| Concepts and Planning | << | >> |
Choosing a Domain Model
Use the following table to determine which domain model best suits the needs of your organization.
Domain attribute
|
Single domain
| Single master domain
| Multiple master domain
|
|
Less than 40,000 users/domain |
X |
X |
¾ |
|
More than 40,000 users/domain |
¾ |
¾ |
X |
|
Centralized account management |
X |
X |
X* |
|
Centralized resource management |
X |
¾ |
¾ |
|
Decentralized account management |
¾ |
¾ |
X* |
|
Decentralized resource management |
¾ |
X |
X |
|
* You can have either centralized or decentralized account management under the multiple master domain model. |
|
|
|
For example, Ferguson and Bardell implemented a multiple master domain model with the following characteristics:
- Each main region is its own second-tier domain with its own administrator, who creates and manages local groups, files, and printers.
- Each of the three master domains trusts each other, and each second-tier domain trusts all the master domains. Second-tier domains do not trust each other.
{bmc CPI_F07.GIF}
Ferguson and Bardell decided to use the multiple master domain model because:
- It can expand as the company grows.
- It enables centralized management of user accounts (through the master domains) and distributed management of network resources (through the second-tier domains).
- Users can connect to resources in all trusted domains as the result of pass-through authentication.
- It minimizes the number of authentication sessions per domain, which reduces network traffic and enables good performance in the master domains.
- Departments can manage their own resources.