Active Directory to Windows Server
Buy custom Active Directory to Windows Server essay
Active Directory (AD) is a centralized and standardized system that computerizes network management of the users’ data, security, distributed resources and enables interoperation with other directories (Rouse, 2008). Active directory provides through a single jet database network services such as LDAP directory services, Kerberos based authentification, DNS naming and secure access to resources. Windows 2008 server is enhanced with Active Directory Domain Services (ADDS) and integrity related NTFS allowing transactional definition for server-level operations (McCown, 2008).
Active Directory supports the X.500 in the standard manner for developing electronic directories and enables global accessibility through the internet. Active Directory supports Lightweight Directory Access Protocol (LDAP) enabling inter-directory operability, access to information and the backward and forward compatibility (Rouse, 2008).Windows Server 2008 uses Read-only domain controllers (RODCs) providing system security through unidirectional replication and users’ authentification. Windows Server 2008 uses New Technology File System (NTFS) enabling definition of server level transactions (McCown, 2008). NTFS uses a b-tree scheme to track files, enabling file integration and compression based on Unicode. NTFS enables administrators to build an access control list, thus restricting file accessibility and data security (Rouse, 2008). The two provide system flexibility by ensuring accessibility from any point, single point system control, users’ authentification enhancing system security and collaborative management.
Using Users’ Groups to Manage Accounts
Microsoft Windows 2000s Operating Systems offer and integrate users, computer accounts and distribution and security groups with the Windows 2000’s security subsystem. In the relationship between users and the security, security groups are very important as they manage users and the computer to access to the shared resources and also filter the Group Policy settings. Security Groups are a type of Active Directory Groups. Active Directory Groups contain users, contacts and computers created using Active Directory Users and computer tools. Group policy settings are used to construct the security options, manage applications and desktop appearance, assign scripts and redirect files from local computers to the network locations. Users in security groups are provided with an access token that has security information for logon sessions. The access token is used to identify the user, his security group and the privileges assigned to the user’s security group thus controlling access of the secured information and the ability of users to carry out system-related operations on the local computer (Active directory users, computers and groups, 2012).
Claude Elwood Shannon
Claude E. Shannon was born on 30 April, 1916 in Gaylord, Michigan, United States of America. Shannon received a degree in mathematics and electrical engineering in 1936 from the University of Michigan. He attended the Massachusetts Institute of Technology and obtained a master’s degree in electrical engineering and subsequently PhD in mathematics from the same institution in 1940. He contributed on the use of algebra to analyze, optimize relay switching circuit and population genetics. He worked in the Massachusetts institute of Technology as a deferential analyzer, a computer developed by Vannever Bush. Engrossed to analog gears in the computer and the complex circuit that was controlled, he published a mathematical theory of differential analyzers in 1941. He joined AT & T Bell, where he contributed to the two-terminal series-parallel networks in 1942, an extension of MacMohan’s 1982 contribution in the electrical field. In 1948, Shannon developed a Mathematical Theory of Communication, which characterized communication channels by their carrying capacity. He received an Alfred Nobel America Institute of American Engineers Award in1940, the Audio engineering Society Gold Medal in 1985 and the Kyoto Prize in 1985. He succumbed to Alzheimer’s disease on 24th February 2001 in a Massachusetts nursing home (Gallager, 2003).
The Lightweight Directory Access Protocol (LDAP) is a primary directory access protocol that allows access to the distributed directory services, either on the internet or organizational intranets in accordance with X.500 data and service models. LDAP also allows users to add, modify, delete and query information in an Active Directory. Active Directory, same as the LDAP, makes use of X.500, which is the standard for the networked directory services. LDAP assists Active directory to provide a centralized directory and accessibility of a directory from any point in a network. LDAP also provides back to end databases, which enhance administrator flexibility on data deployment. The Active Directories users have to be authenticated in order to access a system, LDAP provides user authentification features that are dependent on two algorithms that is: the Composed Distinguished Name (DN) authentification and the Searched DN authentification (SYBASE, 2004). Active Directories can also make use of Active Directory Service Interface (ADSI), which exposes objects in a directory as the Component Object Model (COM) objects thus enabling accessibility and extensibility of different types of directories. Active Directory applications are written using LDAP C API, a set of low C-language APIs to ease portability of such applications (Active directory users, computers and groups, 2012)
Kerberos, a network of the authentification protocols provides secure authentification for client-server applications by using secret-key cryptography and is integral of Microsoft Active Directory implementations. Kerberos was created by MIT as a solution towards the network security issues presented by the use of Firewalls, which were unable to sufficiently prevent the network traffic from the authorized locations and from performing the unauthorized activities. Secret key cryptography ensures to prove the client to server identity and vice versa in insecure network connections. Kerberos makes use of series of tickets as opposed to transmission of passwords in a network. Upon logining by a user, a machine generates exchanges with the Domain Controller (DC) thus granting the user a ticket-granting ticket (TGT), which is further used to apply for service tickets in order to access applications or services (Desmond, 2010).
The Kerberos is named after and based on the three-headed dog figure from a Greek mythology Kerberos and comprises the Key Distribution Center (KDC), the client user and the server. The KDC is a part of the domain controller that performs Authentification Service (AS) and Ticket Granting Service (TGS). AS exchange takes place when users log into a system as they have to request for an access by submitting a username and password, which is verified by the AS part of the KDC. TGS exchange allows an access to server service by providing the session keys and tickets for the client and the server. Client-Server exchange takes place unknowingly when the user provides the server portion of the service ticket to the server enabling mutual authentification through time stamp encryption and creating a client server session (Walla, 2000). Active directories are charged with the responsibility of providing security for information and data within a network, authentification is therefore an important aspect in ensuring that networks are secure. Kerberos therefore assists in active directories in ensuring the network security and also enhances the network interoperability by ensuring efficient client server communication, which enhances the system use planning.
Users’ Accounts in Active Directory
Users’ account objects are obtained from a class, the template of which defines what the objects contain. In active Directory there are tow types of users’ account of objects that is User and Contact objects. Users’ accounts represent users who can either be individuals or applications that log into a network. Contact account object, on the other hand, only represents human users (Active directory users, computers and groups, 2012). User account objects are attributed to features such as names, user ID or logon ID, department worker, manager, direct report paths, extension number and security identifier. User’s account restrictions protect the system from being compromised through authentification, authorization and accounting. Authentification is a two phases process, starting with the identification and validation of user identity through mapping of user objects. Authorization determines whether an already identified user is permitted to access the information. Through the accounting a system audits users’ actions (Todorov, 2008). There are various users’ accounts naming schemes available for the use by organizations ranging from the user’s first name and last name, first initial and last name, first initial, middle initial and last name, first initial, middle initial, and first five last name characters and lastly user’s first name and last initial. In the first name and last name naming system the two names are separated by using either an underscore or a hyphen (Tech Net, 2012). Organizations may, however, develop their own naming schemes to enhance information sharing efficiency and customer service. Global organizations’ systems have to however incorporate the geographic locations and the type of identifier and also ensure the system usability, security, ease of administration, audit and the fact in a global context name of users may conflict. In my opinion, alphabetizing naming schemes in Asia would not have much of an effect on the naming schemes as they would still have to conform to the X.500 standards on the electronic directory services.
Distributed File System
A file system is charged with the responsibility of organizing, storing, naming, sharing and protecting files. A Distributed File System (DFS) is a classical filing system model distributed across multiple machines, whose main purpose is to enhance file sharing made up of loosely coupled machines interconnected by a communication local area network. Distributed File Systems perform synchronous I/O operations for cache coherence and data safety. A service is a software entity that provides functions to clients while a server is the service software running on one machine. Clients invoke a service through operations in the client’s interface (Levy & Silberschatz, 1990). DFS provide organizations with an access to transparency enabling migration of stand alone systems to the organizational networks. Location transparency, on the other hand, enables clients to access files without knowing their physical locations while scaling transparency allows system enlargement without any changes on the system structure and applications. DFS enable data replication thus enhancing availability. For a medium manufacturing company, I would recommend the Andrew File System (AFS), which uses Kerberos for the authentification and implements account control lists the rationale for that decision being the need for high computing in a manufacturing environment (Rouse, 2005).
Encrypted File System
Encrypted File System (EFS) technology is used to carry out quick file encryption on computer hard drivers by making use of both public and private key encryption and CryptoAPI architecture. The technology does not require preliminary operations as it issues an encryption certificate and key during the first file encryption. Encrypted files remain so even when transferred to other folders or drivers and are only decrypted when transferred to another system. The main advantage of EFS is that it enhances security of data and information within a system as encrypted files cannot be opened by the other user without the appropriate passwords. While encrypted files remain inaccessible to the other users, the user with the permission is able to access them without any restrictions on an aspect that limits access to confidential information. However, encrypted data may still be vulnerable especially when encrypted files are moved to FAT32 file systems, which are incompatible with EFS. Another vulnerability emanates from use of user’s accounts, which are dependent on passwords and therefore, if a user’s password is weak the encrypted files may be accessed by the unauthorized persons. Data can also be lost if the system fails to boot due to operating system’s failure, reset passwords, migration to different domains and system reinstallation (ElcomSoft, 2007). EFS can be used in computers, which use Windows 2000, Windows XP Professional, Windows Server 2003, Windows Vista and Linux, which use NTFS, as EFS is not compatible with computers, which use FAT32 file systems such as Windows 95, Windows 98 and Windows Millennium Edition.
Advantages and Disadvantages of Compression
Compression enables computer users to optimize storage by compressing data so as to decrease a disk space and storage infrastructure or hard disk requirements. This enables a user to store more data since the compressed data utilizes less space. Compression also enables the computer to read and write more and enhances the efficiency in file transfer due to hardware and memory efficiency, enhances the achievement of a variable dynamic range and byte order independence. However, compression leads to complications, errors in data transmission, slows down reading and writing while using complicated methods, leads to unknown byte/pixel relationships and creates a need to decompress previously compressed data (Massingale, n.d.)
Advantages and Disadvantages of File Encryption
File or folder encryption or File System encryption as also known, provides computer users with the ability to manually encrypt individual files unlike full-disk encryption, thus protecting them. Folder encryption applications provide specific folders, in which users save or move their files for encryption, which are later decrypted upon being moved to other locations. Transparency of file encryption applications ensure that the applications don’t interfere with other applications such as MS Word. Such applications can be configured in order to meet organizational security needs. File encryption enhances file transmission through automatic encryption and provides a platform for centrally managing encryption keys and granting authorization (SecureDoc file and folder encryption: Defense in depth’ of sensitive data, 2010). File encryption however, is vulnerable especially where passwords are weak and can therefore be broken. Files are also lost if a user loses the password. Another weakness is that file encryption does not allow separation of duties between system administrator and database administrator, which may lead to intrusion (Baccam, 2010).
Configuration and Management of Disk Quotas
Disk quotas provide a method for controlling disk space usage based on either user or group soft limits, hard limits and quota grace period. Soft limits determine the number of files below, which a user should remain, while hard limits determine the maximum number of files that can be accumulated. Quota grace period is a period during which a user can exceed the soft limit after which the system interprets the soft limit as the hard limit. Disk quota systems track user and group quotas in the quota.user and quota.group and are used for file systems containing home directories and files especially under conditions of the limited disk space, desire for higher file system security and large disk space usage by users (IBM, 2012).
Current Information System Hardware Trends
One of the current information system hardware trends is the development of mini-mobile computers such as notebooks, laptops, palmtops and smart phones. The world has witnessed great battles as phone companies such as Samsung and Apple battle to win over the smart phone market with latest release, the Iphone 5s from Apple recently hitting the market. Mini computers provide users with an access to Wireless LANs (WLAN) in organizations and ability to access information from any point due to the enhanced portability (Remusaloy, 2010). Computer hard disks are doubling in size in accordance with Moore’s Law, which states that processing power of computers is doubled every two years. Hitachi Global Storage Technologies, Seagate, have developed and availed their 4TB hard drivers to the market, which allow larger data storage than current hard disks. This shows a trend of size reduction in computer hardware being at the same time aimed at higher speed and performance. Future trends are likely to continue on the same line of thought to be characterized by increase in 64-bit computing aided by more powerful processors and parallel processing while the size of computers will continue to be reduced to satisfy consumer preferences for smaller, portable and high performing computers (Jase, 2012).
Factors to Consider while Creating an Information System
Information systems are no longer viewed as a support function in business as they are involved in all classical business functions ranging from operations, marketing, accounting and finance and play an intellectual and valuable role in decision making. This is coupled with the fact that they consume a momentous amount of organizational resources such as people, money, time and machines requires that managers decide wisely when it comes to sourcing or creating them to ensure that the sourced information systems support organizational systems. One of the factors considered when creating an Information System (IS) is adaptability. The IT world is highly dynamics and a system must therefore be able to support the expected future advances. An information system must also be scalable and adaptable to increased or decreased demands. Leaders must consider the system maintainability issues such as complexity of a system, availability of parts and obsolesce. Standardization through the use of common standards ensures integration with existing infrastructure and is thus important. Information and data security is also an issue as leaders are charged with the responsibility of protecting business secrets. Lastly, the cost and availability of information system infrastructure is very important as organizations operate within budgets (Pearson & Saunders, 2010).
Enterprise Planning Software
Businesses have increasingly more information driven therefore creating a need for holistic management of the information flow within an enterprise. This would motivate me as an entrepreneur to develop Enterprise Resource Planning Software for my start up the company. Enterprise Resource Planning Systems are software systems used in business management to support core business functional areas like marketing, planning, manufacturing, distribution, human resource management, inventory management and e-business. The software systems are built to integrate business modules in a transparent manner therefore providing a seamless flow of information between the mentioned business functions. The systems provide an organization with the ability to holistically manage the flow of information within the various upstream and downstream activities. The software would be tailored to contain functional applications that would aid the mentioned business functions such as customer relationship management applications, which would allow the efficient customer service. Supply Chain Management (SCM) applications would also be an integral part of the software in order to achieve efficient management of inventories and therefore realize return on investment (ROI) and assets (ROA). Financial Management application would go way along with ensuring transparency in financial affairs as Enterprise Management Systems provide reliable information and reduce data operations redundancy (Hossain, Patrick & Rashid, 2002).
Buy custom Active Directory to Windows Server essay