Before the computer and networking
environment can be managed effectively, an organization and its IT
group must first define how the systems and components will be assigned
and managed. The job of delegating responsibility for the network
defines the organization’s administrative model. Three different types
of administrative models can be used to logically break up the
management of the enterprise network between several IT specialists or
departments within the organization’s IT division. These models are as
follows:
• Centralized
• Distributed
• Mixed
When there is no administrative model, the
environment is managed chaotically, and the bulk of work is usually
made up of reactive troubleshooting (that is, firefighting). This can
often require server updates and modifications to occur with short
notice and proper planning or testing. Also, when administrative or
maintenance tasks are not performed correctly or consistently, securing
the environment and auditing administrative events are nearly
impossible. Environments that do not follow an administrative model are
administered inefficiently and problems are addressed reactively rather
than proactively.
To choose or define the correct
administrative model, the organization must discover what services are
needed in each location and where the administrators with the skills to
manage these services are located. Placing administrators in remote
offices that require very little IT administration might be a waste of
money, but when the small group is composed of VIPs in the company, it
might be a good idea to give these elite users the highest level of
service available.
The Centralized Administration Model
The centralized administration model
is simple in concept: All the IT-related administration is controlled
by one group, usually located at one physical location. In the
centralized model, all the critical servers are housed in one or a few
locations instead of distributed at each location. This arrangement
allows for a central backup and always having the correct IT staff
member available when a server fails. For example, if an organization
uses the Microsoft Exchange Server 2010 messaging server and a server
is located at each site, a qualified staff member might not be
available at each location if data or the entire server must be
recovered from backup. In such a scenario, administration would be
handled remotely with inherent challenges related to distance, time
zone and more. However, in a centralized administration model, both the
Exchange Server 2010 administrator and the servers would be located in
a single, central location (often the same location). This allows
administration, support and data protection/recovery to be handled as
efficiently and effectively as possible.
The Distributed Administration Model
The distributed administration model is the
opposite of the centralized model in that tasks are divided among IT
and non-IT staff members in various locations. The rights to perform
administrative tasks can be granted based on geography, department, or
job function. Also, administrative control can be granted for a
specific network service such as domain name system (DNS) or Dynamic
Host Configuration Protocol (DHCP). This allows separation of server
and workstation administration without giving administrators more
rights than are required to fulfill their job requirements.
Windows Server 2012 systems allow
for granular administrative rights and permissions, giving enterprise
administrators more flexibility when assigning tasks to staff members.
Historically, distributed administration based only on geographic
proximity is commonly found among organizations. After all, if a
physical visit to the server, workstation, or network device is needed,
having the closest qualified administrator responsible for it might
prove more effective. More recently with the proliferation of server
virtualization and advanced remote access technologies, remote
management of servers is becoming the norm.
The Mixed Administration Model
The mixed administration model is a
mix of administrative responsibilities, using both centralized and
distributed administration. One example could be that all security
policies and standard server configurations are defined from a central
site or headquarters, but the implementation and management of servers
are defined by physical location, limiting administrators from changing
configurations on servers in other locations. Also, the rights to
manage a subset of user accounts can be delegated to provide even more
flexibility in a distributed administration model on a per-site or
per-department basis.