Leverage AD Investments
Using Virtualization to Make the Most of Active Directory
Like most enterprises with Windows desktops, there is a good probability that your organization has made a significant investment in Active Directory. But integrating AD with non-Microsoft web applications and portals represents a challenge:
- Your users want to use their AD identities and credentials to log in to non-Microsoft web applications.
- Your security team wants to take advantage of the group definitions that already exist in AD.
- Your web applications and portal can search a single LDAP directory, but your existing AD infrastructure is made of multiple AD domains and forests.
Given these issues, how can you authenticate and authorize securely while still leveraging your AD investments?
Delivering Security While Maintaining Your Existing AD
On one hand, it would make sense to consolidate everything into a single Active Directory instance, but there are valid historical and logistical reasons for having multiple forests and domains. You may also need to store additional attributes for application-specific entitlements and profiles, so on some levels it makes sense to put all attributes into AD.
However, Active Directory is first and foremost a NOS-based system and extending the schema can have serious consequences on the core functionality AD is designed to address. In addition, there is the issue of who owns the data and certain requirements are better served through the functionality of a relational database, not AD.
A Common Virtualization Layer for All Your AD Projects
Virtualization allows you to leverage what you already have in AD without having to stretch AD into areas for which it wasn’t designed. Some examples of where RadiantOne can help:
Consolidate multiple AD forests and domains: A virtualization layer allows you to keep existing AD forests and domains while logically consolidating them into a single directory.
Extends schemas to AD: A virtualization layer allows application specific objects and attributes to reside in other sources while still providing a unified profile of the user.
Delegate authentication to AD: A virtualization layer allows other applications to leverage your existing IDs and credentials by delegating the authentication to Active Directory.
- Check out our paper on how to Consolidate AD Domains & Forests into a Standard LDAP Directory.