The Dun & Bradstreet Corporation is an American company that provides commercial data, analytics, and insights for businesses. Headquartered in Jacksonville, Florida, the company offers a wide range of products and services for risk and financial analysis, operations and supply, and sales and marketing professionals, as well as research and insights on global business issues. It serves customers in government and industries such as communications, technology, strategic financial services, and retail, telecommunications, and manufacturing markets.
Often referred to as D&B, the company’s database contains over 300 million business records worldwide.
Dun and Bradstreet identified some legacy systems that are running old and unsupported systems. The systems identified were Active Directory and Exchange. Comans identified these systems were at risk as there is no longer support available from the vendor and they are no longer patched for security vulnerabilities.
Comans also identified is the use of certificates that use the SHA1 hashing algorithm what has been identified as potentially no longer secure. This plan includes implementing SHA2 for using a new certificate authority.
The Comans target state for the design and implementation for this project was that the active directory was to be centralised and have 5 Windows Server 2012 R2 domain controllers. 2 each in the Melbourne office and Datacentre, and one in the Auckland office as it has a large call centre.
Windows Server 2012 R2 was chosen because of licensing availability, however, Windows server 2016/2019 could also be used. By having 5 domain controllers there will be adequate redundancy in case of failure as the database is synchronised across all 5 domain controllers. The remote sites without domain controllers will be able to use the network links and local authentication caching.
The current Certificate Authority was updated to SHA2. It was recommended to install a new PKI certificate Authority on its own server to remove any issues with potential impacts between roles.
The first stage was to remove and replace the Windows 2003 with Windows 2012 R2 domain controllers and then remove the Windows 2008 Domain controllers.
- There was a dependency to remove the Microsoft message queue service before it could be decommissioned.
- The Active Directory schema was updated to support the new domain controllers. This was done before any Windows Server 2012 R2 domain controllers were promoted.
- DHCP and DNS were migrated to the new domain controllers.
- The domain and forest functional level will need to be raised to 2008 to support the new version of Exchange.
The new Microsoft Exchange 2016 environment replaced the current Exchange infrastructure. Two servers were used in the new environment for redundancy. The servers will be split across the 2 datacentres in Melbourne to provide redundancy in case of a site issue. All databases will be replicated between the servers using a database availability group(DAG).
A load balancer was recommended for the front-end connections for exchange especially as 2 or more servers are used.
Request a free consultation