Avoid Single Point of failure)

People with security certifications or related knowledge are aware of the importance of avoiding single point of failure (single point of failure. Just like Achilles heel, spof is what should be avoided when designing IT infrastructure, not to mention all other aspects of the company ). If the company only depends on one factor, part, system, device, or person, it exposes its single point of failure.

In general, companies only consider convenience and low cost when planning network design, while ignoring Security. Security here is called feasibility, mainly to avoid spof. If you cannot obtain online resources or contact people on other networks, the feasibility will be compromised. Any risks involving the exchange timeliness and bandwidth should be fully taken into account.

So, how can we avoid spof when using Active Directory? This requires understanding how AD works and how the company's IT infrastructure works.

First and foremost, each domain must have at least two domain controllers. If you can afford the cost, I suggest preparing 3, with an additional protective layer.

Second, do not place the domain controller in the same physical location. Prepare at least two data centers. If a machine room is damaged by humans, fire or other damages, other machine rooms can still be used.

Third, multiple AD dependent systems are subordinate. The most important thing is the DNS system. Make sure to back up or prepare two DNS servers in each domain.

Fourth, consider connecting lines. Is there only one connection line between each network and the domain controller? Deploy at least two NICs in each domain so that they can be accessed through multiple channels.

Obviously, these suggestions will increase the cost of deploying and maintaining the AD infrastructure. However, when a problem occurs, these protection fees are definitely cheaper than the maintenance fees, such as the relevant responsibilities) and are worth the money.