WHAT IS A WINDOWS DOMAIN ENVIRONMENT?
In simplest terms, a Windows domain is defined as a logical group of network objects (computers, users, devices) that share the same Active Directory Domain Services (AD DS) database. A Windows Server running AD DS is called a domain controller. AD DS is a distributed database that stores and manages information about network resources and application-specific data from directory-enabled applications. AD DS allows administrators to organize network objects into a hierarchical containment structure called an Active Directory logical structure. A well-designed Active Directory logical structure provides the following benefits:
- Simplified management of Microsoft Windows-based networks that contain large numbers of objects
- A consolidated domain structure and reduced administration costs
- Simplified resource sharing
- Low total cost of ownership
A well-designed Active Directory logical structure facilitates the efficient integration of such features as Group Policy; desktop lockdown; software distribution; and user, group, workstation, and server administration.
WHY DO SMBs NEED A WINDOWS DOMAIN ENVIRONMENT?
In a common SMB network, each user is provided with an individual workstation that has Microsoft Windows and all required applications installed. User accounts are created and managed on a per computer basis. If a user needs access to another computer in the office, a user account must be created on that computer for the user to log in, but the user’s desktop settings and any locally stored files are not available. In addition to this workstation limitation, managing and limiting access to data stored on file servers is difficult and quickly becomes a large administrative burden.
By establishing a Windows domain environment, these limitations can be overcome. In an AD DS structure, users and objects are partitioned into domains that support a number of core functions related to administration, including:
- Network-wide user identity. Domains allow user identities to be created once and referenced on any computer joined to the domain. Domain controllers that make up a domain are used to store user accounts and user credentials (such as passwords or certificates) securely.
- Domain controllers provide authentication services for users and supply additional authorization data such as user group memberships, which can be used to control access to resources on the network.
In a domain, access to network resources is controlled by a domain administrator. For example, when a user needs access to a shared folder on the network, that user can be granted access to the share by the domain administrator by modifying the share permissions directly on the folder. Alternatively, a security group can be created with permission to access the folder and users can be assigned to the security group when they need access to the folder. Similarly, access to printers can be granted or restricted by the domain administrator on a per user or per group basis. Printers can even be configured in a group policy so that they are installed with a user’s profile each time they log into the domain. With this ability to centrally manage network resources, the management burden and total cost of ownership for the network are significantly reduced.
HOW CAN RED ONE HELP?
Red One will perform an assessment of your current network environment and operational requirements. This information will be used to create an AD DS deployment strategy. The deployment strategy includes:
- Designing the Active Directory logical structure (forests, domains, DNS infrastructure, and organizational units)
- Designing the site topology (location of domain controllers, site links and replication)
- Planning domain controller capacity (number of DCs and disc space/memory requirements)
Once the planning phase is complete, Red One will create a test environment to ensure that all services are functioning properly. When testing is complete, Red One will set a deployment date and begin the necessary preparations for a successful launch.
Red One will oversee the Windows Server AD DS deployment and verify that all aspects of the design are operating as specified. After the installation, Red One will provide a trouble ticketing system and Help Desk to handle issues as they arise.
CAN I RUN AD DS from the AWS CLOUD?
Absolutely! In fact, Red One recommends establishing all domain servers in the AWS cloud. Doing so allows even SMBs to realize the benefits of a Windows domain architecture without having to make a major investment in infrastructure hardware. In addition, the AWS Cloud inherently makes it easier and more cost effective to build a fault tolerant network that even makes business continuity planning a realistic option.
Maybe we can help!
Drop us a line today for a free evaluation!