Customer Solution Case Study
/ / Kimball Hill Homes Simplifies IT Management with Windows Active Directory
Overview
Country:United States
Industry:Construction
Customer Profile
Kimball Hill Homes, of Rolling Meadows, Illinois, is one of the largest home-building firms in the United States. In fiscal 2002–2003, the company built nearly 3,500 homes and posted revenues in excess of U.S.$820 million.
Business Situation
The company’s Windows NT®–based peer-to-peer network lacked the tools for managing rapid growth, ensuring security, performing centralized administration, and allowing easy network connection for users.
Solution
Kimball Hill Homes implemented Microsoft®Windows ServerTM 2003, including Active Directory®. The IT staff now manages its PC holdings more efficiently with centralized directory services and group security.
Benefits
Centralized network management
Rapid growth with less IT hiring
Better protection of network resources
Easier connectivity for users
Foundation for new technologies / “We estimate that Active Directory has allowed us to defer adding IT head count for at least six months to a year.”
Frank Scaramuzza, Chief Information Officer, Kimball Hill Homes
Kimball Hill Homes needed a simpler way to centrally manage its IT infrastructure, which had expanded from 500 to 650 systems in two years. Also, sales staff and executives, who travel frequently between offices, needed a quick, easy, and secure way to connect to the corporate network. Kimball Hill Homes solved these problems with Microsoft® Windows ServerTM 2003 and Active Directory®. Features such as centralized directory services, centralized security, and single signon have dramatically reduced the time that IT professionals spend on routine network management and allow Kimball Hill Homes to continue its rapid growth without frequent increases in IT head count. Management costs are lower, the network is more secure, and the company is now able to take advantage of new capabilities such as portals.
Situation
Although most other industries have experienced an economic slump over the last couple of years, home building has boomed. Kimball Hill Homes, one of the top privately held home-building firms in the United States, has felt the surge. The company grew 62 percent from 2000 to 2003, adding 300 employees and posting revenues of U.S.$820 million in 2003.
The small IT staff also felt the surge, as it struggled to manage a PC base that mushroomed from 500 systems to approximately 650 systems in two years. The company’s old infrastructure—based on the Microsoft® Windows NT® Server operating system version 4.0—lacked the tools for single-point network administration, stringent security, and easy connectivity. Using antiquated DNS (Domain Name System) and WINS (Windows® Internet Naming Services) technologies, Kimball Hill Homes IT staffers spent 15 to 30 minutes per PC just on assigning IP addresses.
While the IT department was encouraging increased PC use throughout the company, to support the corporate goal of increased organizational effectiveness, the department was wilting under the workload. The eight staffers were constantly inundated with requests to set up and change user accounts, assign passwords, perform time-intensive software installations, and carry out other routine network administrative chores. Under Windows NT, they had to manually provide authorizations for every server and every application that a user needed to access—and change those authorizations when the user moved.
Needless to say, users were just as frustrated as IT staffers were. Traveling executives and salespeople, especially, often forgot passwords or encountered problems when trying to log on to the network using notebook computers. They lost valuable time trying to troubleshoot problems and waiting for help-desk assistance. Some workers simply wouldn’t connect to avoid the hassle, thereby missing important e-mail and holding up decision-making processes.
As a result of the difficulty of setting up authorizations, network security suffered. To mitigate the constant work of assigning and changing user passwords, IT personnel simply assigned users “anonymous guest access” privileges, which allowed password-free connection to the network from any PC. This essentially flung the Kimball Hill Homes network wide open.
“Our management projects that Kimball Hill Homes has the potential to double in size within the next three to five years, so we knew that the problems were only going to get worse,” explains Frank Scaramuzza, Chief Information Officer (CIO) of Kimball Hill Homes. “We wanted to put tools in place that would allow the IT department to easily manage growth and work more efficiently and cost-effectively.”
Solution
Kimball Hill Homes evaluated not only Windows-based solutions but also Linux-based solutions and Samba-based (open source) software for providing file and print services. Ultimately, the company decided to upgrade its infrastructure to the Microsoft Windows ServerTM 2003 operating system with the Windows Active Directory® service.
“A Microsoft solution made the most sense,” Scaramuzza says. “Microsoft represents stability and continued enhancement. Its products are feature rich, and the fact that Active Directory is tied to the operating system simplifies employee learning. ”
Kimball Hill Homes hired Microsoft Certified Partner sitebuilder.org to help with its Active Directory rollout. The schedule was aggressive: In five weeks, the company wanted Windows Server 2003, Standard Edition, installed on 10divisional servers and an Active Directory–based infrastructure set up for all 650 PCs. Also, there could be no service interruptions during the rollout.
Sitebuilder.org’s Chief Technical Architect,Edwin Voskamp, single-handedly built an entirely new network infrastructure for Kimball Hill Homes. He spent about two weeks analyzing and understanding the existing environment, then another two weeks designing the Active Directory configuration. Voskamp wrote instructions for converting the 650 PCs and hired subcontractors to bring them into the domain one by one.
“Sitebuilder.org was an excellent partner,” Scaramuzza says. “They brought an extraordinary level of expertise in network protocols and Active Directory architecture. They built administrative tools for us and gave us a solid understanding of how we can use Active Directory to add new capabilities down the road. If we had attempted the implementation without them, the level of disruption would easily have been 10 times what it was. I also would have lost a staff member to the effort.”
Sitebuilder.org created 11 domain controllers: one primary domain controller, in Kimball Hill Homes’ headquarters in Rolling Meadows, Illinois, and 10secondary domain controllers. The 10 regional domain controllers serve as backup systems for the primary domain controller. All Active Directory information is replicated on all 11 servers. If a server goes down, the Windows Server 2003 Network Location Awareness feature automatically locates the closest available server able to receive user logon requests and switches traffic to that server.
Approximately 300 of Kimball Hill Homes’ 650 PCs run the Microsoft Windows XP Professional operating system; the rest run Windows 98.
Benefits
Centralized, Streamlined Network Management
In Active Directory, the Kimball Hill Homes IT staff has a tool chest brimming with time-saving technologies. With a centralized directory infrastructure, IT professionals can easily manage all resources in the network—30 servers, 650 PCs, hard disks, 800 user names and passwords, and dozens of applications—from anywhere in the network. When employees move, leave, or join the company, the staff can easily create user accounts, assign application authorizations, assign file/print services, and handle other administrative tasks without the tedious and time-consuming work required before.
“We can essentially guarantee all employees access to the network from anywhere,” Scaramuzza says. “Our IT staff is not bogged down by troubleshooting network address settings, and users are not wasting time calling the help desk. We’re really looking forward to a drop in the number of help-desk incidents related to logging on, forgotten passwords, IP addresses, and the like.”
As one example of how the solution simplifies network management, Active Directory dramatically reduces the amount of work required to set up IP addresses. Using old DNS and WINS technologies, IT personnel had to statically assign IP addresses, which required 15 to 30 minutes for each user. Windows Server 2003 and Active Directory use Dynamic Host Configuration Protocol (DHCP) to automatically assign IP addresses, virtually eliminating the manual setup time.
Another time-saver with far-reaching effects is the automated installation of software. The Active Directory Remote Installation Service allows Kimball Hill Homes to automatically install software from a central console without touching individual PCs. “We can write an Active Directory script to upgrade the Windows operating system, Lotus Notes, virus software, or any other application, saving conservatively 30 minutes per PC per application,” Scaramuzza says. “That’s 300 hours of work per upgrade that my staff no longer has to do. When you factor in travel time and costs, the savings are huge.”
Tighter User Account Security
Active Directory has allowed Kimball Hill Homes to close the security holes in its network. With single sign on, users can use the same password to access all applications that they are authorized to view and use. This has eliminated the use of “anonymous guest access” passwords and the associated security vulnerabilities. When employees join the company, leave, or move from office to office, the IT department can easily assign or change security privileges from the Chicago data center without laboriously hunting down and changing multiple authentications for multiple applications.
Lower Costs
Preliminary return on investment (ROI) studies have shown that, thanks to the Windows Server 2003 and Active Directory implementation, Kimball Hill Homes is saving money in two areas: productivity improvements and automation features. Based on the cost of managing 650 user accounts, 15 servers, and the mean annual pay rate for administrators and end users, Scaramuzza’s staff estimates that the company will save:
$25,000 annually from productivity improvements such as group security policy management.
$20,000 annually from automation features such as automated software upgrades and maintenance.
“All these savings are allowing us to manage the network infrastructure for an expanding employee base without additional head count,” Scaramuzza says. “We estimate that Active Directory has allowed us to defer adding IT head count for at least six months to a year.”
Kimball Hill Homes has discovered an unexpected savings in lower virtual private network (VPN) costs. Many remote users connect to the corporate LAN through a VPN. The company had reached the local user storage limit for its Cisco VPN concentrator, used to provide security, and was facing the purchase of a second $3,000 concentrator. Now, users use their Active Directory accounts to connect to the concentrator and use the Lightweight Directory Access Protocol (LDAP) to receive authentication. Users no longer have to connect to the VPN individually, which relieves the burden on the local user storage limit.
A final benefit comes in the form of worker productivity and goodwill. “We can’t measure the benefit of executives, salespeople, and other employees being able to connect to the network from any Kimball Hill Homes office,” Scaramuzza says. “Their ability to connect quickly and easily makes us look good and lets them get more work done every day.”
Gateway to New Capabilities
Windows Server 2003 and Active Directory give Kimball Hill Homes an infrastructure that will enable the company to continue growing and adding offices, employees, and PCs without hitting administrative roadblocks. A robust directory services infrastructure also gives Kimball Hill Homes the ability to roll out new technologies and capabilities that wouldn’t have been possible in a peer-to-peer network.
Microsoft WindowsSharePointTM Services is one such technology. Kimball Hill Homes has plans to implement SharePoint sitesas a way to share documents internally and externally. Through such portals, Kimball Hill Homes will be able to communicate more easily with its customer base as well as itstrade partners.
“Windows SharePoint Services is more powerful than another quarter-million-dollar technology that we evaluated,” Scaramuzza says. “We have great plans for it, and Active Directory will make it elementary for users to use their single sign on to access information on SharePoint sites without navigating menus. Active Directory will also provide heightened security for information on an externally accessed portal.”
Kimball Hill Homes is also investigating Windows Terminal Server as a way to make its IT infrastructure even more efficient by installing thin clients in field offices. Active Directory will make it easier to swap out and replace clients.
With its robust Windows Server 2003–based infrastructure, Kimball Hill Homes is well positioned to build the company while building new homes for thousands of Americans.
Windows Server 2003
The Microsoft Windows Server 2003 family helps organizations do more with less. Now you can run your IT infrastructure more efficiently,build better applications faster,and deliver the best infrastructure for enhancing user productivity. And you can do all this faster, more securely, and at lower cost. For more information about Windows Server 2003, please visit: