Running Head: WINDOWS NETWORK SERVICES PROPOSAL
Windows Network Services Proposal
Name:
Institution:
1
WINDOWS NETWORK SERVICES PROPOSAL
2
Table of Contents
Introduction ..................................................................................................................................... 4
Understanding International Market, Inc (IMI) .............................................................................. 4
Scope of Work ................................................................................................................................ 5
Server Management ........................................................................................................................ 5
• Operating System Installation and configuration ..................................................................... 5
• Network Configuration ............................................................................................................. 6
• Active Directory Installation .................................................................................................... 6
• Security Maintenance ............................................................................................................... 7
Antivirus Installation: .............................................................................................................. 7
Firewall creation: ..................................................................................................................... 7
Assumptions.................................................................................................................................... 7
Active Directory Infrastructure ....................................................................................................... 7
• Describe features of Windows Server 2012 that shall allow IMI to integrate the newly
acquired company’s domain into their existing forest. ............................................................... 7
• How shall Forest Functional Levels be implemented? ............................................................. 8
• How shall cross-forest trusts be implemented? ........................................................................ 8
• How shall replication be handled? ............................................................................................ 8
• Read-Only Domain Controllers - how shall they be used? ...................................................... 9
File and Storage Solutions .............................................................................................................. 9
• Shall BranchCache be used? Why/Why not? .......................................................................... 9
• How can Dynamic Access Control benefit the organization? ................................................ 10
• What about storage optimization? .......................................................................................... 10
WINDOWS NETWORK SERVICES PROPOSAL
3
Disaster Recovery ......................................................................................................................... 11
• How can Windows Server Backup be utilized?...................................................................... 11
• Shall the organization use Volume Shadow Copies? ............................................................. 11
DNS and DHCP ............................................................................................................................ 11
• How had DHCP installation and authorization been implemented? ...................................... 11
• Shall DHCP reservations be used for servers? ....................................................................... 11
• How shall IPv6 be utilized? .................................................................................................... 12
• How shall DNS be handled for the second site? ..................................................................... 12
High Availability .......................................................................................................................... 12
• What implementation of Hyper-V would benefit IMI? .......................................................... 12
• Network Load Balancing ........................................................................................................ 12
• Failover Clustering ................................................................................................................. 13
Active Directory Certificate Services ........................................................................................... 13
• Shall AD Certificate Services used in both domains need to be modified? ........................... 13
Active Directory Rights Management Services ............................................................................ 13
• What use of AD Rights Management Services can be implemented? ................................... 13
Active Directory Federation Services ............................................Error! Bookmark not defined.
• AD Federation Services .......................................................................................................... 13
Conclusion .................................................................................................................................... 13
References ..................................................................................................................................... 14
WINDOWS NETWORK SERVICES PROPOSAL
4
Introduction
Every time there is reorganization done in a company, different changes must
undoubtedly take place. The core areas that these changes occur to a vast degree are in the way
the business manages the information systems. The Information system has an extensive
coverage from the smallest departments to the top of the hierarchy. Any error in the system shall
always cause maximum disruption to the activities of the entire organization. This paper outlines
a proposal that shall make sure that there are no errors in the company network, principally in the
Active Directory settings. It also gives a distinct structure of how links between the head office
in Houston, TX can be securely established with that of the offices of the newly acquired Media
Guru Group based out of Richmond, VA.
Understanding International Market, Inc (IMI)
According to the provided data on IMI, it is apparent that the firm has two configuration
sites that are not parallel. This fact, therefore, makes it essential to make sure compatibility of the
configuration structures by creating media that shall ensure that this difference in the
configuration does not cause any failures. The goal is to create an interface that makes sure that
when the communication occurs, there is a translation known as decoding and encoding taking
place at both ends to make sure that the message from the different domains (Windows server
2012 and 2008) is translated to a form that the appropriate domain can easily understand.
Because of the additional site, there are first services that shall have to take place first. The
services are:
• A disaster recovery site must be established
• An Active Directory Additional Domain Controller must be installed and configured.
• Users must be configured to authenticate against the added Domain Controller
WINDOWS NETWORK SERVICES PROPOSAL
5
• Users must be rolled back to authenticate against the Primary Domain Controller.
The network devices such as the routers, the switches, and the network circuits shall be
located at the head office in Houston, TX; however, the site in Richmond shall also have its
network service through its central servers shall be in Houston. This design shall include healthy
Active Directory replication between the two sites. The diagram below shows how the new
Active Directory recovery domain controller shall be implemented. It shows how the servers
shall be set up and how the communication shall take place between these two organizations
(Edge Jr & Smith, 2015).
Scope of Work
The work done in the design of the new directory system shall be handled as follows
Server Management
• Operating System Installation and configuration
There shall be an installation of the OS on the servers and hardware of IMI and the creation of
OS patch on those same servers and their hardware.
WINDOWS NETWORK SERVICES PROPOSAL
6
• Network Configuration
There shall be a configuration of the IP-Addresses and connected subnets on Windows
Server (2008), for Media Guru Group and Windows server (2012), for the site in Houston, TX.
The configuration shall be based on the information provided by IMI on its operation structure
and employee distribution. Based on the configured network an appropriate NIC speed shall be
set accordingly. Since the networking equipment for both sites is already in place, the only issue
would be to create a link that shall ensure free communication. There shall be network adapters
that shall have to be customized to meet the required network functionality. Local Area Network
shall have to be created as well as a Metropolitan Network structure that shall ensure that the two
sites have their information communicated efficiently (Gavrilov & Cheung, 2013).
• Active Directory Installation
The directory shall have to be installed on the servers to manage the centralized activities
of the departments. Since other organization departments shall require privacy, they shall have
their domains configured with different directories to ensure they are the only ones that with
authorized access. Those activities of the Finance department that they shall want to be unique to
them shall go through the servers that are controlled by their administrators. The same shall
apply to any other department that wants privacy. The Active Directory shall be configured on
both servers on the R2 and R1 server for Houston and Richmond respectively. This means that
the Domain Controller for Houston shall be replicated in those for Media Guru Group in
Richmond. The DNS servers shall also be configured according to appropriate domain
namespace.
WINDOWS NETWORK SERVICES PROPOSAL
• Security Maintenance
In every organization, security of the information system is always a key concern. The
organization must always ensure that the system is secure enough before it can commence the
use of the system. The ways of ensuring that security is maintained through the following two
huge amounts ways:
Antivirus Installation: This antivirus shall be installed on the servers to ensure that any
malware is kept out of the system. The antivirus shall make sure that the files are kept from any
potential threats especially since the definition files shall be configured appropriately.
Firewall creation: Relevant firewall ports shall be configured to ensure that the files are not
vulnerable to hackers. Once the ports are established, they shall always be kept functional
according to the Active Directories of the two sites (Server et al. 2008).
Assumptions
The logical assumptions would be that the servers shall be controlled entirely by IMI.
They shall be responsible for any technical problem that might arise because of misinformation
that was relied on during the creation of the designed proposal. Another assumption is that the
domain name space for both sites would undoubtedly be the same though with different IPAddress. IMI shall also provide the additional hardware and the license for the DNS.
Active Directory Infrastructure
• Describe features of Windows Server 2012 that shall allow IMI to integrate the newly
acquired company’s domain into their existing forest.
Some of the features that enable the integration are the availability of the Windows 2012
R2 that allows for its installation on a physical server or a virtual server and an existing member
7
WINDOWS NETWORK SERVICES PROPOSAL
8
server of any size. The server also allows for client deployment that allows for connection of the
computer to a remote location; this shall allow for the connection to the acquired organization
computers. The next feature is the availability of pre-configured auto-VPN dialing that shall
allow for the connection to a preexisting domain regardless of the server date. The office 365
availability make the server very beneficial to the organization both economically and
technically. Technically, it has share-points that shall allow its integration with the other existing
domain. All the above features shall see to it that there is a thriving integration into the existing
directory forest.
• How shall Forest Functional Levels be implemented?
IMI shall have to start by implementing the phased upgrade requirements. They shall
have to install a higher version of the servers in Media Guru Groups. They shall ensure that the
2003 versions are all upgrade to 2008 R2 versions and the 2008 versions upgraded to 2012
versions to achieve a high functionality in their domains (Gavrilov & Cheung, 2013).
• How shall cross-forest trusts be implemented?
Before implementing the trust, there must be synchronization of the system time, that is,
a skew for the time must be set to match each domain systems. Then a DNS name resolution I
provided between the two forests by configuring the secondary zones of the Media Guru DNS to
be hosted on IMI servers and do the same for IMI on the Media Guru Group servers; this shall
ensure that the DNS of both corporations are defined on each server. The finally the trust can be
implemented.
Replication can be handled through a multi-master replication which involves the
creation of replicas by numerous computers in the servers. There, however, shall be restrictions
as to whom the rights of making updates are given.
WINDOWS NETWORK SERVICES PROPOSAL
9
• Read-Only Domain Controllers - how shall they be used?
RODC service is one of the latest development or rather advancements made in the
windows server 2008. They do not allow the administrators to make any changes to the
information on it directly; instead, the needed updates are made on the writable servers then
implemented in the RODC. The RODC makes it very safe for the organization to secure its data.
Since there is no account information written on it directly, it becomes tough for the hackers to
get any information that might help them hack into the servers. The other advantage it has is that
it shall limit the number of those that shall be able to make updates hence the data shall always
be kept at the required standards. They shall be implemented at the domain level; in this case, it
shall ensure that the files are all secured at the point of intake. There shall also be a proper
storage space management (Hester & Henley, 2013).
File and Storage Solutions
• Shall BranchCache be used? Why/Why not?
BranchCache shall have to be used. The reason is that it shall be needed to improve the
data access to the essential information that is stored offsite. In the IMI server, whenever there is
any information that is required from Media Guru Group, this information shall be considered as
offsite information. The same applies to most of the essentials that the servers at Media Guru
Need from Houston site. Another reason is that BranchCache acts as a wide area network
(WAN) that shall improve the bandwidth the information accessed. It also allows for the access
of vast amounts of data; this is because it shall be able to access data from the head office or the
cloud host and make them available as caches when needed.
WINDOWS NETWORK SERVICES PROPOSAL
10
• How can Dynamic Access Control benefit the organization?
Dynamic Access Control is a way in which the management controls access to the
organization files. Through DAC, the management can establish a precise classification of data
that shall see to it that the data is well managed as well as making the security auditing quite
easy. It is through the DAC that there is cross-forest trust establishment. The DAC has the
domain being established with rules that shall only grant access to the authorized persons only;
this is entirely an advantage to the organization since it shall ensure that the files are kept very
safe. There shall not be any unauthorized access because of attempts shall be realized during the
auditing and shall attract penalties as per the organization's regulations. The benefits of DAC to
the organization is ensuring the safety of the files and making sure that there is a level of
reliability in any information of the organization
• What about storage optimization?
Storage optimization is the service where the administrators attempt to manage the
storage space and ensure that no muck space is used up by irrelevant files. Administrators can
use the file and storage services to manage the server storage and their multiple files. They can
use the power-shell applications. The other way to ensure storage space management is through
the utilization of the Deduplication service technique; this shall ensure that data duplicate blocks
are reduced to the very minimum amounts to store massive amounts of data that was previously
possible. Data deduplication has proved very useful when combined with BranchCache
especially since the same elimination of data duplicates is required over the WAN servers
(Hester & Henley, 2013).
WINDOWS NETWORK SERVICES PROPOSAL
11
Disaster Recovery
• How can Windows Server Backup be utilized?
There are very many ways that the backup system can be used in an organization to
ensure that the data is not lost in case of power shortage or any other technical error that might
lead to the loss of information. The shadow backup is the primary way of creating a backup
system. Other ways of ensuring that data is backed up are using cloud computing techniques and,
external drives to store copies of the files on the servers.
• Shall the organization use Volume Shadow Copies?
The organization shall have to use the volume shadow copies to ensure that the data that
is unintentionally deleted can be easily retrieved in a safe mode. Another reason why it shall
have to be used is that an employee might accidentally overwrite a file necessitating the
implementation of a recovery process of the original version of the file. Finally, the need to
compare the files while still writing make this very necessary within the organization.
DNS and DHCP
• How had DHCP installation and authorization been implemented?
DHCP shall first have to be created, configured then tested for any errors before it is
implemented. Domain shall have to be set.
• Shall DHCP reservations be used for servers?
DHCP reservation shall have to be created for other departments that wanted their
activities to be only accessible by them; this shall be done by creating for them a separate IPaddress (Holme et al. 2008).
WINDOWS NETWORK SERVICES PROPOSAL
12
• How shall IPv6 be utilized?
IPV6 is used to address the billions of transactions of the servers; this shall ensure that
the traffic is reduced. It also ensures that security is at the top. The security is maintained at the
configuration level where a security audit is conducted at regular intervals automatically. There
are also multiple firewalls that must be created to protect the servers from being hacked.
• How shall DNS be handled for the second site?
For the second site, the DNS configuration shall be done the same as the main site. The servers
shall be configured using different IP-address, and the namespace shall be related, some servers
shall have to be upgraded to match those of IMI.
High Availability
• What implementation of Hyper-V would benefit IMI?
The hardware-assisted Hyper-v six shall ensure that all the functionality of the organization is
kept to a high standard. They shall also make sure that the organization is safe from other
breaches.
• Network Load Balancing
The Network Load Balancing is a feature that helps distribute the network traffic across
the servers using the TCP/IP protocol. NLB combines several computers that are running
applications in a system to the single virtual cluster to provide high efficiency for web servers as
well as other very critical servers. The servers found in an NLB are called hosts. The hosts are
known to run separate copies of the server applications. In IMI, NLB shall be necessary since it
shall help in ensuring that computers in the servers are addressed by the same set of IP addresses
that are kept unique for each set of hosts (Minasi et al. 2013).
WINDOWS NETWORK SERVICES PROPOSAL
13
• Failover Clustering
Since there is no guarantee that the entire set of servers shall always work as expected
always, a failover clustering is necessary to ensure that in case one of the servers fails, the
organization activities are not kept on hold. Failover clustering shall bring the servers together
and ensure that the applications are available to all servers.
Active Directory Certificate Services
• Shall AD Certificate Services use in both domains need to be modified?
The only modification done would be on AD CS of the Media Guru Group
Active Directory Rights Management Services
• What use of AD Rights Management Services can be implemented?
The AD RM shall be used to ensure that the contents of the organization are kept away from the
prying eyes; this would be to through the implementation of copyright protection policies.
• AD Federation Services
AD FS is critical in the provision of the employees as well as the clients with an extensive line of
web-based services including cloud computing, online access to data from the servers and much
more (Osborn, 2014).
Conclusion
From all indications, Active Directory has a very crucial role in managing the company’s
information system notably, by using the DAC to control access to data files stored on the file
servers. The use of firewalls and antivirus to control the malware that might be utilized to
compromise the company is also taken care of during configuration the company’s Active
WINDOWS NETWORK SERVICES PROPOSAL
14
Directory. Active Directory is therefore quite essential, not only because of the security it
provides but also because it simplifies the work done by administrators; by keeping a central
repository of information. Based on all these, International Marketing Inc. is making a very wise
investment by configuring their Active Directory.
REFERENCES
Edge Jr, C. S., & Smith, W. (2015). Active Directory. In Enterprise Mac Administrator’s
Guide (pp. 91-134). Apress.
Gavrilov, D., & Cheung, S. (2013). U.S. Patent No. 8,504,593. Washington, DC: U.S. Patent and
Trademark Office.
Hester, M., & Henley, C. (2013). Microsoft Windows Server 2012 Administration Instant
Reference. John Wiley & Sons.
Holme, D., Ruest, N., Ruest, D., & Kellington, J. (2008). MCTS Self-paced Training Kit (exam
70-640): Configuring Windows Server 2008 Active Directory. Microsoft Press.
Minasi, M., Greene, K., Booth, C., Butler, R., McCabe, J., Panek, R., ... & Roth, S.
(2013). Mastering Windows Server 2012 R2. John Wiley & Sons.
Osborn, R. J. (2014). User account management & automation across multiple Active Directory
domains.
Server, W., Server, A., Controller, R. O. D., Transactional, N. T. F. S., PowerShell, W., & Core,
S. (2008). Hyper-V.
Purchase answer to see full
attachment