28th September 2011
MADDOX Project
Nigel Brown / Adrian Parks
OUCS
1
Breakout Session 1: How do you use AD?
Authentication and authorisation?
Domain-based workstations and services?
Third-party applications?
Network appliances?
Does it use a cross-realm trust?
Does it have schema extensions?
How are accounts provisioned?
Any other usage?
Background
1999:
• Initial AD design work
2000-2007:
•Increased use of AD
•Direct cross-realm trust
2008 :
•Initial work on Nexus
1999 Initial AD design work
2000-2007 Increased use of AD
Direct cross realm trust
2008 Initial work on Nexus AD
2011 Project MADDOX
Background
In 2008, we considered offering the Nexus AD for wider use
Four scenarios considered
https://talkshop.itss.ox.ac.uk/talkshop/viewtopic.php?t=69
Scenarios 1 & 2: Central AD Forest
Project MADDOX
• To offer an enhanced level of support for integration of Microsoft Active Directory based domains with central identity and access management services
Project MADDOX
- Investigate/examine feasible scenarios
- Test the scenarios
- Pick the most sensible scenario
- Implement it
Project MADDOX Scenarios
• Native AD trust
• Indirect cross-realm trust
• Direct cross-realm trust
Scenario A: Native AD trust
Scenario B: Indirect cross-realm trust
Scenario C: Direct cross-realm trust
What we tested
• Domain authentication (and Group Policy)
• File & Print access
• IIS authentication (from browser)
• SharePoint
• SQL Server
…but only from Windows clients
Results & Conclusions
* Microsoft support call raised.
NOTE: For all tests the workstation must be a member of the local AD.
Native AD Indirect Trust* Direct Trust
Domain Authentication
File and Print Access
IIS Authentication
Sharepoint
SQL Server
Breakout Session 2:How does a central AD help you?
• Processes/Procedures?
• Applications?
• Appliances?
…what else?
Every Service has Benefits and Costs
• How do you place a value on a service?
• Would the service save you time?
• Would the service save you money?
• Could it be chargeable?
• What is its worth?
Breakout Session 3:Costs and Benefits
Value Cost
Next Steps
• Incorporate Feedback
• Assess the Options
• Consider cost-effectiveness
• Pick a solution
• Implement the selected solution
19