Customer Solution Case Study
/ / Real Estate Service Firm Switches From Novell to Windows for Single Directory Service
Overview
Country or Region:United States
Industry:Real Estate
Customer Profile
Headquartered in Los Angeles, California, CB Richard Ellis is a leading commercial real estate service company. Including partners and affiliates, the company has more than 300 offices in 50countries.
Business Situation
CB Richard Ellis had a mixed IT environment and wanted to simplify system management, consolidate multiple directories, and improve availability of critical information.
Solution
Microsoft® Windows Server™ 2003 with Active Directory® provides CB Richard Ellis with a centralized directory service, which improves administrative efficiency and access to critical applications such as email and Internet services.
Benefits
Centralized management of services
Increased administrative productivity
Improved security
Single sign-on capabilities / “With Windows Server 2003, we are efficiently consolidating to a single directory service and getting the enhanced messaging capabilities and better desktop e-mail access that we wanted.”
Bill York, Director of IT, Network Technical Services, CB Richard Ellis
A top priority for CB Richard Ellis, the leading commercial real estate service company, is keeping clients, employees, and partners in touch with critical business information. Maintaining information accessibility and keeping lines of communication open on an older, mixed-environment IT infrastructure was difficult and inefficient. With help from Microsoft® Services, CBRichard Ellis is upgrading Novell NetWare 4.12 and Microsoft Windows NT® Server 4.0–based servers to Microsoft Windows Server™ 2003 with Active Directory® to manage user accounts, and Microsoft Exchange Server 2003 to support company communications. Now the firm can combine directory services into a single enterprisewide directory, centrally manage services for 7,500U.S.-based users, simplify server management, and increase administrative and end-user productivity, all while maintaining system security requirements.
Situation
From more than 300 offices in 50 countries (including partners and affiliates), staff at CB Richard Ellis work with occupiers, owners, and investors in office, retail, industrial, multifamily, and other commercial real estate assets. The firm delivers strategic advice and execution for property leasing and sales; property, facility, and project management; corporate services; debt and equity financing; investment management; valuation and appraisal; research and investment strategy; and consulting.
Robust IT systems are required to provide staff with access to mission-critical information to meet the requirements of theircompetencies as well as to provide communication capabilities to connect staff with each other.However, using an aging, mixed-environment IT infrastructure—with multiple directory services spread among divisions throughout geographically dispersed office locations—was creating mounting administrative inefficiencies for the company’s IT staff.
Some divisions were using the Microsoft® Exchange Server version 5.5 communication and collaboration server and the Microsoft Windows NT®Server 4.0 operating system for their messaging and application directories; others were using eDirectory directory services on the Novell NetWare platform. It was becoming increasingly costly for the company and difficult for administrators to manage multiple platforms and maintain the availability and reliability of critical servicessuch as e-mail and Internet access.
To increase efficiencies, CB Richard Ellis wanted to standardize on a single technology platform, combine its directory services into an enterprisewide directory, and delegate administrative office authority to appropriate divisions, without compromising system security.
Solution
To increase operational efficiencies, help ensure system availability and reliability, and reduce costs, managers at CB Richard Ellis began researching the benefits of standardizing on either Novell or Microsoft software.
Upgrading the organization’s existing Novell system and moving all services to NetWare was not a good option because decision makers at CB Richard Ellis wanted to continue to use Microsoft Exchange Server for the messaging and collaboration efficiencies that it offered, and it would be more efficient to consolidate onto a single directory than maintaining two directories. After further review of the featuresand values associated with Novell and Microsoft technologies, CB Richard Ellis selected the Microsoft Windows Server™ 2003 operating system, part of Windows Server System™ integrated server software, as the standard for its IT environment.
“With Windows Server 2003, we are efficiently consolidating to a single directory service and getting the enhanced messaging capabilities and better desktop e-mail access that we wanted,” explains Bill York, Director of IT, Network Technical Services, CB Richard Ellis. “Plus we can expect improved e-mail reliability with [Microsoft] Exchange Server 2003.”
The IT group at CB Richard Ellis is consolidating server computers as it moves Windows NT Server 4.0 domains and NetWare 4.12–based servers to Windows Server 2003 Standard Edition with Active Directory®directory service. The move includes migrating file and print services to Windows Server 2003 and upgrading the messaging system from Exchange Server 5.5 to Exchange Server 2003. The Active Directory and Exchange Server 2003 rollout is expected to be complete by the end of 2005, with the file and print service migration to be completed by the end of 2006.
When finished, the migration will allow centralized management of services for thecompany’s 7,500 users in its U.S.-based operations. In addition, the project includes linking Exchange Server 2003 with the company’s customer relationship management portal.
CB Richard Ellis has already consolidated 120 field Exchange Server 5.5 domains in its U.S. operation down to threeExchange Server 2003–basedserver computersand three Active Directory domains. “We’re already seeing significant reductions in administrative overhead, and we expect even greater savings as server consolidation progresses,” saysYork.
Throughout the design of its Active Directory service, CB Richard Ellis worked closely with Microsoft Services to identify best practices and get advice on Group Policy settings, with an emphasis on “least privilege” settings, which allow users just enough privileges to do their jobs. By adopting a standard of least privilege, the company is limiting the number of IT staffers with domain administration privileges to one small group. Other IT support personnel receive the minimum permissions required to complete the functions for which they are responsible. In addition, each IT staff member has two user accounts—one account that is used for daily work activities, and one administrative account that is used only when the individual is required to perform administrative functions.
With Active Directory, IT administrators can implement a hierarchical directory structure that allows them to delegate administrative authority at any point in the directory, while maintaining central management of the overall infrastructure. Organizationalregions will be able to maintain their own user accounts and user databases, while retaining access to centralized corporate applications.
To support its enterprisewide directory service, administrators elected to use a single ActiveDirectory forest and deployed Exchange Server 2003 in that forest. Having all its resources contained in a single Active Directory forest is providing a streamlined administrative model, a single global address list that contains all users across the enterprise, and centralized application access for the different divisions.
During rollout of the new solution, which is approximately 35 percent complete, and until all services are migrated to Active Directory, CB Richard Ellis is using Microsoft Identity Integration Server (MIIS) 2003 for password synchronization between NetWare and Windows Server 2003.
Benefits
By moving from a mixed-environment IT infrastructure to Windows Server System, CB Richard Ellis is gaining efficiencies associated with a single technology foundation as well as centralized directory services. The benefits includesimplified system management through centralized services, increased administrative productivity, improved system security provided by ActiveDirectory, and single sign-on efficiencies.
Centralized Management of Services
The previous mixed environment of server computers and services spread throughout geographically dispersed office locations required a large number of IT administrators to manage system operations. The upgrade and consolidation effort provides enterprisewide services from a central data center, resulting in fewer servers to manage overall. “While we haven’t really reduced the number of administrators in our environment, we are moving from a model that granted full administrative access to our field administrators to a more tightly managed model that grants domain administration access to only a small group of centralized administrators, which simplifies management of our IT systems significantly,” notes York.
Increased Administrative Productivity
In addition to being more effective for users, single sign-on efficiencies translate to administrative cost savings. “Multiple IDs, multiple passwords, and synchronization requirements were challenging for our IT managers,” explains York. “And resetting user names and passwords whenever someone forgot logon information was costly and time-consuming. We anticipate that these problems will be a thing of the past with Active Directory.”
Because Active Directory provides the ability to clearly define the administrative scope, the company also anticipates increasing overall administrative productivity.
Improved Security
Adopting a stricter security model and decreasing the number of domain administrators (from more than70 in multiple functional groups to approximately 10 within the same functional group) has allowed CB Richard Ellis to maintain tighter management over security throughout its domain. “With a security model of least privilege settings, a domain security policy that requires all our user accounts to maintain strong passwords and resets every 90 days, and elimination ofgeneric user accounts byrequiring all accounts to be named, we have been able to greatly increase our system security overall,” Yorkconcludes.
Single Sign-On Capabilities
Prior to moving to Active Directory, each enduser throughout the organization had tomaintain two primary user names and passwords—one for Windows NT Server 4.0 authentication and one for NetWare authentication—as well as different passwords for other applications. And it was up to the user to manually synchronize these accounts if he or she wanted to avoid having to remember two user names and passwords. That was not only inconvenient for end users but also costly to administrators when users forgot one or more of their logon attributes.
Active Directory provides single sign on to integrated applications through Microsoft Windows®operating system integrated authentication. This allows users to authenticate to multiple applications without needing separate user accounts, which provides easy access to the critical information, databases, e-mail, and Internet sources that they need to do their jobs efficiently.
Microsoft Windows Server System
Microsoft Windows Server System is a line of integrated and manageable server software designed to reduce the complexity and cost of IT. Windows Server System enables you to spend less time and budget on managing your systems so that you can focus your resources on other priorities for you and your business.
For more information about Windows Server System, go to: