Skip to content

Administrative TieringΒΆ

flowchart TD
    T0[Tier 0 - Identity Plane]
    T1[Tier 1 - Servers]
    T2[Tier 2 - Workstations]

    T0 --> DC[Domain Controllers]
    T0 --> PKI[PKI]
    T0 --> AD[AD Admin Groups]

    T1 --> FS[File Servers]
    T1 --> APP[Application Servers]
    T1 --> MON[Monitoring]

    T2 --> WKS[Workstations]
    T2 --> USERS[User Support]

    T2 -. must not administer .-> T0
    T1 -. must not administer .-> T0