Analyzing Naming Convention Needs
To plan what your namespace and domain structure should look like, you need to analyze your organization and attempt to understand its underlying naming needs. This process requires a thorough understanding of the type of organization you have and who the players are, as well as some educated guesses about where the organization will be going in the future.
Trees and Forests
As a first step, you'll need to understand the differences between the two basic types of namespaces—trees and forests—in order to decide how they line up with your organization. You can switch models later, but not without some pain and suffering, and not without having an impact on the overall names used, so take some time here to make sure you understand what your organization really needs. What the organization needs may well be different from what it thinks it wants.
Trees
A tree namespace, like that shown in Figure 3-1, is a single, contiguous namespace, with each name in the namespace directly descended from a single root name. This kind of straightforward naming design is appropriate for an organization that is essentially cohesive and has a single name underlying what may well be many different divisions and diverse businesses. Many small to midsize businesses will fit well within this model. Even very large businesses may be a comfortable fit for a tree structure if the organization is fairly centralized and has a single recognizable name.
Figure 3-1. A tree-structured namespace.
As you can see from the figure, with a tree-structured namespace, each branch of the tree has a name that is directly descended from the root of the tree. This convention makes it easy to find any leaf or branch of the tree by tracing down the structure of its name.
Forests
A forest namespace, like that shown in Figure 3-2, is a collection of essentially equal trees, with no single root to the namespace. The forest namespace is appropriate for an organization that has multiple lines of business, each with its own separate and identifiable name. These will usually be larger businesses, especially those that have grown by acquisition. They typically do not have a single, central information systems group that manages the entire organization, and each of the divisions generally has an essentially separate identity and infrastructure.
Figure 3-2. A forest-structured namespace.
As you can see from the figure, with a forest namespace you essentially have a peer group of trees, each its own contiguous namespace, but the trees do not fit into an overall, contiguous namespace. You can't directly trace the names of all the leaves back up to a single root.
Defining a Naming Convention
Whether you're going to have a single tree or a forest of trees for your overall namespace, you need to make some decisions about what the various branches of the tree will be called. This is easily one of the most delicate and politically sensitive decisions you'll have to make as you lay out your overall naming structure.
There are essentially two types of naming conventions—organizational and geographical. Both have their proponents, and an argument can be made for either choice. Keep in mind that people can get amazingly emotional about what their division or department is called and about its relative weight in the organization. Such political disagreements can be not only bitter but also prolonged beyond any reasonable expectation.
The Organizational Naming Convention
Using an organizational naming convention, you would model your namespace on the way your company or organization is structured. Thus, the root of your tree might be microsoft.com, with the first level under that consisting of admin.microsoft.com, finance.microsoft.com, mfg.microsoft.com, hr.microsoft.com, and so forth.
The following are advantages and disadvantages of the organizational naming convention.
| Advantages | |
|
|
|
|
| Disadvantages | |
|
|
|
|
REAL WORLD Sites
Sites, a new feature of Windows 2000 provided by the Active Directory, can be used to reduce or eliminate the problem of implementing the organizational naming structure with divisions that have multiple locations. A company can create a site for each island of computers with LAN connectivity. For example, the main office would be a site, and a branch office another site. Any domains that span more than one site automatically adjust their replication parameters to optimize the use of the slow WAN link between the sites. Clients are also automatically directed to local domain controllers for service requests, further decreasing the use of WAN links. For more information on sites and planning your site topology, see Chapter 7.
The Geographical Naming Convention
Using a geographical naming convention, you would model your namespace on the geographical divisions of the organization. For example, with the same root of microsoft.com, you might have a first level consisting of corp.microsoft.com, noram.microsoft.com, europe.microsoft.com, africa.microsoft.com, and so on. Under this first level, you might break each entry down to the individual country or state/province, depending on the size and complexity of your organization.
The following are advantages and disadvantages of the geographical naming convention.
Advantages- Is apolitical
- Uses names that tend to be persistent
- Offers greater flexibility and granularity
- Doesn't reflect the nature of the organization
- May require more domains to meet security needs
TIP
Sites are useful for optimizing the use of slow WAN links on networks using a geographical naming convention. While usually there aren't any domains that span multiple sites in networks using the geographical naming convention, using sites further optimizes the use of WAN links by tuning inter-domain replication of the Active Directory.
Mixed Naming Conventions
Finally, you may opt to use a mixture of the organizational and geographical naming conventions, especially in a forest namespace where different corporate cultures have grown up and have their own agendas. The catch, of course, is that this can lead to a good deal of confusion and make any support task greater, since there is no consistency in how things are done. In creating your first Active Directory namespaces for Windows 2000, you really should consider making every effort to rationalize the structure, since it will make the overall support job easier in the long run.
Even if you go with a purely geographical naming convention across the whole organization, chances are you'll find it advantageous at the lowest level of the tree to create organizational units or domains because groups working in similar areas or on related projects tend to need access to resources of a similar nature. The needs on the manufacturing plant floor tend to be different from those in accounting, for example. These common needs can identify natural areas of administrative support and control.
Determining Name Resolution
A second decision that you must make is whether you want the namespace you use internally to be the same as the one that you present to the outside world. You might think that the names should be the same, but there can actually be compelling reasons to opt for different internal and external namespaces.
Using the Same Internal and External Namespace
When you have a single namespace, you and your machines have the same names on the internal network as on the Internet. In other words, you get a single name from the appropriate Internet registration authority and you maintain a single DNS namespace, although only a subset of the names will be visible from outside the company. Your network structure will end up looking something like Figure 3-3.
Figure 3-3. A public/private network with a single namespace.
When you use the same name for internal and external namespaces, you must ensure that the ability to resolve names from outside your company is limited to machines outside your firewall that are supposed to be externally visible. Make sure that no Active Directory servers reside outside the firewall. However, you'll also need to make sure that your internal machines can resolve names and access resources on both sides of the firewall.
The following are some advantages and disadvantages of using the same internal and external namespace.
Advantages- Provides consistent naming internally and externally
- Allows single name registration
- Enables users to have a single logon identity and e-mail identity
- Needs a complex proxy server configuration
- Requires maintenance of different zones that have the same names
- Requires users to work with different views of resources, depending on where they are
Using Different Internal and External Namespaces
If you set up different internal and external namespaces, your public presence might be microsoft.com, while internally you would use msn.com. All of the resources that reside outside the company network would have names that end in microsoft.com, such as www.microsoft.com. Within the company network, however, you'd use a separate namespace that has msn.com as its root, as shown in Figure 3-4.
Figure 3-4. Public/private network with separate namespaces.
One consideration to remember with this scenario: you'll want to register both the public and private names with the appropriate Internet name registration authority. You might think that you don't need to worry about the internal-only name when you have no intention of exposing it to the Internet. What you're really doing, however, is making sure that no one else uses the same name, since this could cause name resolution problems for your internal clients.
The following are some advantages and disadvantages of using different internal and external namespaces.
Advantages- Provides a clear distinction between what is internal and what is external
- Offers easier management and proxy configuration
- Makes it easier for users to understand the differences between the internal and external namespaces
- Requires that two names be registered
- Means that users' logon names are different from their e-mail names
EAN: 2147483647
Pages: 366