IT & MCIS
DEFINITION
OF STANDARD:
Enterprise Directory Services provide an online directory of users and
resources under an accepted protocol for ease of managing and sharing
directory profile information. These directories represent users, applications
and network resources as objects in a hierarchical tree. Enterprise Directory
Services provide a central view of all available resources on the network,
as well as facilitate the administration of user rights, profiles and
permissions. Enterprise Directory Services provide network users and administrators
with transparent access to all network resources, including users, groups,
printers, servers, and other physical network devices throughout the network.
RATIONALE:
The scope and
business requirements of the University of Kentucky call for a centrally
managed Enterprise Directory Services strategy that will operate within
a broad architectural framework for the administration, authentication
and authorization of users, operational services, institutional data and
resources. Enterprise Directory Services will provide a platform for computer
and network security, policy-based networking, single-sign-on services
and remote access administration.
The promotion of an electronic institution strategy and the creation of e-commerce applications require recognition and tracking of users, vendors, suppliers and customers. Adoption of an Enterprise Directory Services solution supports the management and deployment of a personal identification number (PIN) and is necessary for a successful introduction of public key infrastructure (PKI) digital certificates for authentication and security control.
PUBLICATION
DATE:
1/28/00
REVIEW
CYCLE: Six Months
EFFECTIVE DATE:
July
5, 2000
REVISION DATE:
June 5, 2003
RESPONSIBLE CONTACT: Matt Defoor, NEMOC
Approved Standard(s):
Enterprise
Naming Standards:
All
DNS names within the UKY.EDU namespace will be submitted for approval
by the UK Network Engineering, Maintenance and Operations Center (NEMOC).
The DNS name structure will be eight (8) characters or less in length, consisting of the characters (A-Z) and the numbers (0-9). Hyphens (-) and Underscores (_) should not be used except in extraordinary cases.
Active Directory Services (AD) server names will be dictated by their DNS names.
NetWare Directory Services (NDS) names will be dictated by their DNS name.
NETBIOS names will reflect DNS name. If the name fails to be unique within the confines of the workgroup or domain, the DNS domain will be appended to the NETBIOS name. If that fails to be unique, a new NETBIOS name must be chosen.
Related Standards Adopted:
IP based Domain Naming System (DNS) as per RFC _____
Lightweight Directory Access Protocol (LDAP) version-2; read/write support of LDAP version-3.
Microsoft Active Directory Services (AD) version _____
Novell Network Directory Services (NDS) versions 6.x and 8.x
Compatible with Enterprise Standards product in Category 2600 - Electronic Mail
Compatible with Enterprise Standards products in Category 3300 - Router
Compatible with Enterprise Standards products in Category 3700 - Firewall
Multiple platform server support: NetWare, NT, UNIX, and OS/390
Multiple desktop client operating systems support: Windows 95, Windows 98, and Windows NT
Support for Secure Socket layer (SSL ver 3)
Support for Public Key Infrastructure (PKI) certificates (X.509)
Approved
Product(s):
Novell NetWare Directory Services (NDS)
Microsoft Active Directory Services (ADS)
Justification:
Enterprise Directory Services require a consistent naming convention to
guarantee uniqueness for all objects th incorporated into the UKY namespace.
In order to maintain a homogeneous naming structure, the naming of these
objects must be consistent with DNS naming conventions.
Technical
and Implementation Considerations:
Scalability and cross-platform capabilities are important to a large enterprise
due to the diversity of server platforms, applications and users. All
Enterprise Directory Services must be capable of integrating into a single
logical meta-directory and provide synchronization via LDAP.