Administration

Enterprise Active Directory adoption project reaches halfway milestone

The Enterprise Active Directory Adoption Project began in December 2018 to aid Penn State’s distributed IT units as they transition all computers, servers and services to authenticate with a single, centrally managed directory service. Credit: Talia Barnes / Penn State. Creative Commons

UNIVERSITY PARK, Pa. — The project to transition all Penn State-owned computers to the University’s Enterprise Active Directory (EAD) Service has reached the halfway mark with all administrative areas now engaged in the EAD service and an overall computer enrollment of 44%.

The EAD service, managed by The Office of Information Security (OIS) and Enterprise IT (EIT), provides a single, central directory and authentication service, enabling IT staff members to better manage users’ “digital credentials” and access to applications and data while reducing the University’s threat surface for cyberattacks.

As part of the EAD Adoption Project, which began in December 2018, Penn State’s chief information security officer, Don Welch, charged IT units around the University with using enterprise credentials for authentication to all computer objects by transitioning to the EAD service by the end of 2019. This includes IT units that currently use a local implementation of Active Directory, as well as those that use the centrally offered ACCESS domain. Since the ACCESS domain’s operating system will no longer be supported by Microsoft in January 2020, all IT units are expected to transition off the ACCESS domain by Oct. 31, 2019.

“Penn State remains a target for foreign intelligence agencies and cyber criminals. Hijacked accounts themselves can be damaging but are also key steps towards major breaches," said Welch. "Protecting our accounts, our authentication and authorization, and our security policies is a foundation for our cybersecurity strategy. Moving to a single Active Directory is not only a significant contribution to our cybersecurity but will help us focus our IT resources and talent on teaching and research."

To aid in the adoption effort, members of the EAD Adoption Project team have been reaching out to IT units across Penn State to assist units with the EAD onboarding process and to determine the best migration method and transition timelines. According to Jeff Reel, director of the EAD Adoption Project, the unit engagement philosophy, thus far, has been successful. Sixty-six units have been engaged by the project team, 52 are in the process of migrating and 13 have completed the migration of all their computers.

Last month, Reel and Keith Brautigam, director of Identity and Access Management, presented at the Tech Pros Conference. Their presentation highlighted the value of a single, centralized directory service, gave an overview of the EAD Adoption Project and outlined the roadmap for the EAD service at Penn State.

According to Brautigam, Penn State's implementation of EAD provides multiple benefits both to local IT units and to the University as a whole.

For instance, the EAD's centralized, automated account management system eliminates the need to manually maintain user accounts, freeing local, unit IT staff members to focus on activities that uniquely benefit the unit they support. By using EAD, units also transfer the activities, risks and expense required to maintain business continuity and security to the OIS and EIT.

In addition, by incorporating CyberArk integration, automated account and password management, and advanced threat analytics, as well as support for DFS Namespace, Unified Namespace, native Kerberos authentication and LAPS, the EAD implementation will address many of the limitations and issues with the existing ACCESS domain.

Most importantly, the entire University will benefit through effective security, greater operational efficiency, and more efficient deployment of vendor products and services — akin to the recent, successful University-wide implementation of Microsoft Office 365 — by using the EAD service.

"We are working to establish a culture of continuous improvement, including within our technology community," said Michael Kubit, vice president for Information Technology and chief information officer. "Enterprise Active Directory lays a foundation for authentication and authorization that we can build upon as we deploy related services. Having EAD in place is helping us to catch up to where we should be as an institution, as far as efficiency and security."

To view a PDF copy of the EAD presentation from the 2019 Tech Pros Conference, visit https://eadap.psu.edu/resources/.

To learn more about the benefits of EAD and the EAD adoption project, visit the Enterprise Active Directory Adoption Project website.

Last Updated June 26, 2019