JYSK Nordic improves its Active Directory infrastructure

Lindsay James
Lindsay James
By Lindsay James on 12 September 2016
JYSK Nordic improves its Active Directory infrastructure

This article first appeared in the Summer 2016 issue of The Record.

With more than 10,000 employees and 1,000 stores in 19 countries, JYSK Nordic is a massive enterprise – and still growing. Managing the far-flung Active Directory infrastructure was a challenge as the local IT teams in each country implemented their own unique naming conventions, so there was no standardisation. In addition, there were few controls over the domain admin approval process.

“We needed to find a system that could give us complete control over Active Directory roles and access credentials,” says Michael Gorm Jensen, system administrator IT server operations for JYSK Nordic.

To manage the sprawling, international enterprise, the IT server operations team was using a combination of native Active Directory management utilities and a cumbersome third-party solution that required hiring consultants to update and make changes. The third-party solution centralised much of the Active Directory administrative work, but it was so inflexible that it required constant coordination between managers and regional service centres and the HQ service centre in Denmark. The country-based centres were unable to provision, change or de-provision users or domain admins.

Often, the process consisted of multiple phone calls from a contact in the country requesting user access changes. Service centre technicians were unable to access user information and ultimately had to take the caller’s word that the information they gave was accurate and the request was legitimate. If any mistakes were made with user information or domain admin entries, or if they did not exactly match the unique country naming convention, the access did not work. Then the service techs would have to delete the user and start again.

Despite this, due to a commitment to rock-solid security practices, JYSK Nordic’s overall IT infrastructure was protected and had experienced no breaches. The Active Directory architecture was a completely closed system.

The IT server operations team recently upgraded all the hardware in the server room to support approximately 450 virtual servers, the backup systems and other resources located in the 19 countries that made up their operating region. Each country has a physical administration server that runs several virtual servers in the country, including print, file and salary servers. Large countries have a dedicated anti-virus server, with smaller markets sharing a centralised anti-virus server. The IT server operations team managed all the physical and virtual servers and were tasked with performing ongoing maintenance, development and any other work needed to keep the systems running smoothly.

To bring a new level of efficiency to user and domain admin access, JYSK Nordic needed a tool that brought easy and simple structure that could be repeated across country borders. It needed to provide a clear view of processes, user information and data resources, and support expansion including cloud resources and federated credentials. It looked at upgrading its existing tool but quickly eliminated that idea.

After assessing a number of tools, the retailer successfully tested Dell Active Roles in its HQ service centre before rolling it out to all its service centres. Now the team can do all the Active Directory tasks – such as creating users, de-provisioning, changing titles, passwords and locations – without the need for corporate intervention. “It sounds so simple now, but before we implemented Active Roles that couldn’t happen,” says Jensen. “Every time they wanted to change a password or a surname, the local service centres had to contact us.”

JYSK Nordic’s IT server operations team now has control over permission groups and distribution groups. There are workflows for any changes to ensure that the requester actually should have the access they have requested and that all approvals are obtained before access is allowed.

Thanks to Active Roles, the service centres have access to all information about the user on one page. When a tech starts up Active Roles they instantly know which user they are dealing with, including the type of computer they are using, the serial number, their location – and they can perform all administrative tasks quickly and easily in Active Roles. All changes regarding access rights are automatically sent to the relevant manager for approval as part of the workflow.

“Active Roles made everything much easier for us and for the service centre – and even more so for the users,” said Jensen. “Our managers now have more control over who has access to which resources. Most importantly for us and the users in the service centre, we don’t have to take sole responsibility for granting access to the end user.

“When we rolled out Active Roles to the HQ service centre, they instantly picked it up as if they’d been using it for months. It’s so easy and intuitive to use. We have Active Roles running in all the service centres now in the 19 countries, and they’re very happy about it.”



Case study, Retail

Number of views (2136)/Comments (-)

Comments are only visible to subscribers.

Theme picker