There are a number of security models to use with your OIS implementation. The following sections list the most common security models for OIS implementations and explain the limitations of each model. The discussion does not list advantages or disadvantages, as the existing security infrastructure is not likely to change because of the addition of OIS.
Single Domain Security
The single domain security model is where all OIS components are used within a single Active Directory domain. This is the normal model used by most installations and the one for which OIS was primarily designed. There are no special considerations for using this model; the account used by Action Server service is the default privilege for all policies and should not present any challenges because all the resources are within the same domain. Figure 3.13 shows a diagram of a single domain security model.
Figure 3.13 Single domain security
The federated domain security model is where all OIS components are used within a single Active Directory domain but the Action Servers act against automation targets in a second domain for which a trust relationship exists. This model is less common, although used by some organizations. The only considerations for using this model are that the account used by Action Server service has appropriate rights on the target systems by virtual of the trust relationship. Other than the trust itself, this model is essentially the same as the single domain Model. Figure 3.14 shows a diagram of a federated domain security model.
Figure 3.14 Federated domains
Untrusted Security Model
The untrusted security model is where two domains exist but there is no trust between them. Both domains require automation and require their own installations of OIS. Generally, this is an undesirable configuration for OIS as the two installations are needed because of a lack of trust. It might be possible to carry out some limited automation across untrusted domains using impersonation or by specifying credentials from the other domain, but this is a challenging configuration. Figure 3.15 shows a diagram of an untrusted security model.
Figure 3.15 Untrusted security model