Consider the business model Essay Example for Free

Consider the business model EssayThe easiest way to start a be after is to consider the business model that you sat down with when starting these designs. You now need to recreate that complex body part in Active Directory using organizational units as the building blocks. Create a complete organizational Unit structure that exactly mirrors your business model as represented by that domain. In separate run-in, if the domain you are designing is the finance domain, implement the finance organizational structure within the Finance domain. You dont create the entire organizations business model within each Organizational Unit you create hardly the part of the model that would actually apply to that Organizational Unit. Draw this structure out on a piece of paper. Figure 8-3 shows the Organizational Unit structure of mycorp.coms domain. Weve expanded only the Finance Organizational Unit here for the example. Figure 8-3. The Mycorp domains internal Organizational Unit structu reOnce you have drawn an Organizational Unit structure as a template for your Active Directory power structure within the domain, you can take up to tailor it to your specific requirements. The easiest way to tailor the initial Organizational Unit design is to consider the hierarchy that you wish to create for your delegation of administration.Two Tier HierarchiesA two tier hierarchy is a design that meets most companys needs. In some ways it is a compromise in the midst of the one and Three Tier hierarchies. In this design there is a cornerstone CA that is offline, and a subordinate subject CA that is online. The level of earnest is change magnitude because the Root CA and Issuing CA roles are separated. But more importantly the Root CA is offline, and so the private key of the Root CA is better protected from compromise. It also increases scalability and flexibility. This is due to the fact that there can be sixfold Issuing CAs that are subordinate to the Root CA. This allo ws you to have CAs in different geographical location, as well as with different security levels. Manageability is slightly increased since theRoot CA has to be brought online to sign CRLs. Cost is increased marginally.Marginally speaking, because all you need is a hard arrive and Windows OS license to implement an Offline Root. Install the hard drive, install your OS, build your PKI hierarchy, and because remove the hard drive and store it in a safe. The hard drive can be attached to existing hardware when CRLs need to be re-signed. A virtual machine could be employ as the Root CA, although you would still want to store it on a separate hard drive that can be stored in a safe. Three Tier HierarchiesSpecifically the difference between a Two Tier Hierarchy is that second tier is placed between the Root CA and the issuing CA. The placement of this CA can be for a couple different modestnesss. The first reason would be to use the second tier CA as a constitution CA. In another(pr enominal) words the Policy CA is configured to issue certificates to the Issuing CA that is restricted in what type of certificates it issues. The Policy CA can also just be used as an administrative boundary. In other words, you only issue certain certificates from subordinates of the Policy CA, and perform a certain level of verification forward issuing certificates, but the policy is only enforced from an administrative not technical perspective.The other reason to have the second tier added is so that if you need to revoke a number of CAs due to a key compromise, you can perform it at the Second Tier level, leaving other branches from the root available. It should be noted that Second Tier CAs in this hierarchy can, like the Root, be kept offline. Following the paradigm, security increases with the addition of a Tier, and flexibility and scalability increase due to the increased design options. On the other hand, manageableness increases as there are a larger number of CAs in the hierarchy to manage. And, of course, cost goes up.