Once we identify the organizational structure and security boundaries, the next thing is to identify the physical computer network structure. It's important to identify how many branch networks there are, how they are connected together, and what kind of bandwidth there is between sites. This information helps design the domain structure. Domains help partition the directory and define the replication boundaries for efficiency. Network diagrams are the best place to start. Also, it's important to identify potential issues and bottlenecks between physically separated networks. In network diagrams, it may look nice with links connected between sites, but if these connections have reliability and bandwidth issues, that's also going to impact your design. Gather uptime bandwidth utilization reports for these links at least for 3 months and review them. In Chapter 1, Active Directory Fundamentals, I explained read-only domain controllers (RODC). These have been used on branch networks when they cannot guarantee security and a reliable connection. Even the branch offices connected together and linked is not reliable, or if the links have already been fully utilized, we need to fix that bottleneck first or place RODC instead of the fully blown domain controller. Gathering this information will help you make that call.
It is also important to gather information about the company road map and the company products road maps, as that will also impact the identity infrastructure design. For example, if a company is in the process of business acquisition or merging in the next 6 months, your design should be future-proof to address that requirement to another company. In the same way, if the company is going to downsize or sell the product they developed in another company, that's also going to impact the design. So, it's best to discuss this with the relevant people and get a better understanding of road maps. As I mentioned earlier, identity infrastructure changes are costly and involve a lot of work. By understanding the company's future, you will prevent this kind of awkward situation.
The company IT administration model is also important for identity infrastructure design. It can be either centralized or decentralized. Rebeladmin Corp. has a group of companies. Each of these companies has its own IT department. So, each company's IT teams are responsible for their own infrastructures. In this case, maintaining separate forests is helping to divide the responsibilities for IT operations. Also, some companies may outsource their IT operations to a third-party company. This will change the security requirements in the identity infrastructure from in-house IT operations. Some of the workloads may need to be isolated from them due to data protection and businesses, legal requirements. The design will need to match these types of IT operation requirements.
Businesses are subject to specific government regulations. For example, banks and hedge funds need to follow specific rules in their operations to protect the customer data and the trade data. Businesses that process credit cards need to be PCI-compliant and follow specific regulations. Also, if organization operations are aligned with ISO standards, it's another set of rules and best practices to follow. If an organization has branch offices in different countries, the government rules and regulations applied to those will be different from the rules applied to the headquarters. It is important to gather this data as it can also make an impact on the design.
Modern identity infrastructure requirements are complicated. Some organizations have already extended their identity infrastructures to the cloud. Some organizations have been fully moved to Azure Active Directory managed domains. Most application vendors have moved their products to the public cloud. So, businesses need to collaborate with technology changes happening around them. Some products and services are not going to continue anymore as in-house services and customers need to move to the cloud version. The identity infrastructure design should be future-proof as far as possible. Therefore, it's important to research and evaluate new technologies and services that can improve the organization's identity infrastructure and adopt them to the design as required.
In any project, the implementation phase is relatively easy. The design and planning process is complicated and time-consuming. But it is vital for business satisfaction. Once you collect data as described, go through it a few times and understand it properly. If you have doubts, go and gather more data to clear it. When Johnathan Ive designed Apple Mac, do you think he designed it in one go? I am sure he must have used an eraser. But in the end, everyone loved the Apple designs. No one bothered about how hard it was or how much time he spent. The end result was the ultimate success. Therefore, don't be afraid to use an eraser in the design phase.