Welcome to Hay Buv Toys

This paper is part of a series of white papers known as " The Smart Card Deployment Cookbook. "

On This Page

The Hay Buv Toys IT Infrastructure
Security Issues


Hay Buv Toys (HBT) is one of the leading toy companies in the United States and Europe. HBT uses cutting-edge technology to develop the latest in techno toys. HBT has its headquarters and also a major subsidiary in Seattle, with other major subsidiaries in New York, London, and Tokyo. Hay Buv Toys stores are worldwide, and the expansion rate is tremendous. HBT plans to extend its infrastructure to South America in the near future.

The Hay Buv Toys IT Infrastructure

The HBT information technology (IT) infrastructure is centralized in the major subsidiaries. Most of the server systems and Line of Business (LOB) applications are located in Seattle, New York, London, and Tokyo. These servers and applications represent the USWest, USEast, Europe, and East Asia sales regions, as shown in the following figure. All business data is replicated in the hubs.


All data is accessed from the corresponding IT hub in a sales region. Only the larger HBT toy stores have their own domain controllers and file servers. Other stores use the IT services provided by HBT headquarters. All HBT toy stores, subsidiaries, and headquarters are connected through a wide area network (WAN). HBT sales representatives build dial-up connections from remote access servers to the major IT hubs.

HBT is currently migrating from a Microsoft Windows NT environment to a Microsoft Windows 2000 environment. The Active Directory HBT design is shown in the following illustration.


HBT developed an Active Directory design based on its sales regions, so the domain architecture follows a geographic design model. A root domain and child domains for the major sales regionsUSWest, USEast, Europe, and East Asiahave been established. The HBT organizational areasSales, Finance, and Marketingare covered in each child domain by organizational units.

Security Issues

Many of the core business processes of HBT are already handled electronically. Exchanging e-mails, signing contracts, and accessing electronic data and information are minor parts of this process. External communication and electronic transactions with business partners are critical. New and improved business relations will be generated from technologies such as e-commerce. Therefore, security is an important issue for HBT. Potential security issues exist in the following scenarios:

  • Communication between regional headquarters and the individual toy stores is not secured. width="75%" although some information is highly confidential, the WAN is not owned by HBT.

  • Internal and external e-mail communication must be kept confidential. Also, the integrity of orders that are sent and received by HBT partners must be maintained.

  • HBT has deployed new macros for Microsoft Office 2000 to ensure current virus protection.

  • HBT will eventually connect its sales representatives to the Internet.

  • Application development is based on COM+ (Message Queuing, also known as MSMQ). HBT is looking for a solution to provide enhanced message security.

  • Restrictive password policies require complex passwords.

  • Web applications with payment functionality are provided to customers. Internal Web applications also exist.

  • Mobile users work with sensitive data and information, such as contracts.

HBT prefers to use a technology based on public key methods that are well known in the Internet community. This ensures privacy and information integrity, and allows interoperability with other systems. A Public Key Infrastructure (PKI) is the common framework for this type of technology. The goal of HBT is to deploy PKI in order to address its business requirements.

Microsoft Enterprise Services

Jung-Uh Yang: MCS Germany

March 2001

For information about Enterprise Services, see http://www.microsoft.com/es/.

Companies, organizations, products, people, and events depicted in examples in this paper are fictitious. No association with any real company, organization, product, person, or event is intended or should be inferred.