Windows Server Infrastructure Upgrade and Redesign at Fringe Dynamic.
Overview
Fringe Dynamic is an educational software developer that provides software and cloud computing solutions to private and public educational institutions throughout North America and Europe. The organization currently has four major offices located in
Jacksonville, Florida,
Wood, South Dakota
and London, England.
A sales team of more than a hundred work across the United States and Europe, primarily from their own homes. Fringe Dynamic has experienced a combination of growth and disaster in the last 3 years and plans to add an additional 130+ employees, including opening a new office in Sandy, Utah in the next 6 months. To meet these growth challenges, Fringe Dynamic is in the process of upgrading the network environment from the current ad hoc design, comprised of Windows 2003, 2008 and *NIX systems, to Windows 2012 R2 Active Directory. Steps have already been taken to improve the network infrastructure. The Jacksonville, Florida location has replaced all 2008 Domain Controllers with Windows 2012 Servers. However, the Wood, South Dakota and London, England locations are still running a single Windows 2008 Domain Controller at each site. Currently all server and workstation IP addresses are statically assigned. DNS is hosted on an older generation UNIX server that has been hacked several times due to faulty security. Remote users currently connect via VPN, which has caused numerous security incidents due to missing antivirus software, outdated AV signatures and missing OS patches on workstations and laptops.
Although the Sandy, Utah location has not officially opened there are ten users currently deployed to that location. There are currently no domain controllers or qualified personal to support them at this location. This site needs to be incorporated into the Fringe Dynamic Active Directory ASAP. Sandy, Utah users must be able to authenticate and access Fringe Dynamic Active Directory services. Fringe Dynamic has recently acquired another company Global Dynamics. The existing Global Dynamics Active Directory Domain needs to be integrated into the existing Fringe Dynamic Active Directory forest. The Fringe Dynamic data center is located at the Jacksonville, Florida and London, England locations. This is where Fringe Dynamic hosts and maintains its cloud computing services. Due to increased demand for its cloud services Fringe Dynamic has experienced difficulty getting servers and services deployed in time due to the lack of an efficient and cost-effective deployment process. The current Active Directory is a single domain. It is up to you finish the network design and improve the server infrastructure.
Current Physical Locations
Current Logical Design
Required Proposal Responses
Executive Overview – Provide an executive overview for Infrastructure proposal. How will your proposal help Fringe Dynamic? What are the key aspects of your design? Why sho.
Windows Server Infrastructure Upgrade and Redesign at Fringe Dynam.docx
1. Windows Server Infrastructure Upgrade and Redesign at Fringe
Dynamic.
Overview
Fringe Dynamic is an educational software developer that
provides software and cloud computing solutions to private and
public educational institutions throughout North America and
Europe. The organization currently has four major offices
located in
Jacksonville, Florida,
Wood, South Dakota
and London, England.
A sales team of more than a hundred work across the United
States and Europe, primarily from their own homes. Fringe
Dynamic has experienced a combination of growth and disaster
in the last 3 years and plans to add an additional 130+
employees, including opening a new office in Sandy, Utah in
the next 6 months. To meet these growth challenges, Fringe
Dynamic is in the process of upgrading the network
environment from the current ad hoc design, comprised of
Windows 2003, 2008 and *NIX systems, to Windows 2012 R2
Active Directory. Steps have already been taken to improve the
network infrastructure. The Jacksonville, Florida location has
replaced all 2008 Domain Controllers with Windows 2012
Servers. However, the Wood, South Dakota and London,
England locations are still running a single Windows 2008
Domain Controller at each site. Currently all server and
workstation IP addresses are statically assigned. DNS is hosted
on an older generation UNIX server that has been hacked
several times due to faulty security. Remote users currently
connect via VPN, which has caused numerous security incidents
due to missing antivirus software, outdated AV signatures and
missing OS patches on workstations and laptops.
2. Although the Sandy, Utah location has not officially opened
there are ten users currently deployed to that location. There are
currently no domain controllers or qualified personal to support
them at this location. This site needs to be incorporated into the
Fringe Dynamic Active Directory ASAP. Sandy, Utah users
must be able to authenticate and access Fringe Dynamic Active
Directory services. Fringe Dynamic has recently acquired
another company Global Dynamics. The existing Global
Dynamics Active Directory Domain needs to be integrated into
the existing Fringe Dynamic Active Directory forest. The Fringe
Dynamic data center is located at the Jacksonville, Florida and
London, England locations. This is where Fringe Dynamic hosts
and maintains its cloud computing services. Due to increased
demand for its cloud services Fringe Dynamic has experienced
difficulty getting servers and services deployed in time due to
the lack of an efficient and cost-effective deployment process.
The current Active Directory is a single domain. It is up to you
finish the network design and improve the server infrastructure.
Current Physical Locations
Current Logical Design
Required Proposal Responses
Executive Overview – Provide an executive overview for
Infrastructure proposal. How will your proposal help Fringe
Dynamic? What are the key aspects of your design? Why should
Fringe Dynamic select your proposal over your competitors’
proposals?
Develop a Windows Deployment Design and plan an automated
client workstation and server installation strategy. This
objective can include but is not limited to: images and bare
3. metal/virtual deployment; plan for multicast deployment and
plan for Windows Deployment Services (WDS). This solution
should enable Fringe Dynamic to deploy client and server
operating systems in a timely and cost-effective manner.
###0724###672###249
Plan and deploy Virtual Machine Manager Services. This
objective may include but is not limited to: Design Virtual
Machine Manager service templates; plan and deploy profiles
including operating system profiles, hardware and capability
profiles, application profiles, plan and manage services
including scaling out, updating, and servicing services;
configure Virtual Machine Manager libraries. This solution
should enable Fringe Dynamic to deploy servers in a timely and
cost-effective manner.
Windows Server Design - Jacksonville, Florida has two Domain
Controllers. All other locations have single Domain Controllers.
Jacksonville, Florida’s domain controllers are running Windows
Server 2012, but the other sites are running Windows Server
2008 Domain Controllers. All other services on the network are
running on either older UNIX or Windows Server 2008 and
2003 servers. These legacy servers should be replaced as part of
this project. Describe your recommendations for the server
environment, focusing on any needed upgrades and the number
of servers needed at each location to handle key network
infrastructure services and roles (DNS, DHCP, File, Print,
RRAS, etc.) You can make any recommendation for the server
environment but explain how it will benefit your design.
Design and maintain a Dynamic Host Configuration Protocol
(DHCP) solution. This objective may include but is not limited
to the following: Design considerations including a highly
available DHCP solution including split scope, DHCP failover,
and DHCP failover clustering, DHCP interoperability, and
DHCP filtering. Describe how you will provide fault tolerance
in the event that a primary DHCP server should fail. How will
4. you handle remote users, network devices and printers?
DNS – Design a name resolution strategy. This objective may
include but is not limited to: Design considerations, including
Active Directory–integrated zones, DNSSEC, DNS Socket Pool,
cache locking, disjoint namespaces, DNS interoperability,
Single-Label DNS Name Resolution, zone hierarchy, and zone
delegation.
Implement a scalable Remote Access solution. This objective
may include but is not limited to: Configure site-to-site VPN;
configure packet filters; implement packet tracing; implement
multisite Remote Access and a DirectAccess solution.
Design an Active Directory topology. This objective may
include but is not limited to: Design considerations including
read-only domain controllers (RODCs), proximity of domain
controllers, replication optimization, and site link; Group
Policy, monitor and resolve Active Directory replication
conflicts.
Your proposal must incorporate the following items
1. All Domain Controllers must be Windows 2012 2R2 Active
Directory.
2. All sites must have Active Directory services available even
if a single Domain Controller fails.
3. Client IP address assignment must be automated and
manageable for all sites and locations.
4. DNS must be manageable and secure. Clients must be able to
resolve DNS even if a single DNS server fails or during an
internet connection outage.
5. DHCP should be designed with fault tolerance in mind.
6. Provide secure remote access solution that utilizes Network
Access Policy controls.
7. Provide easy and manageable workstation image and software
deployments. All workstations should be Window 8.
8. Provide easy and manageable server image and software
deployments. All servers should be Windows Server 2012 R2.
5. 9. Global Dynamics and Fringe Dynamic Active Directory
forests must be able to trust each other.
10. The Sandy location needs be integrated into the Fringe
Dynamic Active Directory. This solution must cost-effective,
manageable and secure.
Assignment Requirements
There are specific requirements for the assignment: The final
submission should contain at least 7 pages’ worth of text
written by the student (not counting title page, images,
diagrams, tables, or quotations), but may be longer, not to
exceed approximately 10 pages’ worth of student-supplied text.
(With the required diagram, and other images, title page, etc.,
the final submission may end up being more than 10 pages in
length.) It must be double-spaced, have 1-inch margins, and use
12-point Times New Roman or 10-point Arial/Helvetica font. A
title page is required; APA format for the title page is optional.
· At least one diagram must be included (not counted towards
the minimum length described above); this could be a diagram
describing Active Directory components, DHCP/DNS design, or
anything else that is worth displaying graphically to enhance the
reader’s understanding of the proposal. Additional diagrams,
images, or tables are welcome.
· The submission must cover all of the major topics outlined
above. Each choice should be explained with technical and
business reasoning. The solution should be reasonably detailed.
Additional topics may be covered as desired.
· The structure of the final submission is flexible. There is no
specific format required, although it should be organized
logically and represent a single, unified solution. It is likely
that the format will include separate sections for each of the
topics required, as well as a summary.
· At least two non-Lab, non-Wikipedia reference is required;
preferably, this would be a “best practice” guide or similar
content from Microsoft or an experienced provider of Microsoft
solutions.
· Be sure to properly quote or cite any sources used. APA
6. format is required for in-text citations and the list of works
cited at the end. It is expected that you are already familiar with
UMUC's "Policy on Academic Dishonesty and Plagiarism." It is
available in the Academic Policies section of the Syllabus; there
are also links in the Webliography. In its simplest form, if you
are using text from a source, you must cite and/or quote it. If
plagiarism is found, then there will be a penalty to the grade.
THE PROPOSAL
WINDOWS SERVER 2012 R2 INFRASTRUCTURE AND
REDESIGN
EXECUTIVE OVERVIEW
The paper offers a comprehensive solution for the ESoft
Corporation infrastructure upgrade to provide the appropriate
deployment of Windows Server 2012 R2 that enables an
efficient server environment. The paper gives you with the
proposalto support the installation of Windows Server 2012 R2
to upgrade and design the new network infrastructure for the
ESoft Corporation in order to change the ad-hoc network
environment to more secure and comprehensive Windows Server
environment. The proposed solution provides a replacement
strategy for the educational corporation that has several office
sites and locations where it operates and provides the cloud and
software services to the different public and remote(private)
education establishments. The new infrastructure and upgraded
network outline comprises with the Windows Server 2012 R2
edition that replaces all the domain controller Windows Server
2008 set up from each of the workstations at the company’s two
sites to the configuration of Active Directory and domain
controllers. The new design and proposed infrastructure in form
of Windows Server 2012 help you in managing the services to
the clients and collaborating effectively with theEduTech active
directory settings to access the services offered by the Server
2012. It provides you with more cost-effective and manageable
solution to enable your existing network with more scalability
7. and robustness.
Windows Server deployment on various sites of the company
establishes the domain controllers with Windows Server 2012
AD services. The solution provides you with the assistance in
managing the resources by utilizing the AD services offered by
the Server deployment and new updated network design
structures. You will become more efficient and flexible to
perform the current operations performed on Windows Server
2008 edition that is less reliable and slow in implementing the
domain controller and AD services within the network.The
infrastructure involves “Virtual Machine Manager Services” or
VMSS with the automated DNS name resolution service
configuration and DHCP facility to the over-all network of the
company such that it incorporates its collaboration with the
EduTech firm easily by the domain service. DHCP
configuration of the AD helps you providing the dynamic
address allocation like automated assigning of IP addresses to
each of the zone’s PC or workstations as well as servers at each
of the site of the company. The network server infrastructure
design offers Windows Server2012 R2 with the Active
Directory services on each workstations and server deployed for
the network design and configuration that enhances the
performance and facilitates timely and cost-effective solution to
the corporation.
It likewise offers a scalable group policy management and
active directory topology which involves the designing of AD of
different office sites of ESoft by maintaining the domain
controllers. At the end, the most crucial and significant feature
of the network deployment and Windows infrastructure upgrade
is its secure and protected remote access capability provided to
the remote employees and users who are trying to access it with
the help of VPN. The new network design and Windows Server
2012 deployment manage the direct and remote access to the
ESoft AD services with the appropriate domain controllers at
the remote site as a result of the configured site-to-site VPN
with provided secure and safe packet filtering services comes
8. out as a compatible and protected Direct Access and multisite
Remote Access solution to the organization. With the adoption
of such Windows Server environment, the corporation merges
with ESoft like EduTech and its new branch in Austin will
easily access the services of the Active Directory at center
station server provided with the authentication to keep the data
more secure and integrated at the core of the organization.
WINDOWS DEPLOYMENT PLAN AND DESIGN
The design of the new infrastructure of the ESoft involves the
deployment of WSUS (Windows Server Update Services) that
provide an automated server and client PC installation
effectively. It involves deploying the Server 2012 on each
workstation and server of the company network. The
deployment is multicast and based on WSUS configuration
settings to offer economical and time-saving benefits to your
organization. The deployment involves configuration of
automatic update of client and server on every workstation used
on several sites of ESoft along with the new office at Austin to
provide AD (Active Directory) services.
DESIGN AUTOMATED SERVER INSTALLATION
STRATEGY
Giving mechanization of server establishment is vital for a
responsive, dynamic IT association like ESoft. Automation
configuration of Windows Client and Server includes making
gauge reference images of Windows OS servers and after that
sending those servers quickly because of changing business
prerequisites or to give extra repetition. A few devices are
accessible to help with organizations, including devices to make
and oversee images and manages the server role to deploy the
images onto user or destination PCs(techveze, n.d.).
WINDOWS DEPLOYMENT SERVICES
Window Deployment Services offers you with the better option
to design the Windows Server deployment that automate the
process on the client and server configuration. Windows
Deployment Services (WDS) is the reviewed form of “Remote
Installation Services (RIS)”. WDS facilitates the deployment of
9. Windows Server OS. WDS helps you to easy install the server
in the future. You can possibly employ WDS to configure new
clients and servers with a network-based installation deprived
ofdemanding that system administrators visit individual
computer or install straight from DVD/CD kind of
media(Microsoft, 2015).
CLIENT AND SERVER AUTOMATIC UPDATES
In "WSUS 3.0 SP2", the WSUS setup consequently designs
“IIS” to circulate the most recent adaptation of Automatic
Updates to every customer PC that communicates the WSUS
server. The most ideal approach to arrange automatic client
updates relies on upon the system environment. In a situation
that uses Active Directory administration, you can utilize a
current "domain–based Group Policy Object (GPO)" or make
another GPO. In a situation without "Active Directory", utilize
the "Local GPO". In this stride, you will design Automatic
Updates and afterward indicate the customer PCs the WSUS
server. In an "Active Directory environment or ADE", you can
utilize “Registry Editor or Group Policy” to design the
"Automatic Updates". Server 2012 R2 needs a configuration
manager and Virtual Machine Manager or VMM for such
purpose.
WINDOWS SERVER 2012 R2 DEPLOYMENT USING WUSU
"Windows Server Update Services (WSUS)" empowers data
innovation overseers to send the most recent Microsoft item
upgrades. WSUS is a "Windows Server part" that can be
introduced to oversee and appropriate redesigns. A WSUS
server can be the overhaul hotspot for different WSUS servers
inside of the association. The WSUS server that goes about as a
redesign source is called an upstream server. In a WSUS
execution, no less than one WSUS server in the system must
associate with "Microsoft Update" to get accessible upgrade
data. The chairman can decide, taking into account system
security and design, what number of different servers associate
straightforwardly to the Microsoft Update.(Thomas, 2014)
PLAN AND DEPLOY THE VIRTUAL MACHINE MANAGER
10. SERVICES (VMMS)
Planning to deploy VMMS is an effective administration
solution for the different virtualized datacenter, allowing you to
manage and configure your networking, virtualization host, and
storage assets in order to build and install virtual machines and
their services to private clouds that you have generated.The
“System Center 2012 Integration Guide” offers information
regarding automating each of the System Center constituents
and integrating all with each other in addition to the
supplementary systems as well as applications. You need
System Center 2012 for deploying the virtual machine services
at each of the client workstation. You need to establish the
cross-forest domain for the user account in only one forest
whereas the VMM server in another host account so the two-
way cross forest scheme is best suited for your organization
needs. You have to configure the distributed key administration
in VMM that stores the key in the host workstation present at
the different sites whether data centers or others.You can
choose to utilize the distributed key administration to stock
encryption keys in “Active Directory Domain Services (AD
DS)” as a substitute of packing the encryption keys on the
workstation on which the “VMM management server” is
installed. To enable and activate the virtual Active Directory
services using VMM it is proposed to employ a highly available
and reliable Virtual Manager. You must have workstation
clients with a supported type of “Microsoft SQL Server 2012
R2” configured and operating before you initiate and run the
connection of VMM.
RECOMMENDATIONS FOR THE WINDOWS SERVER
DESIGN ENVIRONMENT
Designing the new network for your company require to
upgrade the outdated and legacy servers configured with the
active domain controllers and replace them with the Windows
Server 2012 R2 edition. You need to employ the Server 2012 on
each of the site where the data centers of the company are
present. Since the new network require to place and configure
11. the server 2008 with 2012 R2 version with the Active Directory
Services on each workstation client. The new site of the ESoft
like Austin office need to configure with the same domain
controller which should be mounted with the same Windows
Server 2012 AD services activated to access the main office
domain AD services with ease and security. The environment in
which you deploy the Server on each client machine of the
different site require upgradation of the old servers and
effective infrastructure handle with the roles and services
involving DNS, DHCP, Print and File Services. These services
configured for each server domain controller through placement
of domain controllers at each site of ESoft. The new
infrastructure often provides a handling mechanism for roles
and services including the domain name resolution and dynamic
host configuration settings for the company’s network
requirements to manage the file operations and services.
FSMO Roles Placement
· It portrays the position of "Active Directory Flexible
Single-Master (FSMO)" parts in the domain space along with
the forest for operations that are best performed on a solitary
area controller. In a registry that has numerous area controllers,
the default situation may not be the best suit for your system.
· It is less demanding to monitor FSMO parts in the event
that you have them on less PCs.
· Place parts on area controllers that are can be gotten to
by the PCs that need access to a given part, particularly on
systems that are not completely directed. For instance, to get a
present or "standby RID pool", or perform go through
verification, everything DCs need system access to the “PDC
and RID role holders” in their particular spaces.
"Group Policy" is an administrator's best instrument for client
administration in an "Active Directory environment"
particularly in the "window server 2012" as it offers more
information answering to find organization issues. Bunch Policy
is a framework that permits you to determine oversaw designs
for clients and PCs through Group Policy settings and Group
12. Policy Preferences. It is very important and manageable to
implement such kind of policy for the roles management.
You can easily configure the roles and services of Active
Directory using Server Manager for each server domain
controller on the workstations. AD LDS (Lightweight Directory
Access Protocol) recommends for best service management and
prominent server roles as it is a directory service which offers
flexible sustenance for directory-enabled programs and
applications, without the dependences and domain-related
constraints of AD DS.Print and Certificate Services permits you
to integrate print server as well as network printer jobs.We
suggest that you enlist DNS names for the top-most inner and
outside DNS namespaces with an Internet recorder. This
incorporates the backwoods root space of any particular "Active
Directory forest" unless such names are sub-areas of DNS
names that are enrolled by your association name.Dynamic Host
Configuration Protocol (DHCP) provides Internet Protocol (IP)
addresses and additional network configuration data to devices
on your organization network. Most users and their devices in
your network utilize DHCP to achieve network information that
will be very beneficial for the client workstations to access the
remote services with ease and affordable with such protocol
management.
File services incorporates advancements that offer you set some
assistance with up and oversee one or more record servers,
which are servers that give focal areas on your system where
you can store records and impart them to clients. On the off
chance that your clients need access to the same records and
applications, or if brought together reinforcement and document
administration are imperative to your association, you ought to
set up one or more servers as a document server by introducing
the file services part and the fitting part benefits.
DESIGN AND MAINTAIN THE DHCP (DYNAMIC HOST
CONFIGURATION PROTOCOL) SOLUTION
DHCP is an indispensable administration on a company network
system. Without it, customers can't acquire IP locations and
13. data, for example, DNS servers. Therefore, DHCP is often sent
in an exceptionally accessible way so that in the event that one
server gets to be distracted, another can assume control.
Designing the highly available DHCP provides you two
advantages, first it offers the dynamic DHCP services at each
instant of time as well as when in case of failure of DNS server
or it is no longer present, enable the clients to increase their
lease by associating with another DHCP server to tolerate the
DHCP failure or fault occurs in the server.When planning and
scheming an extremely obtainable DHCP solution, you must
consider whether to arrange for failover clustering or split-
scope DHCP(microsoft, n.d.).
Split scope empowers activity to be part among partaking
servers while likewise giving excess to local and remote users if
one of the two servers come up short. Be that as it may, users
acknowledge the main DHCP reaction they get, so you can't
promise from which server users will get a DHCP reaction. On
the off chance that the servers are part over a system limit, you
have to design a DHCP hand-off operators on a switch and
present a deferral by then in order to keep the auxiliary server
from reacting before the essential server.A fresh feature of
“Windows Server 2012”, DHCP failover infers that two servers
are designed with the similar DHCP configuration.Maintenance
of a required DHCP database includes backing up as well as
restoring the database.DHCP is an essential administration on a
venture system. Without it, customers can't get IP locations and
data, for example, DNS servers. Consequently, DHCP is
habitually sent in an exceptionally accessible way so that on the
off chance that one server gets to be distracted, another can
assume control.
DHCP interoperability offers the association between DHCP as
well as other Microsoft technologies like as Network Access
Protection (NAP),Active Directory Domain Services (AD DS),
Routing and Remote Access, and other interrelated
technologies, relatively than interoperability amid the DHCP
implementation and Microsoft DHCP implementation from
14. supplementary vendors.The DHCP server can easily update both
the host address (A) and pointer (PTR) record for the client
user.Failover bunching empowers both servers to allot DHCP
data by having the same DHCP database on a mutual stockpiling
area. DHCP separating arranges how the server reacts to
customers by utilizing join layer MAC addresses. The DHCP
server part in Windows Server 2012 accommodates repetition
with split degree, failover through hot standby and burden
sharing, and failover bunching. Hot standby failover empowers
a server to assume control ought to its partner come up short.
Load-sharing failover empowers both servers to allot DHCP
data. The DHCP Management Pack, some portion of System
Center Operations Manager, empowers checking and reporting
of the DHCP administration service. DHCP clients can record
dynamic DNS access records upon address allocation.The DHCP
database is put away on the document framework and should be
accommodated sporadically to evacuate stale sections.You can
effectively back-up andrestore the DHCP database through
Actions present at the server stage in DHCP Manager. Therefore
you can configure and manage the network devices like printers
and database with DHCP solution(microsoftpressstore, n.d.).
DESIGN DNS- A NAMING RESOLUTION STRATEGY
Name resolution characteristically comprises Domain Name
System (DNS) however can likewise contain “Windows Internet
Name Service (WINS)”.You have to remember a few things
when planning an intricate name resolution procedure at the
organization level. These incorporate organizing security while
in the meantime giving a solid and powerful framework for the
association. A few elements of Windows Server 2012 can be
utilized to make this this reliable and robust design and
configuration.
"Domain names spaces or DNS" utilized as a part of this
specific business situation is identified with the arrangement of
the "DNS server" alongside the settings of the area of the
"window server 2012". We suggest that you enlist DNS names
for the top-most inner and outside DNS namespaces with an
15. Internet recorder. This incorporates the backwoods root space of
any particular "Active Directory forest" unless such names are
sub-areas of DNS names that are enrolled by your association
name. When you enlist your DNS names with an Internet
recorder, that permits the Internet DNS servers resolve your
space now or sooner or later over the life span of your "Active
Directory Forest".DNSSEC sets up a sequence of trust with a
trust grapple at the root zone that empowers a chain of trust to
be worked to guarantee that reactions are reliable. Along these
lines, when wanting to utilize DNSSEC, you have to decide the
area for the trust stays. This additionally implies the legitimacy
of individual asset records can be checked, as well as the
genuine server itself can be confirmed just like the right
definitive server.
· The DNS service handles configurations to improve security
comprising DNS socket pool, DNSSEC, and cache locking.
· DNS socket pool efficiently randomizes the source or
foundation port for cache locking DNS queries prevents cached
accesses from being over-composed for a definite percentage of
their “Time to Live (TTL)” value.
· Microsoft’s DNS execution supports separate namespaces, in
which the particular DNS name suffix differs from the “Active
Directory Domain Services (AD DS)” domain name suffix.
· DNS Zone delegation allows a dissimilar server to be
commanding for a specified zone. This, attached with
application partitions and zone hierarchy, permitsdifficult name
service designs for an organization(Ferrill & Ferrill, 2014).
"DNS (domain name framework)" is a plan for the
distinguishing proof of PCs and system administrations which is
prearranged into areas order. Basic and common server center is
required to interface distinctive branches of the
organization.The DNS would be utilized in the naming and
addressing section of the illustrated arrangement or outline plan
of the organization. The "Domain Name System (DNS ") is a
various leveled circulated naming framework for PCs,
administrations, or any asset associated with the Internet or a
16. private system network(microsoft, n.d.).
IMPLEMENTATION OF SCALABLE REMOTE ACCESS
SOLUTION
Nowadays the organizations are increasingly run their business
from the remote sites hence it is very significant to expand the
fault tolerance and scalability for the remote access services of
the company. It doesn’t matter whether you are employing the
site-to-site connectivity, Web Application Proxy, traditional
VPN services, the network performance and reliability is most
crucial for the network advancement and continuance in the
future. Therefore, you need to have a robust, secure access for
your remote site business and different services. Luckily, the
Windows Server 2012 R2 comprises the abilities and support to
help in offering high level of availability and development of
the remote access amenities to your organization
infrastructure.The objective conveys you from the Windows
Server design characteristics involved in network access
facilities into the configuration of the secure remote access
solutions.
It comprises the subsequent aspects to provide a scalable
solution as strategy for your company’s network:
· Configuring site-to-site VPN
· Configuring packet filters
· Implementing packet tracing
· Implementing multisite Remote Access
· Configuring Remote Access clustered with Network Load
Balancing (NLB)
· Configuring DirectAccess
REMOTE SERVICES: TECHNOLOGY TO GIVE PROTECTED
REMOTE ACCESS SOLUTION
On the off chance that your organization permits or needs to
permit clients to associate with its intranet from remote areas,
you regularly need to plan an answer that helps your clients
effortlessly interface with system assets. In any case, you
should likewise minimize the danger that an assailant can
increase unapproved access to the same assets. Remote access
17. arrangements can significantly expand the efficiency and
adaptability of clients who telecommute PCs or from cell
phones, for example, portable PCs while going at work.
Fig. (a)Displaying the“
Solution
for the safe and secure remote access by the other geographical
location users of the organization”
VPN (Virtual Private Networks)
Utilize a virtual private system (VPN) to give clients remote
access to organization information and other system assets or to
interface with a PC that is on-premises by utilizing a "Remote
Desktop session". With VPN, clients can safely get to network
assets utilizing their system certifications. Shield customer PCs
from system assaults and keep the product and working
framework on your PCs up and implementing so as to come
"Windows Server Essentials Group Policy settings". Make client
records and client gatherings to control access to your
organization's information and gadgets. When you make client
bunches, you can give the same access level to network assets
for all individuals.(Olsen, 2014)
With the help of site-to-site VPN links, you can connect
numerous physical sites across the world into a solitary logical
network thatincreases access to programs, shared resources,
18. applications and services serious to the organization
infrastructure. Windows Server 2012 R2 provides either
L2TP/IPsec protocol for making the site-to-site links with each
of the consequences concerning to performance and security
applying.
You can also configure and install the packet filtering services
which serves as same role like the network firewalls that helps
you to manage the network traffic and remote access with
control on the network crowd effectively. Multisite remote
access planning to deploy the server enables clients on different
sites to connect straightly to any other location comprising a
remote access server installed and configured as an access
point. This solution is all enabled and provided by the Windows
Server 2012 R2 for your organization.
(Source: Microsoft)
RADIUS server gives enhanced flexibility for validating the
remote access associations, comprising the ability to make
RADIUS server clusters to offer improved fault tolerance as
well as performance(Ferrill & Ferrill, 2014, p. 165).
CONFIGURING AND DEPLOYING DIRECTACCESS FOR
SCALABLE NETWORK
You can easily configure and deploy the DirectAccess with the
help of“Remote Access Management Console”. You only
19. require to configure the remote access server, client, application
server and infrastructure server to start the remote access
authentication services for the user clients at different location
so that they can make use of AD services through the console
directly.
DESIGN AN ACTIVE DIRECTORY SITES TOPOLOGY
By outlining a topology that presents a wide corporation
network, comprising extra places, while representing the use at
those destinations, the Active Directory configuration can
productively and dependably handle the asset needs of the
association.An organized way to deal with Active Directory
plan makes venture scale catalogue administration arrangement
clear and straightforward. This aide consolidates business and
specialized direction to minimize the time and exertion required
to execute the Active Directory administration.Picking the
proper forest/domain model for the arrangement of Active
Directory for the "window server 2012" working framework
deployment:
SINGLE FOREST DOMAIN MODEL
A solitary domain model or approach is the most effortless to
control and the slightest costly to keep up. It comprises of a
forest that comprises a solitary domain. Such domain is the
"forest root domain", also it consists of every client and
gathering accounts in the domain. The single forest model is
20. best suited the pre-requisites of the corporation since it
administers the access to the users easily and effectively.
A single forest domain model diminishes administrative
complication by providing the subsequent advantages:
· Each "domain controller" can validate any client in the
forest.
· Each and every domain/space controllers can be
worldwide inventories, so you don't have to get ready for
worldwide inventory server arrangement.
· In a solitary space domain, all registry information is
recreated to every single geographic area that host area
controllers. While this model is the least demanding to oversee,
it likewise makes the most replication movement of the two
space models. Apportioning the catalogue into numerous spaces
restricts the replication of items to particular geographic areas
yet brings about more authoritative overhead. It is superior to
minimize the quantity of domain spaces that you convey in your
forest. This lessens the general many-sided quality of the
sending and, accordingly, decreases complete expense of
proprietorship. The accompanying table records the regulatory
expenses connected with including provincial
domains.(technet.microsoft.com, n.d.)
ACTIVE DIRECTORY TOPOLOGY SHOWING DOMAIN
SERVICES
21. “DOMAIN CONTROLLER PLACEMENT AND RODC
CONSIDERATIONS IN THE DOMAIN CONTROLLER
PLACEMENT”
Regarding position of a read-just space controller (RODC) in a
site, consider how the RODC will recreate planned overhauls. A
RODC can recreate overhauls of the area segment just from a
writable space controller running Windows Server 2008 in the
same area. The RODC can imitate different allotments,
including application registry segments and worldwide
inventory segments, from any writable area controller that runs
"Windows Server 2012". A RODC can't be an origin domain
area controller for some other domain space controller since it
can't perform outbound replication. A RODC must imitate the
space allotment from a writable area controller running
"Windows Server 2012" in light of the fact that just a writable
space controller that runs "Windows Server 2012" can
implement the "Password Replication Policy (PRP)" for a
RODC. To recreate the space parcel to the RODC, you regularly
put a writable area controller running "Windows Server 2012"
in the closest site in your system topology to the site that
contains the RODC. The closest site in this sense is
characterized as the site that has the least cost site join for the
site that contains the RODC.
The given diagram displays how to place the “domain controller
of active directory”:
22. CONCLUSION AND RECOMMENDATION
The Windows Server 2012 R2 proposal provides the brief
detailed elements used in the deployment of the technical
business solution for the company so that you will continue
working and delivers the cloud services to its clients locating on
different sites in cost-effective and efficient manner. It is
appreciably recommended to you to adopt and deploy the server
2012 R2 edition on each client and server PCs to enhance the
network services and easy manageable facility for the clients.
Works Cited
Ferrill , P., & Ferrill, . (2014). Designing and Implementing a
Server Infrastructure. Microsoft.
Microsoft. (2015). Windows Deployment Services. Retrieved
from microsoft: https://msdn.microsoft.com/en-
us/library/windows/desktop/dd379586%28v=vs.85%29.aspx
microsoft. (n.d.). Namespace planning for DNS: Domain Name
System(DNS). Retrieved from microsoft:
https://technet.microsoft.com/en-
us/library/cc759036(v=ws.10).aspx
microsoft. (n.d.). What Is DHCP?: Dynamic Host Configuration
Protocol (DHCP). Retrieved from microsoft:
https://technet.microsoft.com/en-
us/library/cc781008(v=ws.10).aspx
microsoftpressstore. (n.d.). Design and Implement Network
Infrastructure Services. Retrieved from microsoftpressstore:
23. https://www.microsoftpressstore.com/articles/article.aspx?p=22
24361
Olsen, G. (2014). secure-files-in-windows-server-2012.
Retrieved from redmondmag.com:
https://redmondmag.com/articles/2014/03/01/secure-files-in-
windows-server-2012-with-ad-rms.aspx
technet.microsoft.com. (n.d.). Deploy Active Directory Domain
Services (AD DS) in Your Enterprise. Retrieved from
technet.microsoft.com: https://technet.microsoft.com/en-
us/library/hh472160.aspx
techveze. (n.d.). design-automated-server-installation-strategy.
Retrieved from techveze: http://www.techveze.com/design-
automated-server-installation-strategy/
Thomas, O. (2014). Training Guide Administering Windows
Server 2012 R2 . Computers Publications.
24. Title of paper
Student’s name
Course name and number
Instructor’s name
Date submitted
page number
Running head: ABBREVIATED TITLE OF PAPERpage number
[Write introduction]
Theories of Learning [heading]
[content]
Behaviorism [heading]
[content]
Name of a sub-theory/ideology [sub-heading]
[content]
Name of a sub-theory/ideology [sub-heading]
[content]
25. Cognitivism [heading]
[content]
Name of a sub-theory/ideology [sub-heading]
[content]
Name of a sub-theory/ideology [sub-heading]
[content]
Constructivism [heading]
[content]
Name of a sub-theory/ideology [sub-heading]
[content]
Name of a sub-theory/ideology [sub-heading]
[content]
Humanism [heading]
[content]
Name of a sub-theory/ideology [sub-heading]
[content]
Name of a sub-theory/ideology [sub-heading]
[content]
Personal Learning Strategies [heading]
[content]
Learning Strategies for Others [heading]
[content]
Conclusion [heading]
[content]
26. References
[List of references]
Example of formatting:
Rosser-Majors, M.L. (2017). Theories of learning: An
exploration. San Diego, CA: Bridgepoint Education.
Turner, M. L., & Engle, R. W. (1989). Is working memory
capacity task dependent? Journal of Memory and Language, 28,
127–154. doi:10.1016/0749-596X(89)90040-5
Windows Server Infrastructure Upgrade and Redesign at Fringe
Dynamic.
Overview
Fringe Dynamic is an educational software developer that
provides software and cloud computing solutions to private and
public educational institutions throughout North America and
Europe. The organization currently has four major offices
located in Jacksonville, Florida, Wood, South Dakota and
London, England. A sales team of more than a hundred work
across the United States and Europe, primarily from their own
homes. Fringe Dynamic has experienced a combination of
27. growth and disaster in the last 3 years and plans to add an
additional 130+ employees, including opening a new office in
Sandy, Utah in the next 6 months. To meet these growth
challenges, Fringe Dynamic is in the process of upgrading the
network environment from the current ad hoc design, comprised
of Windows 2003, 2008 and *NIX systems, to Windows 2012
R2 Active Directory. Steps have already been taken to improve
the network infrastructure. The Jacksonville, Florida location
has replaced all 2008 Domain Controllers with Windows 2012
Servers. However, the Wood, South Dakota and London,
England locations are still running a single Windows 2008
Domain Controller at each site. Currently all server and
workstation IP addresses are statically assigned. DNS is hosted
on an older generation UNIX server that has been hacked
several times due to faulty security. Remote users currently
connect via VPN, which has caused numerous security incidents
due to missing antivirus software, outdated AV signatures and
missing OS patches on workstations and laptops.
Although the Sandy, Utah location has not officially opened
there are ten users currently deployed to that location. There are
currently no domain controllers or qualified personal to support
them at this location. This site needs to be incorporated into the
Fringe Dynamic Active Directory ASAP. Sandy, Utah users
must be able to authenticate and access Fringe Dynamic Active
28. Directory services. Fringe Dynamic has recently acquired
another company Global Dynamics. The existing Global
Dynamics Active Directory Domain needs to be integrated into
the existing Fringe Dynamic Active Directory forest. The Fringe
Dynamic data center is located at the Jacksonville, Florida and
London, England locations. This is where Fringe Dynamic hosts
and maintains its cloud computing services. Due to increased
demand for its cloud services Fringe Dynamic has experienced
difficulty getting servers and services deployed in time due to
the lack of an efficient and cost-effective deployment process.
The current Active Directory is a single domain. It is up to you
finish the network design and improve the server infrastructure.
Current Physical Locations
Current Logical Design
Required Proposal Responses
Executive Overview – Provide an executive overview for
Infrastructure proposal. How will your proposal help Fringe
Dynamic? What are the key aspects of your design? Why should
Fringe Dynamic select your proposal over your competitors’
29. proposals?
Develop a Windows Deployment Design and plan an automated
client workstation and server installation strategy. This
objective can include but is not limited to: images and bare
metal/virtual deployment; plan for multicast deployment and
plan for Windows Deployment Services (WDS). This solution
should enable Fringe Dynamic to deploy client and server
operating systems in a timely and cost-effective manner.
Plan and deploy Virtual Machine Manager Services. This
objective may include but is not limited to: Design Virtual
Machine Manager service templates; plan and deploy profiles
including operating system profiles, hardware and capability
profiles, application profiles, plan and manage services
including scaling out, updating, and servicing services;
configure Virtual Machine Manager libraries. This solution
should enable Fringe Dynamic to deploy servers in a timely and
cost-effective manner.
Windows Server Design - Jacksonville, Florida has two Domain
Controllers. All other locations have single Domain Controllers.
Jacksonville, Florida’s domain controllers are running Windows
Server 2012, but the other sites are running Windows Server
2008 Domain Controllers. All other services on the network are
30. running on either older UNIX or Windows Server 2008 and
2003 servers. These legacy servers should be replaced as part of
this project. Describe your recommendations for the server
environment, focusing on any needed upgrades and the number
of servers needed at each location to handle key network
infrastructure services and roles (DNS, DHCP, File, Print,
RRAS, etc.) You can make any recommendation for the server
environment but explain how it will benefit your design.
Design and maintain a Dynamic Host Configuration Protocol
(DHCP) solution. This objective may include but is not limited
to the following: Design considerations including a highly
available DHCP solution including split scope, DHCP failover,
and DHCP failover clustering, DHCP interoperability, and
DHCP filtering. Describe how you will provide fault tolerance
in the event that a primary DHCP server should fail. How will
you handle remote users, network devices and printers?
DNS – Design a name resolution strategy. This objective may
include but is not limited to: Design considerations, including
Active Directory–integrated zones, DNSSEC, DNS Socket Pool,
cache locking, disjoint namespaces, DNS interoperability,
Single-Label DNS Name Resolution, zone hierarchy, and zone
delegation.
Implement a scalable Remote Access solution. This objective
may include but is not limited to: Configure site-to-site VPN;
31. configure packet filters; implement packet tracing; implement
multisite Remote Access and a DirectAccess solution.
Design an Active Directory topology. This objective may
include but is not limited to: Design considerations including
read-only domain controllers (RODCs), proximity of domain
controllers, replication optimization, and site link; Group
Policy, monitor and resolve Active Directory replication
conflicts.
Your proposal must incorporate the following items
1. All Domain Controllers must be Windows 2012 2R2 Active
Directory.
2. All sites must have Active Directory services available even
if a single Domain Controller fails.
3. Client IP address assignment must be automated and
manageable for all sites and locations.
4. DNS must be manageable and secure. Clients must be able to
resolve DNS even if a single DNS server fails or during an
internet connection outage.
5. DHCP should be designed with fault tolerance in mind.
6. Provide secure remote access solution that utilizes Network
Access Policy controls.
7. Provide easy and manageable workstation image and software
deployments. All workstations should be Window 8.
32. 8. Provide easy and manageable server image and software
deployments. All servers should be Windows Server 2012 R2.
9. Global Dynamics and Fringe Dynamic Active Directory
forests must be able to trust each other.
10. The Sandy location needs be integrated into the Fringe
Dynamic Active Directory. This solution must cost-effective,
manageable and secure.
Assignment Requirements
There are specific requirements for the assignment: The final
submission should contain at least 7 pages’ worth of text
written by the student (not counting title page, images,
diagrams, tables, or quotations), but may be longer, not to
exceed approximately 10 pages’ worth of student-supplied text.
(With the required diagram, and other images, title page, etc.,
the final submission may end up being more than 10 pages in
length.) It must be double-spaced, have 1-inch margins, and use
12-point Times New Roman or 10-point Arial/Helvetica font. A
title page is required; APA format for the title page is optional.
· At least one diagram must be included (not counted towards
the minimum length described above); this could be a diagram
describing Active Directory components, DHCP/DNS design, or
anything else that is worth displaying graphically to enhance the
reader’s understanding of the proposal. Additional diagrams,
images, or tables are welcome.
· The submission must cover all of the major topics outlined
33. above. Each choice should be explained with technical and
business reasoning. The solution should be reasonably detailed.
Additional topics may be covered as desired.
· The structure of the final submission is flexible. There is no
specific format required, although it should be organized
logically and represent a single, unified solution. It is likely
that the format will include separate sections for each of the
topics required, as well as a summary.
· At least two non-Lab, non-Wikipedia reference is required;
preferably, this would be a “best practice” guide or similar
content from Microsoft or an experienced provider of Microsoft
solutions.
· Be sure to properly quote or cite any sources used. APA
format is required for in-text citations and the list of works
cited at the end. It is expected that you are already familiar with
UMUC's "Policy on Academic Dishonesty and Plagiarism." It is
available in the Academic Policies section of the Syllabus; there
are also links in the Webliography. In its simplest form, if you
are using text from a source, you must cite and/or quote it. If
plagiarism is found, then there will be a penalty to the grade.