Active Directory
Consolidation
Close Out Meeting
Dave Chomas
Senior Consultant
[email protected]
Agenda









Scope of the engagement? (Reminder)
Objectives of the engagement? (Reminder)
Operations review findings
Systems management tools assessment findings
Server infrastructure assessment findings
Potential consolidated environment architectures
Risk Analysis
Next steps
Q&A
Scope

In Scope


High Level Current environment Assessment

Existing Server and network infrastructure

Existing IT operations review

Existing systems management tools assessment

Evaluate consolidation opportunities and scenarios

Planning and first pass design activities
Out of Scope

Detailed design

Training
Scope

What this is


Impartial high-level review of UW-M’s AD
implementations
What this isn’t

A ‘bash’ session of any group
UW-M Business Objectives







Reduce the total amount of redundant administration by
granting UW-M’s Core Services IT organization the ability
to view and manage all global IT resources.
Allow UW-M to standardize the process of merging and
migrating business IT resources.
Allow UW-M to consolidate the number of common
directory services technologies providing similar IT
services into a common or centralized platform to
maximize common services and tasks providing for a
more efficient operation for the university as a whole.
Improve business continuity by providing a global,
common and secure repository of trusted identification.
Reduce costs by consolidating resources such as network
services and server hardware
Identify the risks
Determine next steps
Project Team
Customer
 Executive sponsor - Paul Trebian
 Project manager - Atis Purins
 Technology architects - AD Core Services
Team
MS Account Team
Steve Moran – Engagement Manager
Mary Paulson – Account Manager
Delivery Consultant
Dave Chomas
Server Assessment
Basic Server Environments

~14 Active Directory implementations on campus

6 email systems in addition to PantherMail

File & Print servers in each school/department
18
16
14
12
10
8
6
4
2
0
DC
F&P
Mail
Management
Application
AD Core Services
Operations review findings
Strengths of decentralized environments




More responsive staff
Better customer service
IT staff has complete control over environment
Prioritization of projects, service calls, etc.
Improvement Opportunities







More education needed
Insecure data centers
Environments running on desktops
Duplication of effort
Loss of objectivity
Loss of budgetary control
Inconsistent service levels
Operations review findings
Strengths of centralized environments





Easy automation of common tasks
Simpler environment to troubleshoot
Strong(er) budgetary controls
Economies of scale for commodity services
University-wide perspective
Improvement Opportunities



Lack of communication with customers
Perceived as un-responsive, reactionary instead of proactive
Perceived as slow to implement new technologies
Operations review findings
Best Practice environments




Centralized in terms of organization

Retains objectivity when your customer isn’t your boss
Decentralized in terms of location

Maximizes communications

Maximizes customer interaction
Not every position should be centralized

Strategy & vision needs ‘big picture’ view

Training

Budgetary control
Share & Partner!

No more Central IT – Campus IT
Operations review findings
Best Practice environments

Need better documentation

Stop reinventing the wheel – look at other educational
institutions’ websites for inspiration
 Stanford
http://windows.stanford.edu/index.shtml
 Yale
http://wss.yale.edu/win2k/
 University of Colorado-Boulder
http://www.colorado.edu/its/windows2000/
 Massachusetts Institute of Technology
http://web.mit.edu/pismere/
System Management Tools Assessment
Service Monitoring


Most groups are manually monitoring their systems
Consolidation would allow centralized monitoring, giving better
uptime and SLAs
Software Distribution and Patch Management


Most groups are managing their own software management & patch
management systems
Consolidation would allow centralized patch management
Options going forward
Cease Consolidation Plans
Pros
Cons
Path of least resistance
Duplicate Services
Each group maintains control
Duplicate Effort
Disjointed services for the campus
Options going forward
Consolidate using existing AD.UWM.EDU
Pros
Cons
Path of least resistance
Political effort involved
Maintains existing SLAs
A lot of rework to make it palatable to campus
All benefits of consolidation
Options going forward
Consolidate using new AD implementation
Pros
Cons
Designed from ground up for campus
Technical effort involved
All benefits of consolidation
A lot of rework of existing directories
Options going forward
AD Core Services Team



Becomes technical architects of common Active Directory
implementation
Upon completion of common AD, morphs into the Change Control
Board (CCB)

This can help make central IT authority more palatable

Architectural changes must be brought before CCB prior to
implementation

Central IT authority responsible for day-to-day operations
All core services teams (File, E-Mail, etc.) work together on
cross-over issues
Options going forward
Strategy & Vision Group formed



Creates business requirements for common AD
Provides campus leadership for ALL IT
Made up of non-technical leaders

Leave technical product decisions to core services teams
Risk Analysis
Risk
Result
AD.UWM.EDU fails from lack of use by wider community
While some groups will migrate to AD.UWM.EDU anyway,
larger and more complex groups will maintain their
own structures – ultimately dooming the centralized
offering
Opportunity cost of what can’t be offered
Certain enterprise applications and offerings are only
economically viable if a certain scale can be
achieved. What’s the cost of continuing to offer “just
authentication services” via Active Directory?
Inconsistent SLAs offered by the individual school IT
groups
Too much “it’s the other’s guy’s problem” attitude on campus.
Little to no realization that it is one campus where
one mismanaged group can impact the entire
campus
Inconsistent patching offered by the individual school IT
groups
Security risk if not all campus machines are consistently
patched and maintained
Lack of training in products
It is only a matter of time before an administrator makes a
mistake due to a lack of training. These mistakes
can be managed when an environment is small, but
once the entire University is onboard, it can spiral out
of control
Next Steps

Open discussion:

Consolidation opportunities?

Potential architectures?

Technologies can be utilized?
Next Steps

Recommendations:

“Loose Confederation” AD

Easiest to achieve with new AD, but existing can
be saved

Campus needs to partner with each other

Campus IT – not Central IT

Training across the board
Logical Design

An example of a “loose confederation” Active Directory
root.uwm.edu
schoolD.uwm.edu
School A
schoolC.root.uwm.edu
Department 1
Department A
Group 1
Department A
Department 2
School B
Group 2
Department B
Department B
Q&A
Thanks
© 2004 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. MICROSOFT
MAKES NO WARRANTIES, EXPRESS
OR IMPLIED, IN THIS SUMMARY.