Design for cloud/hybrid identity

  • 9/19/2016

Thought experiment

In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find answer to this thought experiment in the next section.

You are a system administrator for Alpine Ski House, a luxury mountain sports provider of mountain lodging, recreational activities, and special events facilities and services. The current IT environment consists of two small datacenters: a primary and a secondary. The company uses AD DS for all authentication and authorization, IIS for public and internal web applications, and Windows Server 2012 R2 and Windows Server 2016 for a variety of other services, including file services and database services. The company relies heavily on social media to market its products and services. The following pain points have been identified:

  1. Phishing incidents have enabled attackers to gain access to some employees’ user credentials.
  2. Employees have reported difficulty in working with a large number of credentials to access corporate resources and cloud-based resources and this often results in routine account lockouts and password resets.
  3. The small datacenters that the company maintains are at capacity.
  4. When the company opened its second location, the time it took to build out the datacenter and prepare the location for IT services delayed the grand opening.

The company has recently decided to expand its services to other geographies and you have been asked to come up with a solution to provide IT services to the new locations. The following requirements have been identified:

  • Minimize the use of on-premises servers.
  • Improve the time to market for new locations.
  • Reduce the impact of phishing incidents.
  • Improve the user experience, especially for users with multiple credentials.

You need to design a solution to fix the existing issues and meet the company requirements. Answer the following questions based on the scenario:

  1. Which type of identity should you use for the organization? Why?
  2. How can you minimize the impact of usernames and passwords being compromised, such as from phishing attacks?
  3. Which solution should you use to reduce the administrative overhead of managing user identities?
  4. How would you fix the user experience issues regarding management of multiple credentials?