ADLDS that manage and synchronize instance.
- We can install it from IFM (Media Generation).
- ADLDS Audits can be changed.
- Tools of Data Mounting.
ADLDS Directory store and Server Role:
For any enterprise it is a full-fledge directory solution of LDAP. Some enterprises that are enabled directly can use it as a directory store. In local directory service it helps to store the data which is private and related to application. Application relevant data and the data that is stored and not replicated with associated application will store in ADLDS. We can configure data in different instances of ADLDS.
According to scenario ADLDS is profitable for both companies. In particular directory store they can store data and applications without making any other database. It also give authentication of extranet in a single it can be defined as a design where we can store applications and data in same place (Microsof).
It is known as a function in failover of cluster where application can be seen from both servers which are cluster members where if a server goes down then another start working in PC without any service interruption and in cluster Windows 2012 is the supporting feature without updating fixed computers or cluster nodes security enhances (Techtarget).
Fig 5: Failover Cluster Components (Slideshare).
Cluster guests share same hard disk.
Configuring active directory detached cluster.
It contains dashboard features.
In servers to split the node they use tie breakers.
Table2: Features (Shinder, 2014).
Active Directory Replication Concept
The Replication concept is concept in which Active Directory unable domain users to duplicate host from different sides and comes automatically on other server. It backup the data for the security reasons that is its main job. Domain keeps partition copy in replication. In both of the domains directory’s tree is partitioned (Billimath, 2017).
We can represent the source domain controller with a destination domain controller object of Active Directory through which we can connect it with a destination domain controller. It is a single site member and in a site it represent ADDS by a server object.
The built in process used in topology that generate replication for the forest of Active Directory is known as KCC. Topology that is created separately for replication occurs in a site. It helps to adjust the topology dynamically and remove the domain controller.
It is a segment of the networks of TCP/IP where we assign IP addresses. These groups of PCs find the network physical proximity. In ADDS network address is identified by subnet object which help PCs to sites.
In Active Directory TCP/IP subnets are represented by objects with more fast connections of networks. It helps administration to configure the access of Active Directory. It is associated with subnets sets. With IP address forest associate with a domain controller in the site of Active Directory. Domain controller can host one or more sites.
There are some objects in Active Directory that shows path logically which is used by KCC to connect replication of Active Directory. From set of sites an object of site link communicate with intersite transport uniformly. In a site link there are many sites and they are connected with type of same network.
Fig 5: Deployment model (model).
Applications and services are being made by an element called Active directory federation services. User need to sign in to use services. For the implementation of the identity of federation authorization is based on claim for security. Its identity is flexible that any user from organisation just needs to sign in. Organisation has authority that they can control the accounts of their employee but user experience is too simple that employee needs to remember the credential so that they can use the application with SSO (Shyamsunder).
1. URL navigator is must for ADFS services.
2. User get authenticate by ADFS service.
3. ADFS service after authenticating the user provides service.
4. Target application get claim when browser send information.
5. Then Trust Federation Service takes decision on it.
Online world is connecting by the authentication of AD with needs of ADFS. For modern authentication here are some limitations for IWA and AD. User cannot get access to AD applications. In modern workplace this is a big challenge.
It has some drawbacks as well that won’t make it good for solutions regarding authentication like: repair cost and risks of security. On windows server ADFS has some features that are free that need a licence for window server. After releasing windows server it is seen that the cost is increased.
CONFIGURATION AND INSTALLATION
Steps for installation and configuration are given below:
1. First on server we have to install DHCP and DNS where ADFS is installed.
2. Assign IP Addresses on federation services server will be on domain where network would be connected.
3. Add roles and features from dashboard then in server pool click Active Directory Service role.
4. Both companies Sage and Bottler should have authority of certification that would be valid.
5. In bottler and Sage Company SSL certificate is necessary to configure ADFS.
6. After installing the role it will be configured then for both companies it need certificates by using the admin account with ADFS.
7. In a server it goes to the tools after configuration then the trust becomes party trust.
8. Domain is provided by the Bottler Company for the configuration of trust for Sage Company metadata is created by trust for Companies (Niar).
Figure5. Federated Trust (Nuno).
In this figure we can clearly see both companies have federation trust through federation services. Second company have to access services after following some steps to provide it to the users. User has to provide the password and username of the second company that can access through the server for federation services. While configuration of the company it created SSL Certificate backend of the services. It approves the request from server user. Both of the companies trust on each other so they can share resources.
Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.View our services
According to the scenario requirements both companies would share services with managing time. DHCP helps to provide security to both companies and users identity. Last one is for the service high availability for their business expansion and good to gain technology profit. New technology can be introduced to them by ADLDS that would be too easy and secure to sign in and access to the resources.
- Arch. (n.d.). Arch. Retrieved from arch.idmanagement.gov: https://arch.idmanagement.gov/conceptual/
- Billimath. (2017, May 31). Active directory replication. Retrieved from Microsoft.com: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/replication/active-directory-replication-concepts
- DHCP, t. (n.d.). microsoft. Retrieved from microsoft.com: https://blogs.technet.microsoft.com/teamdhcp/2012/08/06/dhcp-failover-load-balance-mode/
- Feshchenko, V. (2018, February 1). The main features of 2016 failover cluster. Retrieved from Starwindsoftware: https://www.starwindsoftware.com/blog/the-main-features-of-2016-failover-cluster#more-7255
- Joshi, r. (2015, june 8). what is identity management. Retrieved from logonbox.com: https://www.logonbox.com/en/journal/what-is-identity-management/?gclid=Cj0KCQjw0dHdBRDEARIsAHjZYYAnRacVtbidrYIOY8ISUU-PLyCcZDg-FW3IS-sRs4qqlt90hpifThwaAvM-EALw_wcB
- Lchellel, L. (2017, March 5). concepual view of federated identity . Retrieved from arch.idmanagement.gov: https://github.com/GSA/ficam-arch/blob/staging/pages/ficam_conceptual.md
- mclllece, j. (2018, march 24). troubleshooting authenciation issues. Retrieved from microsoft.com: https://docs.microsoft.com/EN-US/WINDOWS-SERVER/REMOTE/REMOTE-ACCESS/RAS/OTP/TROUBLESHOOT/TROUBLESHOOTING-AUTHENTICATION-ISSUES
- Microsof. (n.d.). Microsof. Retrieved from docs.microsoft.com/: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754361(v=ws.10)
- Microsoft. (n.d.). Microsoft. Retrieved from docs.microsoft.com: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754361(v=ws.10)
- model, D. (n.d.). Deployment model. Retrieved from docs.microsoft.com: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/how-to-connect-fed-azure-adfs
- Niar, P. (n.d.). Active directory federation services insatallation. Retrieved from microsoft.com: https://social.technet.microsoft.com/wiki/contents/articles/9082.office-365-and-adfs-active-directory-federation-service-installation.aspx
- Nicols, K. (2012, june 11). active directory lightweight directory services overview. Retrieved from microsoft.com: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754361(v=ws.10)
- Nuno. (n.d.). Nuno. Retrieved from www.nuno-silva.net/: https://www.nuno-silva.net/blog/post/5111/%E2%80%8Badfs-active-directory-federation-service-step-by-step-for-office-365
- Patti, S. (2018, march 24). Troubleshooting authenctication issues. Retrieved from microsoft.com: https://docs.microsoft.com/EN-US/WINDOWS-SERVER/REMOTE/REMOTE-ACCESS/RAS/OTP/TROUBLESHOOT/TROUBLESHOOTING-AUTHENTICATION-ISSUES
- Posey, B. (2007, January 07). Failover cluster. Retrieved from perti.com: https://www.petri.com/lightweight-directory-services-setup
- Rouse, M. (2012, june). Failover cluster. Retrieved from techtarget.com: https://searchwindowsserver.techtarget.com/definition/failover-cluster
- Shinder, D. (2014, March 27). Failover clustering in windows 2012 R2. Retrieved from Techgenix.com: http://techgenix.com/failover-clustering-windows-server-2012-r2-part1/
- Shyamsunder, T. (n.d.). what is ADFS. Retrieved from okta.com: https://www.okta.com/blog/2018/06/what-is-adfs/
- Shyamsunder, T. (2018, June 21). what is ADFS. Retrieved from okta.com: https://www.okta.com/blog/2018/06/what-is-adfs/
- Slideshare. (n.d.). Slideshare. Retrieved from www.slideshare.net: https://www.slideshare.net/chinmayjena/failover-cluster-67363002
- standby, H. (n.d.). microsoft. Retrieved from microsoft.com: https://blogs.technet.microsoft.com/teamdhcp/2012/09/03/dhcp-failover-hot-standby-mode/
- Teamdhcp. (2011, september 3). DHCP failover mode. Retrieved from Microsoft.com: https://blogs.technet.microsoft.com/teamdhcp/2012/09/03/dhcp-failover-hot-standby-mode/
- Teamdhcp1. (2012, september 3). DHCP failover. Retrieved from microsoft.com: https://blogs.technet.microsoft.com/teamdhcp/2012/09/03/dhcp-failover-hot-standby-mode/
- Techtarget. (n.d.). Techtarget. Retrieved from techtarget.com: https://searchwindowsserver.techtarget.com/definition/failover-cluster
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this assignment and no longer wish to have your work published on UKEssays.com then please: