Windows Server Deployment Proposal for medium sized company

Windows Server Deployment Proposal for medium sized company

Overview
Each student will create a detailed, organized, unified technical solution given the scenario described below.

Scenario

Global Advertising, Inc. (referred to as “GAI”) has hired you as an IT consultant for implementing their Windows network infrastructure. GAI is a new advertising firm, and they are currently hiring staff, establishing two locations, and have a need to get their internal IT services configured. They do not yet have an IT staff, but when they do, the IT staff will take over all aspects of IT administration. You are required to supply GAI with a solution which describes the implementation and configuration of their core IT services. Cost is not a significant concern – GAI wishes to implement the “right” solution to fit their needs now and for the next 2-3 years.

There are several details about GAI which will have an impact on your choices:

  • GAI will start with 90 employees, in the following departments:
    • Executives (9 employees) – manage and run the company
    • Accounts and Sales Department (15 employees) – perform market research and maintain accounts
    • Creative, Media and Production Department (49 employees) – advertising
    • Human Resources and Finances (12 employees) – perform HR and financial duties
    • IT (5 employees) – manage IT for the company
    • GAI will have two sites, one in Boston and one in Austin. Most staff will be located in Boston, with at least 1 person from each of the departments above located in Austin.
  • Networking equipment is already in place for both sites. A secure tunnel (using IPSec) will be established between the two sites so that inter-site traffic will be securely tunneled over the Internet. You may make whatever other assumptions you wish about intra-and inter-site connectivity.
  • Security mechanisms (e.g., firewalls, intrusion detection) will be handled separately, and there is no need to describe them.
  • Some departments will want their data to remain private from other departments (e.g., Finances personnel will not want Production staff to see the company’s financial details). Your team may make assumptions about how data should be shared or kept private.
  • Assumptions can be made regarding any information not included here; all assumptions should be identified, however.

Topics to Cover

Your document should cover the content presented in the course. The outline below contains the needed points to cover. You are free to add other related information.

Describe the technical and business reasons for each choice, citing other resources as appropriate.

The Windows Server 2012 or Server 2012 R2 operating system should be used for all aspects of the solution.

The topics include:

(1) New Features of Windows Server 2012 or Server 2012 R2 used for the design

  • Describe new features of Windows Server 2012 that GAI can take advantages of.

(2) Deployment and Server Editions

  • How many total servers are needed? Which roles will be combined?
  • What edition of Windows will be used for each server (e.g., Standard, Datacenter)?
  • Will Server Core be used on any servers?
  • Where are each of the servers located (which of the two sites)?
  • How will the servers be deployed? Manual or automated?

(3) Active Directory

  • Number of AD domains?
  • Will there be any Read-Only Domain Controllers?
  • How will the second site factor into domain controller placement? How will AD sites be configured?
  • How will AD organizational units be organized (considering how group policy will be used and users will be organized)?

(4) DNS and DHCP

  • DHCP scope design (e.g., lease times, number of scopes, address range)
  • Will a form of DHCP fault tolerance be implemented?
  • Will DHCP reservations be used for servers?
  • DNS namespace design (e.g., domain name(s) chosen, split DNS for Internet/intranet, zones)
  • How will DNS be handled for the second site?

(5) Application Services

  • How will applications be deployed? If using Group Policy, what are the details on how Group Policy will be used to deploy the software? Which software applications will likely be needed?

(6) File and Printer Sharing

  • What shares might be needed? How to set the permissions for different department to access the shared files
  • DFS Needed?
  • How will quotas/FSRM be configures?

Solution

 Windows server security Proposal 

Network Infrastructure Security

The Network Security is based on the communication as Inter-site and Intra-site, for inter-site communication a VPN tunnel that is using IPsec is used as shown in the figure below:

Using VPN tunnel with IPsec only will not forward any multicast traffic which may be an interesting traffic for a common application, so we support the tunnel with GRE tunnel in order to allow Multicast traffic to path through the tunnel, like IP routing Information.

For Intra-site security and that’s by securing communication between employees and secure communication inside the department, Virtual Local Area Network is used along with a security filter with the aid of Virtual Local Area network Access Control List VLAN ACL which is used to deny any Inter-VLAN communication and allow only VLAN communication.

The following figure shows over all network topology:

The following is the 6 requirements to be full field using Windows Server 2012:

[1]-New features on Windows Server 2012 GAI can take advantage of:

  1. Multi-server support in Server Manager

The new Server Manager can manage multiple servers, and it provides an all-new dashboard that lets you drill down into local and remote servers.

  1. Server Core is the default

One can perform his initial server configuration through the GUI, and then remove it whenever ready to move into production. Unlike Server 2008 R2, there’s no need to reinstall the OS to get rid of the GUI.

  1. Ubiquitous PowerShell management

In order to effectively support  the move away from the GUI is the move to PowerShell as the primary management tool.

  1. Built-in NIC teaming

Another overdue feature is the capability to provide NIC teaming natively in the OS. VMware’s ESX Server has provided NIC teaming for some time and can provide support for load balancing as well as failover over NICs from different vendors.

  1. SMB 2.2

The Windows Server Message Block (SMB) file sharing protocol has also been significantly enhanced and server applications such as Microsoft SQL Server can now have their databases stored on SMB 2.2 shares, which gives them the benefits of SMB 2.2 with no configuration changes to the SQL Server databases.

  1. Data deduplication: Data deduplication runs in the background, and it can automatically detect duplicate data, save the duplicated data in a separate system store, and replace the data in the original files with pointers to the system store.
  2. Storage Live Migration: Live Migration lets you move a VM’s virtual disk, configuration, and snapshot files to a new storage location with no interruption of end-user connectivity to the VM.

8-Active Directory:Active Directory Domain Services (AD DS) in Windows Server 2012 includes new features that make it simpler and faster to deploy domain controllers (both on-premises and in the cloud), more flexible and easier to both audit and authorize access to files with Dynamic Access Control, and easier to perform administrative tasks at scale, either locally or remotely, through consistent graphical and scripted management experiences.

9-IP Address Management (IPAM): is a feature that was first introduced in Windows Server 2012 that provides highly customizable administrative and monitoring capabilities for the IP address infrastructure on a corporate network.

[2]-Deployment and server editions:

  • How many total servers are needed? Which roles will be combined?

6 servers are needed DHCP, DNS, Domain Controller, File Service, Printer service and Active Directory. There are 5 roles that can be combined like DNS ,Domain Controller and DHCP also File and printer services.

  • What edition of Windows will be used for each server (e.g., Standard, Datacenter)?

Windows server Datacenter is preferred but for file and printer server standard edition will be good.

  • Will Server Core be used on any servers?

Windows server Core provide better performance so it will be used when GUI is not necessary and that’s suits DNS and Domain controller.

  • Where are each of the servers located (which of the two sites)?

The servers are located in Boston site.

  • How will the servers be deployed? Manual or automated?

The servers will be manually deployed.

[3] Active Directory

  • Number of AD domains?

One active directory is sufficient for the number of users.

  • Will there be any Read-Only Domain Controllers?

Yes the Domain controller will be available on one site and thereby it’s not required to be read/write.

  • How will the second site factor into domain controller placement? How will AD sites be configured?

Actually the second site has no factor as it only include 5 employees; the AD will be configured on the main site on Boston

  • How will AD organizational units be organized (considering how group policy will be used and users will be organized)?

The group policy will be configured per department which will be 5 group policies.

[4]DNS and DHCP

The following table shows number of employees per department per site.

Department Austin Boston
Executives 1 8
Accountants and sales 1 14
Creative, Media and Production 1 48
HR and Finance 1 11
IT 1 4

 

  • DHCP scope design (e.g., lease times, number of scopes, address range)

The DHCP will require 5 scopes each scope per department to support isolation of department per IP and per VLAN also the lease time is 30 minutes to provide address reuse and better security; address range is variable based on the number of employee per department:  let’s consider 192.168.10.0/24

-Executives: 9 and 192.168.10.112/28

-Accountants and sales: 15 and 192.168.10.64/27

-Creative, Media and Production: 49 and 192.168.10.0/26

-HR and Finance: 12 and 192.168.10.96/28

-IT: 5 and 192.168.10.128/29

  • Will a form of DHCP fault tolerance be implemented?

No, there is no need for that as the number of users is so small for the 2nd site.

  • Will DHCP reservations be used for servers?

Sure as it’s a must to statically configure the IP addressing manually for servers

  • DNS namespace design (e.g., domain name(s) chosen, split DNS for Internet/intranet, zones)

DNS is designed based on the name of the company like GAI.com

  • How will DNS be handled for the second site?

DNS will be used for the second site as it will use the same server no other server is required.

[5] Application services:

  • How will applications be deployed? If using Group Policy, what are the details on how Group Policy will be used to deploy the software? Which software applications will likely be needed?

Application will be deployed in the main site Boston, Group policy will be used to filter users per group to common application usage, Application needed are Email that run on exchange server, chat and voice that run over Lync server, Data base Application and cloud Application.

[6] File and printer sharing

  • What shares might be needed? How to set the permissions for different department to access the shared files

Document and database, permissions are made per group which related to the departments.

  • DFS Needed?

No as we only have one File server

  • How will quotas/FSRM be configures?

File Server Resource Manager is used to create a quota for a volume or folder.

Two kind of quota:

  • A hard quota prevents users from saving files after the space limit is reached and generates notifications when the volume of data reaches each configured threshold.
  • A soft quota does not enforce the quota limit but generates all configured notifications.

To create a quota template

  1. In Quota Management, click the Quota Templates node.
  2. Right-click Quota Templates, and then click Create Quota Template (or click Create Quota Template in the Actions pane).
  3. If you want to copy the properties of an existing template to use as a base for your new template, select a template from the Copy properties from quota template drop-down list. Then click Copy.
  4. In the Template Name text box, enter a name for the new template.
  5. In the Label text box, enter an optional descriptive label that will appear next to any quotas derived from the template.
  6. Under Space Limit:
    1. In the Limit text box, enter a number and choose a unit (KB, MB, GB, or TB) to specify the space limit for the quota.
    2. Click the Hard quota or Soft quota option. (A hard quota prevents users from saving files after the space limit is reached and generates notifications when the volume of data reaches each configured threshold. A soft quota does not enforce the quota limit, but it generates all configured notifications.)
  7. You can configure one or more optional threshold notifications for your quota template, as described in the procedure that follows. After you have selected all the quota template properties that you want to use, click OK to save the template.

Summary of Design per site

Site Server FQDN OS Version Roles Physical/Virtual
Boston DC1.GAI.com Server 2012 R2 Datacenter Domain Controller, DNS and DHCP Physical
Boston File1.GAI.com Server 2012 R2 Standard Core File/Print Server Physical
Boston AD1.GAI.com Server 2012 R2 Datacenter Active Directory Physical