Network Segmentation & Active Directory Modernization for Secure Cloud Readiness

VLAN Segmentation, Active Directory Upgrade, and Identity Services Modernization

Building a Secure Foundation for Modern Identity and Network Services

This Maryland healthcare regulatory agency embarked on a comprehensive infrastructure modernization initiative designed to improve network security, simplify administration, support new cloud services, and replace aging identity infrastructure approaching end of support. The agency needed to modernize core services while creating a more secure and manageable environment capable of supporting future technology initiatives and evolving compliance requirements.

To achieve these goals, Data Networks delivered a network segmentation and Active Directory modernization project that combined VLAN-based traffic isolation, Active Directory upgrades, DHCP modernization, certificate management services, and cloud-ready directory integration.

The resulting environment established a more secure and scalable infrastructure foundation while positioning the agency to support future identity integrations, including planned cloud services and Okta authentication capabilities.

Addressing Legacy Infrastructure and Security Challenges

The agency’s existing environment faced several challenges that limited its ability to support modern security and identity requirements. Active Directory domain controllers were operating on Windows Server 2012 R2, a platform approaching end of support that increased operational risk and restricted access to newer Active Directory capabilities.

At the same time, the agency needed to improve network security through greater traffic segmentation. Existing network services, infrastructure systems, user devices, and guest wireless traffic required clearer separation to reduce risk, improve administrative control, and align with evolving security policies.

The agency also needed to prepare for future cloud service adoption and identity integrations. Planned implementation of Okta required a modern directory architecture capable of supporting LDAP-based authentication while maintaining compatibility with existing Active Directory services.

Additionally, the agency sought to improve certificate management and device trust capabilities by implementing an enterprise Public Key Infrastructure (PKI) solution capable of supporting certificates, revocation services, and future security initiatives.

Deploying Network Segmentation and Identity Infrastructure Modernization

Data Networks designed and implemented a comprehensive modernization strategy focused on both network architecture and core identity services.

The project included:

• Reconfiguration of the IP addressing scheme across the organization
• Deployment of three segmented VLANs for infrastructure, client, and guest traffic
• Reconfiguration of network switches and VLAN assignments
• Migration of servers, workstations, printers, management interfaces, and network devices to the new IP schema
• Active Directory upgrade from Windows Server 2012 R2 to Windows Server 2019
• Active Directory replication modernization from FRS to DFS Replication
• Domain controller deployment and migration
• Domain functional level upgrade
• DHCP scope redesign and VLAN-aware DHCP services
• DHCP relay reconfiguration and validation
• Deployment of Active Directory Certificate Services (AD CS) Enterprise
• Certificate Authority configuration and certificate lifecycle management
• Certificate Revocation List (CRL) deployment and publishing
• Deployment of Active Directory Lightweight Directory Services (AD LDS)
• LDAP integration preparation for future Okta implementation
• Knowledge transfer and administrative training

As part of the network modernization effort, Data Networks segmented the environment into dedicated VLANs supporting infrastructure systems, client devices, and guest wireless access. This architecture improved security by isolating critical systems from user and guest traffic while simplifying ongoing administration and policy enforcement.

The Active Directory modernization initiative simultaneously upgraded core identity services and introduced enterprise certificate management capabilities that strengthened device authentication, service trust relationships, and overall security posture.

Delivering a Secure and Cloud-Ready Infrastructure Platform

Following implementation, the agency gained a modernized identity and network infrastructure platform capable of supporting current operational requirements and future cloud initiatives.

Network segmentation improved security, traffic isolation, and administrative visibility while reducing risk associated with flat network architectures. The upgraded Active Directory environment provided a supported and scalable identity platform capable of supporting modern authentication, management, and security requirements.

Deployment of Active Directory Certificate Services introduced centralized certificate lifecycle management, while Active Directory Lightweight Directory Services established a directory framework ready to support future Okta integration and cloud-based identity initiatives.

By combining network segmentation, identity modernization, and enterprise certificate services into a single coordinated project, Data Networks helped the agency improve security, simplify administration, and establish a strong foundation for future digital transformation efforts.

Tags: SLG, local, government, healthcare, data center, datacenter, Microsoft