Begin design with a
single domain and only add domains when necessary. If your infrastructure needs
decentralized administration, you may need to add child domains to your
existing domain structure. Multiple interconnected domains may be useful if
your organization requires its own IT structure to manage Unified ICM, and
there are no plans to consolidate the domains into a centralized model. A
domain acts as a security boundary for most types of activities and blocks
administration from escaping the boundaries of the domain. NT domains inherit
many of their associated limitations. This design approach operates in much the
same way. Try to centralize administration before you deploy AD because you
gain more AD advantages. AD advantages include centralized management, a
simpler deployment model, simplified user and group management, and enhanced
operability. The following figure demonstrates the default boundary in this
topology. Assign the rights to give the user access to resources in the parent
Figure 5. Active Directory
limitations (such as extremely slow or unreliable links), segment the user
population into separate groups. This segmentation helps to limit replication
activity between domains and makes it easier to provide support during working
hours in distant time zones. AD sites throttle replication across slow links.
Slow links by themselves do not mean you must create multiple domains.
Administrative flexibility is the main reason to create a domain for
geographical reasons. For example, if you experience a network problem in Asia,
a local administrator has the power and resources to administer the Asia
domain. You do not need to contact a North American administrator.
Figure 6. Regional
The single tree
multiple child domain model allows each region to perform its own
administration, creating an easily distributed and flexible topology. This
domain model allows for a wide support base with immediate incident response.
It also keeps the deployment clean and logical.
For Unified ICM, the
addition of multiple child domains retains some of the old familiarity of NT4
topologies but gives an ease of delegation. This topology appeals to some
service providers. The logical boundary of the domains can provide a clear
delineation in the NAM/CICM relationship while still maintaining AD
The single tree
multiple child domain topology provides a contiguous namespace where the DNS
domain names relate to the naming convention.
Figure 7. Contiguous
The flexibility in
this model is apparent. However, you must be familiar with your organization
requirements for a distributed, collaborative application such as Unified ICM.
Use the simplest possible topology that meets your requirements.