Whitepaper 02-02: Network Identification, Authentication, and Authorization Use Case
The typical Small / Medium size Business (SMB) must provide both intranet (internal) and extranet (external) access for its employees and customers based on roles, permissions, and clearance. This white paper looks at a notional SMB network and discusses how the SMB can implement Identification, Authentication, and Authorization (IAA) using simple techniques that leverage common network environments.
The notional internal corporate network consists of a small number of physical servers complemented by a much larger number of virtual servers. All of the internal servers and team member desktops run some variant of the Windows operating system and leverage a local Active Directory domain for IAA functions. The notional network does have non-Windows servers for specific customer projects, but these servers generally provide their own IAA solutions per customer requirements. This paper concentrates specifically on IAA within a typical corporate Active Directory environment.
Key points to consider as any part of an IAA solution include:
Manageable. SMBs are not known for having deep pockets to invest in a team of dedicated system administrators. Any IAA solution must be easily implemented and convenient to maintain.
Scalable. The goal of a typical SMB is not to become enamored of the â€œSmallâ€; that is, the business needs to be prepared to expand. That next task order award may require significant growth in the corporate infrastructe and the IAA solution needs to be archictected with that target in mind.
Standards-based. Related to overall manageability, any IAA solution needs to be firmly rooted in proven concepts and technologies. For example, a hardened and patched Active Directory environment provides an excellent framework for a reliable and affordable corporate network solution.
Extensible. This whitepaper considers how a typical Active Directory implementation can be extended to support public key infrastructure (PKI) needs, with a use case of mapping SharePoint users to certificate-based logins. This ties in well to the larger requirement that any IAA solution must be capable of integrating with evolving technology standards.
This whitepaper closes with some specific recommendations and thoughts.