Designing a Microsoft Windows 2000 Network Infrastructure

685 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
685
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Designing a Microsoft Windows 2000 Network Infrastructure

  1. 1. Lesson Plans Designing a Microsoft Windows 2000 Network Infrastructure (Exam 70-221)
  2. 2. Table of Contents Table of Contents................................................................................................................ 1 Course Overview ................................................................................................................ 2 Course Preparation.............................................................................................................. 4 Section 1-1: Identifying Design Requirements................................................................... 6 Section 1-2: Creating an Initial Design............................................................................... 9 Section 1-3: Enhancing the Design................................................................................... 11 Section 1-4: Planning Implementation and Management................................................. 13 Section 2-1: Topology and Protocol Design..................................................................... 15 Section 2-2: IP Addressing ............................................................................................... 18 Section 2-3: Optimizing IP Addressing ............................................................................ 22 Section 2-4: Designing Routing........................................................................................ 25 Section 2-5: Enhancing the TCP/IP Design...................................................................... 29 Section 3-1: WAN Connections........................................................................................ 31 Section 3-2: Internet Connectivity .................................................................................... 34 Section 3-3: Proxy Server ................................................................................................. 37 Section 3-4: Remote Access ............................................................................................. 40 Section 4-1: DHCP Concept Review................................................................................ 44 Section 4-2: Designing Address Allocation...................................................................... 46 Section 4-3: Enhancing Address Allocation ..................................................................... 48 Section 5-1: Host Names and DNS Review ..................................................................... 50 Section 5-2: Designing DNS Resolution .......................................................................... 52 Section 5-3: Designing NetBIOS Name Resolution......................................................... 55 Section 5-4: Integrating DNS and WINS.......................................................................... 58 Section 5-5: Enhancing DNS and WINS .......................................................................... 60 Section 6-1: Integrating with Other Protocols .................................................................. 62 Section 6-2: Planning Additional Services ....................................................................... 64 Section 6-3: Planning Implementation and Management................................................. 66 Appendix A: Windows 2000 Network Infrastructure Design Objectives ........................ 69 Appendix B: Design Requirements Outline ..................................................................... 73 Appendix C: Design Your Home Office Network ........................................................... 75 ©2002 TestOut Corporation (Rev 11/02) 1 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  3. 3. Course Overview This course prepares students for the Microsoft certification Exam 70-221, Designing a Microsoft Windows 2000 Network Infrastructure. Before beginning this course, students should have completed the four Windows 2000 core courses, or have equivalent knowledge. Students certified for Microsoft Windows NT 4.0, should have a Windows NT 4.0 to Windows 2000 update course. Module 1 Module 1 covers the general process of designing a network infrastructure for a Windows 2000 network. Module 2 Module 2 covers the basics of designing a LAN, including evaluating the physical network, subnetting, and designing routing. Module 3 Module 3 covers WAN design. Module 4 You can use DHCP with Windows 2000 to dynamically set client information. Module 4 covers methods for increasing DHCP performance, availability, and fault tolerance. Module 5 A Windows 2000 network needs a way to resolve host names (and perhaps NetBIOS names) to IP addresses. Module 5 explains how to design DNS and NetBIOS name resolution systems. Module 6 The design tasks covered in previous modules are the focus of this course. Module 6 explains other design tasks to consider. Module 7 Module 7 reviews the most essential design rules presented in this course. It is meant to be used as a final review and study guide for Exam 70-221, Designing a Microsoft Windows 2000 Network Infrastructure. Consider printing this material for use as a last minute review of design principles. Lab/Activities This section of each lesson plan contains lecture activities and/or design activities. Lecture activities can be presented on the board or with handouts. They do not require student computers, so they work well in a traditional classroom. Design Activates outline a network planning project that lasts during the entire course. These activities are ©2002 TestOut Corporation (Rev 11/02) 2 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  4. 4. designed to give the student a design experience that is a close as possible to a real design project. Design and Homework Suggestions Require each student to maintain a design notebook. This should be three-ring binder, as students will be adding documents to the notebook throughout the course. The design project may be done as an individual project or as a group project. Because of the scope of the project, and because real projects require teamwork, we recommend a combination approach. First, assign design documents as individual projects. Have each student complete a rough draft design. Then, as a class, or in small groups, discuss the rough draft designs, and combine them into a group design document. This allows you to evaluate individual students, while providing the teamwork common in real projects. In addition to regular lectures and design requirement discussions, plan to add a few hours of design review to the course. (These hours are not included in the 32 total instructional hours listed in the lesson plans.) Try to schedule design reviews as students complete major design elements. You may also want to schedule design presentations at the end of the course. The Homework Suggestions section may contain a list of Skill Review Exercises. These are not required to meet Microsoft exam objectives. Students should already know how to accomplish these tasks from the Network Infrastructure Administration course. These exercises are included because students may not remember material from the earlier course, or they may not have adequately understood the material. Use Skill Review Exercises as needed to improve prerequisite skills and understanding. The Homework Suggestions section also lists the focus question for the next section. Present this question at the end of class. Start each class with the focus question presented in the previous class. Encourage students to be prepared to answer the question, but make sure they understand that you don’t need a complete answer. You want them to preview the next section for a basic answer. This can help stimulate a better quality discussion and questions during the lecture. It will also help you assess student understanding of the topic. Consider the focus question for Section 1-2. Once you have identified design requirements, how do you start to create a design? Students should be able to provide simple responses such as: Determine the network architecture, protocols, and services. Create an IP addressing scheme. Plan for DNS services. ©2002 TestOut Corporation (Rev 11/02) 3 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  5. 5. Course Preparation In Advance Setup TestOut courseware and create student accounts. Instructor Computer Setup This course emphasizes network design. It can be taught in a classroom without any computers. Students need access to computers to run the TestOut course software and they need access to word processing software so they can prepare design documents. If you wish to use the Skill Reviews or demonstrate tasks as you review concepts, use the classroom configuration for the Network Infrastructure Design course. This configuration is described in the following paragraphs. Install a Windows 2000 domain controller, running DNS. Typically, this domain should be isolated from the working network. Consider using a domain name such as mcseclass.local. This computer will be the DNS server for the classroom. You may want to configure the DNS server as a forwarder. Point it to the “real” DNS server, so that student requests for non-local names will be passed on and resolved. Because students need to install and configure network services, they will need extensive administrative access to the domain. As a result, you probably don’t want students to join the domain hosted by the instructor computer. Instead, create a zone on the instructor’s computer to host the DNS domain name space used by the student computers (for example, students.local). Ideally, your classroom hub or switch will be accessible so you can unplug the classroom network from the rest of the network. This allows you to practice with services such as DHCP. When running something that is potentially disruptive, simply unplug the classroom until the practice is over. Student Computer Setup If you wish to use the Skill Reviews or demonstrate tasks as you review concepts, use the classroom configuration for the Network Infrastructure Design course. This configuration is described in the following paragraphs. Computers need to support Windows 2000 Server running Active Directory. Because the TestOut material contains audio, computers should have sound cards. You may want to require students to bring their own headphones or provide them. ©2002 TestOut Corporation (Rev 11/02) 4 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  6. 6. Start with Windows 2000 Server installed on each computer on a 3 to 4 GB partition. (Partition size depends on the amount of other software you plan to install.) Install the Administration tools on each computer (Adminpak.msi). Ideally, setup the computers in pairs – one as a domain controller and one as a member server. This allows students to work in pairs when you want to look at the difference between a member server and a domain controller. Set up a parent and a child domain. Configure each student computer to use the DNS server on the instructor computer. The following table shows a sample layout for a classroom with 12 computers. Instructor Computer Instructor1.mcse.local DNS server Computer1.student.local Computer2.student.local Computer7.child.student.local Computer8.child.student.local Domain controller Member server Domain controller Member server Computer3.student.local Computer4.student.local Computer9.child.student.local Computer10.child.student.local Domain controller Member server Domain controller Member server Computer5.student.local Computer6.student.local Computer11.child.student.local Computer12.child.student.local Domain controller Member server Domain controller Member server Student computers should have static IP addresses. The computers are servers, and some of the services they will install during the course of the class require static IP addresses. One way to create this type of lab is to use removable hard drives in the student computers. Students check out the drives for their classes. This allows you to teach multiple classes in a single lab, while preventing one class from damaging or destroying the installations used by another class. To facilitate the frequent computer OS rebuilds required by this type of lab, consider investing in disk duplication software. You could also create unattended installation files to automate the baseline Windows 2000 installations needed for the lab computers. ©2002 TestOut Corporation (Rev 11/02) 5 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  7. 7. Section 1-1: Identifying Design Requirements Preparation A network infrastructure consists of the core services and technologies that enable network communication. The first step in designing a network infrastructure is to identify the design requirements. This section explains how to identify design requirements. Before class, prepare for the design project. This is by far the longest lab in the course. It will probably take a few hours to completely identify network design requirements. The time spent on this activity is well worth the effort, as a good requirements discussion is the foundation for design solutions throughout the course. In this project, you are designing the network infrastructure for your school. Use the design requirements outline in Appendix B to collect the information needed to present to the students. Be prepared to identify existing network conditions, stakeholders and desired conditions. Describe the organization structure, network users, and resources in detail. If you don’t have exact numbers, give a reasonable estimate. Keep the discussion of network infrastructure light. You will fill in details later in the course. Provide details about network management and trends. Students will need this information as they try to balance requirements. As you identify stakeholders and desired conditions, try to identify real issues with your current environment. If possible, invite one of your network administrators to class to discuss desired improvements. Students will need to balance requirements based on the information you presented. Exam Objectives 101 Analyze the existing and planned business models. 102 Analyze the existing and planned organizational structures. Considerations include management model; company organization; vendor, partner, and customer relationships; and acquisition plans. 103 Analyze factors that influence company strategies. 104 Analyze the structure of IT management. Considerations include type of administration, such as centralized or decentralized; funding model; outsourcing; decision-making process, and change-management process. 201 Evaluate the company's existing and planned technical environment and goals. 202 Analyze the impact of infrastructure design on the existing and planned technical environment. 203 Analyze the network requirements for client computer access. 204 Analyze the existing disaster recovery strategy for client computers, servers, and the network. 604 Design a resource strategy. ©2002 TestOut Corporation (Rev 11/02) 6 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  8. 8. Vocabulary: requirements, existing conditions, desired conditions, stakeholder, organizational structure, users, resources, network infrastructure, network management, trends, organization management Focus Question: What are design requirements and how do I go about documenting them? Time About 3 hours; about 1½ hours to introduce course and discuss Section 1-1, 1½ hours to discuss your network design requirements. Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Introduce instructor. • Have each student introduce self, explain why he or she are taking the course, and what he or she hope to get out of it. • Hand out and explain syllabus, lab policies, and any other required introductory material. • Explain the lab notebook to students and make sure they understand that they must have a notebook for the next class session. • Demonstrate login to network. • Demonstrate how to access the courseware. • Counsel students who don’t meet the prerequisite requirements. Before beginning this course, students should have completed the Windows 2000 four core courses, or have equivalent knowledge. Students certified for Microsoft Windows NT 4.0, should have a Windows NT 4.0 to Windows 2000 update course. Specifically, students should be familiar with the following: o Windows 2000 networking basics. o Configuring remote access, packet filters, and VPNs. o Implementing a PKI. • Discuss the nature of design requirements. o Requirements suggest existing and desired conditions. o Multiple stakeholders may exist. o A given stakeholder may have multiple requirements. o Requirements are not always communicated. • Discuss how to identify existing conditions. o Organizational structure. o Network users and resources. o Network infrastructure. o Network management. o Trends and other known changes. ©2002 TestOut Corporation (Rev 11/02) 7 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  9. 9. • Discuss how to identify stakeholders and desired conditions. o Network users. o Network management. o Organization management. • Discuss balancing requirements. o Ask stakeholders to clarify. o Who is your boss? o Who has the ultimate responsibility? o What is really needed? o Design multiple options. Lab/Activity Design Activity • Identify Existing Conditions. o Create a document that identifies existing conditions. Use the outline in Appendix B. • Identify Stakeholders and Desired Conditions. o Create a document that identifies stakeholders and desired conditions. Use the outline in Appendix B. • Balancing Requirements. o Create a document that assigns priorities to each of the desired outcomes. Use the outline in Appendix B. Assessment Check design notebooks. Homework Suggestions • Read Section 1-1 and take the section test. • Research the focus question for the next section. o Once you have identified design requirements, how do you start to create a design? • Go to http://www.microsoft.com/windows2000/techinfo/reskit/dpg/default.asp. Download the Deployment Planning Guide – Complete. Read Chapter 6, Preparing Your Network Infrastructure for Windows 2000 and Appendix A, Preparing Your Network Infrastructure for Windows 2000. ©2002 TestOut Corporation (Rev 11/02) 8 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  10. 10. Section 1-2: Creating an Initial Design Preparation After you have a good understanding of the environment, a list of design requirements, and know which requirements have priority, you can begin designing specific solutions to meet the requirements. This section discusses the initial design creation. Exam Objectives Vocabulary: initial design, enhanced design, network architecture, network protocols, network services, Ethernet, PSTN, Token Ring, FDDI, ISDN, Frame Relay, DSL, TCP/IP, IPX/SPX, AppleTalk, SNA, IP Routing, static, dynamic, autostatic, RIP, OSPF, Connection sharing, routing, NAT, proxy server, remote access, VPN, PPTP, L2TP, DNS, WINS, SNA Gateway Services, Gateway Services for NetWare, SQL Server, IIS Server, Exchange Server, Terminal Services, Dfs, Active Directory Focus Question: Once you have identified design requirements, how do you start to create a design? Time About 1 hour Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Discuss characteristics of an initial design. o Initial design. o Enhanced design. • Discuss general components of a network infrastructure design. These topics should be review for students. o Network architecture. • Ask students to name LAN and WAN architectures. o Network protocols. • Ask students to name common protocols. o Network services. • Ask students to name common network services. • Discuss components of a Windows 2000 TCP/IP network infrastructure design. Briefly review each topic. o IP Addressing. • What do you need to assign to each host when you configure IP? o IP Routing. • Static, dynamic, autostatic. • RIP, OSPF. ©2002 TestOut Corporation (Rev 11/02) 9 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  11. 11. o Internet Access. • Connection sharing, routing, NAT, proxy server. o Remote Access. • Dial-up, VPN. • PPTP, L2TP. o IP Address Allocation (Host Configuration). • Manual or dynamic. o Name Resolution. • DNS, WINS. o Other Services. • SNA Gateway Services. • Gateway Services for NetWare. • SQL Server. • IIS Server. • Exchange Server. • Terminal Services. • Dfs Services. • Active Directory Services. Lab/Activity Lecture Activity • Ask students to name LAN and WAN architectures, common protocols, and common network services. Design Activity • Create an initial design checklist. o General design topics include architecture, protocols, and services. o Windows 2000 design topics include IP addressing, IP routing, Internet access, remote access, IP address allocation, name resolution, and other services. • For each topic, tentatively identify whether there need to be changes to the existing network. For example, if users requested remote access and none exists, remote access design needs to be addressed. If IT managers identified slow WAN links as a major concern, your WAN architecture needs to be addressed. You will fill in details for all of these topics as you complete the course. Assessment Were students able to name LAN and WAN architectures, common protocols, and common network services? Are they familiar with the components of a Windows 2000 TCP/IP network infrastructure design? If not, they need to review these topics in order to be successful in this course. Homework Suggestions • Read Section 1-2 and take the section test. • Research the focus question for the next section. o What can you do to enhance your initial network design? ©2002 TestOut Corporation (Rev 11/02) 10 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  12. 12. Section 1-3: Enhancing the Design Preparation After creating an initial design, you may need to enhance the design to meet security, performance, or availability requirements. This section introduces some enhancement principles and technologies discussed throughout this course. Vocabulary: firewalls (Packet Filters), demilitarized zones (DMZs), tunneling, Internet Protocol Security (IPSec), Virtual Private Networks (VPN), caching, load sharing, DNS round robin, Network Load Balancing (NLB), stability, isolation, redundancy, Microsoft Windows Cluster Server (MSCS) Focus Question: What can you do to enhance your initial network design? Time About 1 hour Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Discuss enhancing security. o Firewalls (Packet Filters). o Demilitarized Zones (DMZs). o Tunneling. o Internet Protocol Security (IPSec). o Virtual Private Networks (VPN). • Discuss enhancing performance. o Using adequate hardware. o Eliminating unnecessary communication. o Co-locating users and resources. o Caching. o Load sharing. o DNS round robin. o Network Load Balancing (NLB). • Discuss enhancing availability. o Stability. o Isolation. o Redundancy. o Microsoft Windows Cluster Server (MSCS). ©2002 TestOut Corporation (Rev 11/02) 11 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  13. 13. Lab/Activity Design Activity • This section should be revisited at the end of the course, before students hand in completed design projects. When design projects are almost finished, ask students to reread this section and review their designs. • Write a short paper critiquing the existing design and suggest improvements that could enhance security, performance, and/or availability. Assessment Check design notebooks. Homework Suggestions • Read Section 1-3 and take the section test. • Research the focus question for the next section. o How do you implement a network design? What sort of planning is involved? • Look at the documentation that describes your existing network. Identify two potential security risks. • Look at the documentation that describes your existing network. Identify two areas that would benefit from increased performance. • Look at the documentation that describes your existing network. Identify two areas that need high availability. ©2002 TestOut Corporation (Rev 11/02) 12 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  14. 14. Section 1-4: Planning Implementation and Management Preparation After designing a network infrastructure, you need to plan how you will implement the design and manage the network infrastructure after it is in place. This section presents some fundamental principles of implementation and management planning. Exam Objectives 601 Design a strategy for monitoring and managing Windows 2000 network services. Services include global catalog, Lightweight Directory Access Protocol (LDAP) services, Certificate Services, DNS, DHCP, WINS, Routing and Remote Access, Proxy Server, and Dfs. 602 Design network services that support application architecture. 603 Design a plan for the interaction of Windows 2000 network services such as WINS, DHCP, and DNS. 604 Design a resource strategy. Vocabulary: implementation planning, acceptance criteria, management planning Focus Question: How do you implement a network design? What sort of planning is involved? Time About 1 hour Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Discuss principles of implementation planning. o Foundation first. o Minimizes risk. o Maximizes return. o Monitored. o Accommodates users. • Discuss principles of management planning. o On-going. o Crisis-oriented. o Trend-oriented. o Other conditions. ©2002 TestOut Corporation (Rev 11/02) 13 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  15. 15. Lab/Activity Design Activity • This section should be revisited at the end of the course, when students study Section 6-3. At that time, they will create an implementation and management plan. Assessment Check design notebooks. Homework Suggestions • Read Section 1-4 and take the section test. • Research the focus question for the next section. o How do I determine which topologies and protocols to use? Where should I place subnets? • In the Deployment Planning Guide – Complete read Chapter 1, Deployment Planning, and Chapter 2, Creating a Deployment Roadmap. ©2002 TestOut Corporation (Rev 11/02) 14 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  16. 16. Section 2-1: Topology and Protocol Design Preparation Bandwidth measures the amount of traffic that can be sent on a network. Two factors that affect the available bandwidth are the network's physical structure and the total number of hosts on each network segment (which affects the amount of network traffic generated). As you design a network infrastructure, you will need to identify the bandwidth requirements and design or modify the network structure accordingly to provide the necessary bandwidth. This section covers the following topics related to the physical network design. Before class, gather information for the requirements documentation. This includes information on the existing architecture, topology, and protocol use. Be able to identify desired improvements. Exam Objectives 301 Modify and design a network topology. Vocabulary: network architecture, Ethernet, Token Ring, LAN backbone, 10Base2, 10BaseT, 100BaseT, network protocol, TCP/IP, IPXC/SPX, AppleTalk, SNA, NetBIOS, NetBEUI, NetBT Focus Question: How do I determine which topologies and protocols to use? Where should I place subnets? Time About 2 hours Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Discuss selecting a network architecture. o Define network architecture. o Compare Ethernet and Token Ring. o Describe LAN backbones. • Discuss modifying an existing topology. o Define topology. o Explain what is involved when upgrading from 10Base2 to 10BaseT. o Explain what is involved when upgrading from 10BaseT to 100BaseT. • Discuss selecting a networking protocol. o Briefly review common protocols: TCP/IP, IPX/SPX, AppleTalk, SNA. o Where is each protocol used? o Discuss application and platform support. ©2002 TestOut Corporation (Rev 11/02) 15 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  17. 17. • Discuss in these topics in detail. o NetBIOS. • NetBIOS computer names. • Pre-Windows 2000 clients require NetBIOS names for networking. Windows 2000 can use it, but is not required. o NetBEUI. • Windows 3.11, NT 3.x, and LAN manager require it. o NetBT. • You can turn this off on Windows 2000 computers. This causes problems if you also have pre-Windows 2000 computers on the network. • Discuss selecting network protocols. o Compare TCP/IP, NetBT, NetBEUI, IPX/SPX, AppleTalk, and SNA. o When would you use each protocol? What is it for? o When is each protocol required? • Discuss subnetting the network. o Reasons for subnetting: • Improve performance. • Enforce security. • Connect dissimilar architecture. o Subnetting guidelines: • Keep users resources they use on the same subnet. • Analyze network traffic, and subnet to reduce traffic as necessary. • Subnet based on physical location. • Analyze the capacity of routers. • Anticipate future growth. o Subnet design should include: • Total number of needed subnets. • Maximum number of devices supported on each subnet. • Physical location of each subnet. • Number, location, and capability of the routers. Lab/Activity Design Activity • Fill in details in the requirements documentation. o Document the existing architecture and topology by creating detailed network diagrams. Create a diagram that describes the physical network. Include: • Details such as the physical paths of the wiring, analog, and ISDN lines. • Location of devices such as hubs, switches, modems, routers and bridges. o Document current protocol use. If more than one protocol is used, identify clients and servers that need to communicate with each other. ©2002 TestOut Corporation (Rev 11/02) 16 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  18. 18. o If necessary, identify desired improvements. Most of this information will come from the IT staff. User complaints of slow access might point to issues such as slow hubs or a need for better subnetting. Desired conditions may have been covered when you initially discussed requirements. • If necessary, revise your desired outcomes document and readdress balancing of requirements. • Create an architecture, topology, and protocol design document. o Architecture – Will the architecture change or remain the same? (Architecture is likely to remain the same, unless you are designing a brand new network.) o Topology – Will the topology change or remain the same? This may include a network wide change, such as upgrading to 100BaseT, or you may simply replace some components, such as replacing hubs with faster switches. o Protocol Design – What protocol(s) will be used? Which clients and hosts will use which protocol? Will all clients run all protocols? Do you need to install a gateway or a proxy? o Subnet Design – Create a diagram(s) to describe subnet placement. At this point, you don’t need to identify network addresses for each subnet. If the current subnet design is adequate, note this in the documentation. You may want to make a few minor changes, such as splitting an existing subnet that currently has too much traffic, or moving a group of users that generates excessive traffic to their own subnet. Assessment Check design notebooks. Homework Suggestions • Read Section 2-1 and take the section test. • Research the focus question for the next section. o How do I create an IP addressing scheme for my network design? • Use the Internet to research price and features for three different hubs. Compare the devices, and recommend a choice for your network design. • Use the Internet to research price and features for three different switches. Compare the devices, and recommend a choice for your network design. ©2002 TestOut Corporation (Rev 11/02) 17 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  19. 19. Section 2-2: IP Addressing Preparation After you have determined how many hosts will be on your network, how many subnets are needed and how many hosts should be on each subnet. The next step is to identify the address and mask for each subnet. This section reviews IP subnetting concepts covered in the earlier courses and applies them to network design. Exam Objectives 302 Design a TCP/IP networking strategy. Vocabulary: subnet mask, default subnet mask, custom subnet mask, private addressing, public addressing, network address Focus Question: How do I create an IP addressing scheme for my network design? Time About 2 hours Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Review IP addressing. Students should know this material, but if they don’t, spend time reviewing these concepts. o IP addressing. • 32 bit addresses. • Octets. o Default subnet mask. • Discuss default mask for each class. • Stress that this mask does NOT create subnets. You have a single network ID, with all hosts on the same subnet. o Custom subnet mask. • A custom mask covers more bits than the default mask. • This creates additional subnets. • Review binary numbers. Students should know this material, but if they don’t, spend time reviewing these concepts. o Remind students of the decimal system. • Decimal is based on powers of 10. ©2002 TestOut Corporation (Rev 11/02) 18 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  20. 20. o The binary system is based on powers of 2 instead of 10. • Digits are 0, 1. • Calculate powers of 2. 20 = 1, 21 = 2, 22 = 4, 23 = 8, 24 = 16, 25 = 32… • 10011000 = 1*27+0*26 + 0*25 + 1*24 + 1*23 + 0*22 + 0*21 + 0*20 = 1*128 + 0*64 + 0*32 + 1*16 + 1*8 + 0*4 + 0*2 + 0*1 = 152 o Explain how to convert between binary and decimal. • By hand. • Using a calculator. • Discuss selecting the network address. o Private IP addresses. o Private IP addresses. • 10.0.0.0 to 10.255.255.255 • 172.16.0.0 to 172.31.255.255 • 192.168.0.0 to 192.168.255.255 o When do you use public addresses? o When do you use private addresses? o Select the network address and mask. • Use the existing network address. • If connecting to the Internet and using public addressing, request a block of addresses. • If not connected to the Internet or using private addressing, select the mask and the network address. • Discuss choosing the subnet mask. o Begin by selecting the subnet mask based on the total number of subnets required. o Verify that the mask provides enough hosts per subnet. o Modify the mask to accommodate more hosts if necessary. Verify that the necessary number of subnets is still supported. • Review methods for calculating a subnet mask based on the number or required subnets. o Calculating the mask. Explain the technique, and then do the lecture activities as a class. o Selecting the mask from a table. Explain the technique, and then do the lecture activities as a class. • Review methods for calculating the number of hosts per subnet. Then do the lecture activities as a class. o Calculating the number of hosts. o Identifying total hosts from a table. • Review assigning the subnet address. Then do the lecture activities as a class. o Given a network ID and a subnet mask, show students how to identify valid subnet addresses. ©2002 TestOut Corporation (Rev 11/02) 19 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  21. 21. o After calculating the valid subnet addresses, show students how to determine the range of valid IP addresses on each subnet. • The first IP address in each range is not used as a host ID because it is the network ID for that subnet. o The last IP address in each range is not used as a host ID because it is the broadcast address for that subnet. Lab/Activity Lecture Activity • Calculate subnet masks. o Divide the Class A address 10.0.0.0 into 190 subnets. o Divide the Class B address 172.16.0.0 into 10 subnets. o Divide the Class C address 192.16.5.0 into 2 subnets. • Select the mask from a table. o Divide the Class A address 10.0.0.0 into 220 subnets. o Divide the Class B address 172.16.0.0 into 34 subnets. o Divide the Class C address 192.16.5.0 into 4 subnets. • Calculate the number of valid host IDs on each subnet. o Network ID 10.0.0.0, subnet mask 255.255.248.0 o Network ID 145.16.0.0, subnet mask 255.255.192.0 o Network ID 192.168.1.0, subnet mask 255.255.255.128 • Identify valid subnet addresses. o Network ID 192.168.2.0, subnet mask 255.255.255.192 o Network ID 192.168.2.0, subnet mask 255.255.255.224 o For each subnet address you calculated in the last exercise, identify the range of valid IP addresses. What is the broadcast address for each subnet? What is the network ID for each subnet? Design Activity • Select an IP addressing scheme. o Will you use private or public IP addresses? o If using private IP addressing, do you need to connect to the Internet? o What public IP address(s) will be used to connect to the Internet? o Assign subnet addresses to your subnet placement design. Assessment • Did students participate during the lecture activity? Do they understand the IP problems? • Check design notebooks. ©2002 TestOut Corporation (Rev 11/02) 20 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  22. 22. Homework Suggestions • Read Section 2-2 and take the section test. • Research the focus question for the next section. o How do I optimize my IP addressing design? • Calculate subnet masks or select the mask from a table. o Divide the Class A address 10.0.0.0 into 30 subnets. o Divide the Class B address 172.16.0.0 into 6 subnets. o Divide the Class C address 192.16.5.0 into 4 subnets. o Divide the Class A address 10.0.0.0 into 90 subnets. o Divide the Class B address 172.16.0.0 into 20 subnets. o Divide the Class B address 172.16.0.0 into 125 subnets. • Calculate the number of valid host IDs on each subnet. o Network ID 10.0.0.0, subnet mask 255.255.224.0 o Network ID 172.16.0.0, subnet mask 255.255.248.0 o Network ID 192.168.2.0, subnet mask 255.255.255.128 • Identify valid subnet addresses. o Network ID 192.168.1.0, subnet mask 255.255.255.128 o Network ID 192.168.1.0, subnet mask 255.255.255.224 o Network ID 192.168.1.0, subnet mask 255.255.255.240 o Network ID 172.16.0.0, subnet mask 255.255.255.0 o Network ID 172.16.0.0, subnet mask 255.255.248.0 • For each subnet address you calculated in the last exercise, identify the range of valid IP addresses. What is the broadcast address for each subnet? What is the network ID for each subnet? ©2002 TestOut Corporation (Rev 11/02) 21 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  23. 23. Section 2-3: Optimizing IP Addressing Preparation The last section reviewed how to identify the subnet mask and subnet addresses based on the number of required subnets and the number of hosts per subnet. This section teaches students how to customize the subnetting scheme to better utilize available IP addresses and reduce routing overhead. Exam Objectives 302 Design a TCP/IP networking strategy. 503 Design a Routing and Remote Access routing solution to connect locations. Vocabulary: system-wide subnet mask, VLSM, CIDR, hierarchical routing, route aggregation, supernetting Focus Question: How do I optimize my IP addressing design? Time About 1 hour Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Custom subnet masks. o Uses a mask different from the default mask. o Discussion in last section generated a system-wide subnet mask. o Pitfall of a system-wide subnet mask: • Subnets don’t support enough hosts. • Not enough available subnets. o Discuss wasted IP addresses. • VLSM – variable length subnet masks. o Use different masks for different subnets. o Select the subnet mask for individual subnets based on the number of hosts required on the subnet. o Conserve IP addresses by sizing the address range for a subnet based on the maximum number of hosts. • Guidelines for VLSM design. Use VLSM when: o You cannot create subnets with a single mask that give you enough subnets or hosts. o You cannot select a different network address. o Your network is connected to the Internet and is using public addressing. o You need to minimize the number of unused or wasted IP addresses. ©2002 TestOut Corporation (Rev 11/02) 22 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  24. 24. o Implementation factors. • VLSM is more complicated. • Make sure that routers support VLSM. • Make sure that subnet addresses or ranges do not overlap. • CIDR – Classless Interdomain Routing. o Hierarchical routing. o Route aggregation. o Review CIRD notation. • Make sure students understand that this is exactly the same as the subnetting discussed earlier. It is simply a different notation. • They may decide they like this notation better, and prefer it for calculations. That’s fine. • Show students how to convert between the CIDR notation and dotted decimal notation for masks. o /25 and 255.255.255.192 • Review supernetting. o Supernetting allows you to combine multiple networks into a single logical network. It is essential the opposite of subnetting. o Show students how to calculate a supernet mask. o Show students how to calculate the CIDR bit number. • Discuss CIDR design guidelines. o When to use CIDR: • To reduce the size of individual routing tables. • If your network advertises routes on the Internet. • If supernetting is required. o Design guidelines. • Structure the physical layout of the routers hierarchically. • Assign subnet addresses with custom masks to match the physical network layout. • Routers must support both VLSM and CIDR. Lab/Activity Lecture Activity • Design a VLSM solution. You are using the network ID 192.168.1.x. You need to divide this network ID in to five subnets. The first four subnets each require 30 host IDs. The last subnet requires 60 host IDs. • Practice converting between CIDR and dotted decimal notation. o /9 o /18 o /21 o /30 o 255.0.0.0 o 255.255.192.0 o 255.255.255.0 o 255.255.255.224 ©2002 TestOut Corporation (Rev 11/02) 23 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  25. 25. • Calculate the supernet mask values. o You need to group eight class C addresses, ranging from 201.10.0.0 to 201.10.7.0. o You need to group five class C addresses, ranging from 198.121.23.0 to 198.121.27.0. • Calculate the CIDR bit number for the supernets you created in the last activity. Design Activity • Review your subnet address design. Make changes as necessary to optimize your subnet design. You may decide that your design is adequate. In that case, briefly defend your design decisions. Assessment • Did students participate during the lecture activity? Do they understand the IP problems? • Check design notebooks. Homework Suggestions • Read Section 2-3 and take the section test. • Research the focus question for the next section. o How do I design a routing solution for my network? • Practice converting between CIDR and dotted decimal notation. o /10 o /11 o /23 o /31 o 255.192.0.0 o 255.255.248.0 o 255.255.255.248 o 255.255.255.252 • Calculate the supernet mask values. Calculate the CIDR bit number for each of the supernets. o You need to group eight class C addresses, ranging from 201.10.16.0 to 201.10.23.0. o You need to group thirty-two class C addresses, ranging from 207.1.64.0 to 207.1.95.0. ©2002 TestOut Corporation (Rev 11/02) 24 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  26. 26. Section 2-4: Designing Routing Preparation If you are designing a network with multiple subnets, you will use routers to connect the subnets and enable intersubnet communication. Routers move data between various networks by keeping track of known networks in their routing tables. The routing table identifies the network and the interface or next hop router used to reach that network. As part of your design, you will need to identify how routers build routing tables. This section covers routing design. Prepare a graphic/example to use when discussing OSPF autonomous system components Exam Objectives 302 Design a TCP/IP networking strategy. Vocabulary: static routing, dynamic routing, autostatic routing, directly connected networks, default route, RIP, OSPF, IGMP, multicast Focus Question: How do I design a routing solution for my network? Time About 1 hour Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Discuss routing methods. o Static routing. o Dynamic routing. o Autostatic routing. • Discuss default routing table entries. o Directly-connected networks. o The default route. • Design guidelines for selecting a routing method. o Default routes. • Networks with only one router. o Static routes. • Small networks. • If network routes rarely change. • To reduce traffic due to routing updates. • To prevent route broadcasting. o Dynamic routing. • Medium to large networks. • Networks that change frequently. ©2002 TestOut Corporation (Rev 11/02) 25 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  27. 27. • To reduce administration of routing. o Auto-static routing. • Networks connected by expensive or non-persistent WAN links. • If OSPF is not used as the routing protocol. • To control when routing updates take place (schedule). • The choice of the routing protocol depends on: o The networking protocol. o The number of networks in the routing table. o The routing protocols supported by existing routers. o The routing protocols already in use in the network. • Windows 2000 Routing Support. o Configured as a software router capable of 40,000 packets/second. o Supports RIP 1, RIP 2, and OSPF routing protocols (TCP/IP). o Supports RIP and SAP protocols (IPX). o Supports DHCP packet forwarding. o Supports IP packet filtering. o Supports a wide range of LAN and WAN boards from major manufacturers. • Guidelines for selecting an IP routing protocol. o RIP version 1. • Small networks. • Existing routers run RIP v1. o RIP version 2. • Small networks. • Use multicasts or unicasts for exchanging routing table updates. • Implement router authentication. • Support VLSM or route aggregation. • Support autostatic routing. • Discard routes from specific routers. o OSPF. • Large networks. • Support VLSM or route aggregation. • Maintain redundant paths to a single destination. • Faster sharing of routing information. • Reduce traffic due to routing updates (OSPF generates less traffic than RIP). • Implement router authentication. • RIP cannot be used. • Introduce OSPF design. Define the following terms: o Autonomous System (AS). o Area. o Network. • Use a picture to discuss OSPF autonomous system components. o AS boundary router. o Backbone. ©2002 TestOut Corporation (Rev 11/02) 26 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  28. 28. o Areas. • OSPF special design conditions. o Stub Area. o Virtual Link. • General steps to design an OSPF network: o Identify the backbone area. o Subdivide the remaining networks into areas. Try to ensure that all inter- area traffic crosses the backbone. o Assign subnet addressing, organizing addresses hierarchically as much as possible. o Configure routers within and between areas. Configure how routers share routing information. • OSPF design guidelines. o Create a single backbone. o Create all stub areas if possible. Avoid virtual links. o Create areas with 100 networks or less. o Assign area subnetting so that only one route is summarized onto the backbone for all area subnets. o Identify the least busy router as the designated router for each area. • Multicasting. o Define multicasting. Describe how it works. o IGMP tasks and Windows 2000 support. o IGMP interface modes. o Design guidelines. • Make sure the Windows 2000 server is the last router in the multicast path • Configure the private interface in Router mode. • Configure the public interface in Proxy mode. • For a single-router network not connected to any other networks, configure both interfaces in Router mode. • Discuss enhancing router security. o Requiring authentication. o Encrypt router-to-router traffic. o Eliminate all router updates. o Keep routers in a locked facility. o Use passwords. o Run only routing services on the router. • Discuss enhancing router performance and availability. o Limit the number of other services running on the device. o Upgrade hardware. o Design subnet addresses to permit summarization and reduce routing table sizes. o Replace software routers with hardware routers. • Enhancing network communications with routers. o Configure packet filters on routers to screen traffic. o Use routers to create screened subnets. ©2002 TestOut Corporation (Rev 11/02) 27 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  29. 29. o Provide redundant paths between networks. o Use load balancing to select the least congested route. o Use metrics to force traffic over faster or preferred links. o Upgrade WAN or network connections. o Properly place network devices to reduce traffic. Lab/Activity Design Activity • Identify locations where you will use Windows 2000 routers and identify routing protocols. o If your network already has hardware routers, you probably don’t plan to replace them with Windows 2000 routers. In this case, simply identify the location of your routers. • Create a diagram that shows router placement, and port addresses for each subnet on each router. This diagram is a simple addition to your IP subnet design. • Write a brief paper describing how you plan to address router security, performance, and availability. o For example, all routers will be configured with passwords to control access, and only IT staff will have keys to the rooms where the routers are kept. Assessment Check design notebooks. Homework Suggestions • Read Section 2-4 and take the section test. • Research the focus question for the next section. o How can I further enhance my TCP/IP design? • Use the Internet to research price and features for three different routers. Compare the devices, and recommend a choice for your network design. • In the Deployment Planning Guide – Complete read Chapter 7, Determining Network Connectivity Strategies, IP Routing Infrastructure. • Skill Review Exercises o (If needed, install fake NICs on student computers.) If necessary, disable routing and remote access. Run the routing and remote access wizard. Select the network router option. o Student computers should be configured as routers from the last lab. Add RIP and configure the servers as RIP routers. o Define two neighbors for your RIP router. o Configure your RIP router to interact with a Windows NT 4.0 RIP router. o Install and configure OSPF. o If necessary, install fake modems on student computers. Disable routing and remote access. Run the routing and remote access wizard. Select the network router option, and configure a demand-dial router. ©2002 TestOut Corporation (Rev 11/02) 28 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  30. 30. Section 2-5: Enhancing the TCP/IP Design Preparation Window 2000 supports some enhancements to the TCP/IP protocol suite, which improve performance and ensure security. This section discusses the new features and how they can enhance TCP/IP design. Exam Objectives 302 Design a TCP/IP networking strategy. Vocabulary: IPSec, AH, ESP, IPSec default policies, Kerberos v5, public key certificate, preshared keys, HMAC, DES, Diffie-Hellman key agreement algorithm, TCP window size, SACK, ICMP router discovery, quality of service Focus Question: How can I further enhance my TCP/IP design? Time About 1 hour Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Discuss IPSec security features. o AH and ESP. o IPSec Process. o IPSec Default Policies. • Client policy. • Server policy. • Secure server policy. o IPSec key exchange methods. • Kerberos v5. • Public key certificates. • Preshared keys. o When would you use each of the IPSec key exchange methods? o Discuss IPSec protection methods. • HMAC. • DES. • Diffie-Hellman key agreement algorithm. o When would you use each of the IPSec protection methods? • Discuss features for enhancing TCP/IP performance. o Larger TCP window size. o TCP selective acknowledgment (SACK). ©2002 TestOut Corporation (Rev 11/02) 29 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  31. 31. o ICMP router discovery. o Disabling NetBIOS over TCP/IP. o Quality of Service (QoS). Lab/Activity Design Activity • Review your design requirements documents. Are there any parts of the network that require IPSec? If so, design an IPSec solution to enhance protocol security. • Review your design requirements documents. Would any of the TCP/IP performance and availability features help meet requirements? If so, add these features to your design. Assessment Check design notebooks. Homework Suggestions • Read Section 2-5 and take the section test. • Research the focus question for the next section. o What factors influence WAN design? • Go to http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/def ault.asp. Download and read Deploying QoS to Enhance Multimedia Network Performance. • Skill Review Exercises o Create a new IPSec policy. Accept the default response rule. Document the choices you make in the Wizard and explain what your policy does. o Add a new rule to your policy. o Disable NetBIOS over TCP/IP. ©2002 TestOut Corporation (Rev 11/02) 30 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  32. 32. Section 3-1: WAN Connections Preparation Wide area network (WAN) connections are used to connect remote users or sites. Although the actual implementation of a WAN design is beyond the scope of this course, students should have a basic understanding of the components required for WAN communications and the factors influencing WAN design. Prepare to provide details about the existing WAN environment and desired improvements. Estimate current bandwidth use if necessary. If possible, invite a network administrator to describe the existing environment and desired improvements. Exam Objectives 301 Modify and design a network topology. Vocabulary: demarc, WAN service provider, local loop, WAN cloud, analog network, digital network, T-carriers, dial-up, ISDN, DSL, T-1, remote access, VPN, bandwidth, persistence, cost Focus Question: What factors influence WAN design? Time About 2 hours Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Define basic WAN components. o Demarc. o Local loop. o WAN service provider. o WAN cloud. • Discuss basic WAN solutions. o Analog networks. o Combined digital and analog networks. o Digital networks. • Discuss common WAN transmission media. o Telephone line wiring. o T-carriers. • Compare some WAN connectivity options. o Dial-up. o ISDN. o DSL. o T-1. ©2002 TestOut Corporation (Rev 11/02) 31 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  33. 33. • Identifying WAN requirements. o Type and method of resource access. • Remote access. • Internetwork communication. • Internet access. • VPN through the Internet. o Characteristics. • Bandwidth. • Persistence. • Cost. • Selecting the WAN connection method. o Identify how users connect. o Identify link requirements. o Determine which services are available and at what cost. • Enhancing existing WAN connections. o Reducing cost. o Increasing bandwidth. o Increasing WAN availability. • Redundant devices. • Backup WAN link. • Separate WAN providers. o Increasing WAN performance. • Increase bandwidth. • Upgrade connection hardware. • Add links for BAP or load balancing. (BAP is covered in Section 7-1 of the Network Infrastructure Administration course. BAP allows multilink connections to be dropped and established dynamically. If all connections are in use and another connection request is made, one of the existing connections is dropped and made available for the new call.) o Increasing WAN security. • Increase authentication level. • Enforce strict passwords. • IPSec or VPN. • Packet filters. • Screened subnet. ©2002 TestOut Corporation (Rev 11/02) 32 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  34. 34. Lab/Activity Design Activity • Fill in details in the requirements documentation. o Document the WAN connections. Create a diagram that describes the physical network. Include: • Details such as the connection capacity and current bandwidth use. • Current cost of each connection. • Do you currently have remote access, connections between multiple networks, Internet access, and/or a VPN. o If necessary, identify desired improvements. Desired conditions may have been covered when you initially discussed requirements. • Do you need remote access, connections between multiple networks, Internet access, and/or a VPN? • Do you need to upgrade WAN connections? • If necessary, revise your desired outcomes document and readdress balancing of requirements. • Create WAN design document. o Include physical connections. Specify details such as the connection capacity and cost. o Include methods of resource access: remote access, connections between multiple networks, Internet access, and/or a VPN. • As you create your WAN design, consider ways to improve WAN availability, performance, and security. Assessment Check design notebooks. Homework Suggestions • Read Section 3-1 and take the section test. • Research the focus question for the next section. o How do I design the Internet connection for a network? • Analyze your WAN design, with respect to WAN availability, performance, and security. What changes would you make to improve the WAN design? • Investigate WAN connection costs. What is the monthly fee for dial-up, ISDN, DSL, and a T-1 in your area? ©2002 TestOut Corporation (Rev 11/02) 33 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  35. 35. Section 3-2: Internet Connectivity Preparation Connecting to the Internet is one of the most common reasons for needing a WAN connection. This section covers the specifics of designing an Internet connection for your network. This section assumes that you have already selected the physical connection to the Internet (dial-up, ISDN, DSL, or T-carrier). Be prepared to fill in details about current Internet connectivity and identify desired improvements. Exam Objectives 401 Design an Internet and extranet access solution. Components of the solution could include proxy server, firewall, Routing and Remote Access, Network Address Translation (NAT), connection sharing, web server, or mail server. 502 Design a virtual private network (VPN) strategy. 503 Design a Routing and Remote Access routing solution to connect locations. Vocabulary: routing, NAT, ICS, proxy server, VPN Focus Question: How do I design the Internet connection for a network? Time About 1 hour Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Review connectivity solutions. o Routing. o NAT. o ICS. o Proxy server. o VPN. • Discuss selecting an Internet connectivity method. o Routing. • Small to large networks. • Hosts must be able to respond to Internet-initiated requests. • Maximum flexibility. • Hosts running TCP/IP. ©2002 TestOut Corporation (Rev 11/02) 34 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  36. 36. o NAT. • Small- to medium-sized networks. • Automatic address assignment. • Few hosts need outside-initiated contact. • Hosts running TCP/IP. o ICS. • Single subnet. • Automatic address assignment. • Hosts running TCP/IP. • A Windows 2000 or 98 computer to run ICS. o Proxy Server. • Small to large networks. • Hosts running a variety of protocols. • The ability to restrict Internet access or contact by user or site. • Caching of Internet or Web server content. o VPN. • Secure end-to-end communications through the Internet. • Discuss designing routing access. o All hosts on the private network have a registered public address. o Internet router configuration. • Public IP addresses for all hosts. • Subnet private network. • Configure default route to point on the Internet. • Prevent router connected to Internet from sharing private routes. o Security is a concern. Implement: • Packet filters. • Proxy and firewall solutions. • Screened subnets. • Discuss NAT design process. o Identify private address range. o Design address allocation. o Design name resolution. o Enable public access. • Discuss NAT design guidelines. o Majority of private hosts need Internet access, but do not need to be contacted from the Internet. o Registered public address for the NAT router. o Select a private network address. o When using the NAT router to assign private IP addresses, make sure no other DHCP servers are on the private network. o The NAT router has only limited DHCP capabilities. o If the private network has multiple subnets, use DHCP servers, enable DHCP forwarding, or configure DHCP relay agents. o When using the NAT router to assign private IP addresses, enable DNS forwarding or configure each host with the DNS preferred server. ©2002 TestOut Corporation (Rev 11/02) 35 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  37. 37. o To enable Internet hosts to contact specific private hosts, configure address mappings or port mappings. o Obtain a registered IP address for every private host that must be contacted from the Internet. o Implement proxy or firewall services for maximum security. Lab/Activity Design Activity • Fill in details about current Internet connectivity and add them to your design requirements documentation. • Identify desired improvements. Desired conditions may have been covered when you initially discussed requirements. • If necessary, revise your desired outcomes document and readdress balancing of requirements. • Design the Internet connectivity for your network. Will you use routing, NAT, ICS, proxy server, and/or a VPN? If your needs include proxy server or remote access, you will design these solutions in later sections. o Create a diagram showing Internet your connectivity design. Identify device placement, IP addresses, and connection types. Assessment Check design notebooks. Homework Suggestions • Read Section 3-2 and take the section test. • Research the focus question for the next section. o How do I design a proxy server solution? • Go to http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/def ault.asp. Download and read Creating a Business Partner Extranet Connection and Connecting a Branch Office Using L2TP. • Skill Review Exercises o Configure a Windows 2000 router to route between an internal network and the Internet. o Install and configure a NAT router to route between an internal network and the Internet. ©2002 TestOut Corporation (Rev 11/02) 36 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  38. 38. Section 3-3: Proxy Server Preparation Microsoft's Proxy Server is an integrated Internet firewall, caching, and management solution for securing and enhancing Internet access. Proxy Server 2.0 runs on Windows NT 4.0 or Windows 2000. Its successor, Microsoft's Internet Security and Acceleration Server (ISA), runs on Windows 2000 and offers greater Active Directory integration. This section discusses configuring a proxy server solution. Exam Objectives 401 Design an Internet and extranet access solution. Components of the solution could include proxy server, firewall, routing and remote access, Network Address Translation (NAT), connection sharing, web server, or mail server. Vocabulary: Internet access control, protocol translation, caching, server proxy, redirector, gateway, screened subnet, proxy array Focus Question: How do I design a proxy server solution? Time About 1 hour Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Discuss proxy server features. o Internet access control. o Protocol translation. o Caching. o Server proxy. • Discuss designing proxy server placement. o Proxy server as a redirector. o Proxy server as a gateway. o Controlling Internet access. o Creating a screened subnet. o Creating an internal screened subnet. o Providing protocol/architecture translation. o Caching Internet content. o Caching web server content. o Caching internal content. • Discuss designing proxy client configuration. o Proxy client software. o Default gateway. ©2002 TestOut Corporation (Rev 11/02) 37 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  39. 39. o Compare client solutions. • IE 5.x. • MS Proxy Client software. • SOCKS. • Default gateway. o Describe proxy server client services. • Web proxy. • SOCKS proxy. • WinSock proxy. • Discuss enhancing security with proxy server. o A proxy server provides: • Packet filtering based on source/destination address, protocol, and port. • Domain name filtering. • User access restrictions through local or Active Directory groups. • Web server read and publishing controls. o Increase the security of the proxy server. • Place it within a screened subnet. • Restrict physical access to the server. • Run only necessary services on the physical system. • Discuss enhancing proxy availability and performance. o To optimize caching. • Configure the caching method. • Increase the cache size. • Configure hierarchical proxies. o To improve availability. • Server arrays or clusters. • Round robin DNS. • Microsoft's Network Load Balancing. Lab/Activity Design Activity • If your needs include proxy server design a proxy server solution for your network. o Include proxy server placement and client configuration in your design documentation. o You plan should include information about security, availability, and performance. ©2002 TestOut Corporation (Rev 11/02) 38 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  40. 40. Assessment Check design notebooks. Homework Suggestions • Read Section 3-3 and take the section test. • Research the focus question for the next section. o How do I design a remote access solution? • In the Deployment Planning Guide – Complete read Chapter 7, Determining Network Connectivity Strategies, External Connectivity Within and Organization and Windows 2000 TCP/IP. ©2002 TestOut Corporation (Rev 11/02) 39 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  41. 41. Section 3-4: Remote Access Preparation Your network infrastructure design will include remote access if you have traveling users, users who work from home, or users who connect from distant locations. This section covers topics related to remote access design. Exam Objectives 401 Design an Internet and extranet access solution. Components of the solution could include proxy server, firewall, routing and remote access, Network Address Translation (NAT), connection sharing, web server, or mail server. 501 Design an implementation strategy for dial-up remote access. 502 Design a virtual private network (VPN) strategy. 503 Design a Routing and Remote Access routing solution to connect locations. Vocabulary: dial-up remote access, voluntary VPN, compulsory VPN, authentication, encryption, tunneling protocol, PPTP, L2TP, remote access policies, remote access conditions, connection manager, RADIUS, IAS, RADIUS client, RADIUS server, authentication domain Focus Question: How do I design a remote access solution? Time About 1 hour Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Selecting the connection method. o Identify: • Number of concurrent remote users. • Location of remote users. • Resources that remote users need access to. • Connection and total bandwidth required to support remote users. o Balance the connection characteristics with their cost. • Remote access hardware costs. • Installation costs. • Connection charges. o Select the connection method. • Dial-Up remote access. • Voluntary VPN. • Compulsory VPN. ©2002 TestOut Corporation (Rev 11/02) 40 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  42. 42. o Summarize the characteristics of each connection method. • Dial-Up remote access. • Voluntary VPN. • Compulsory VPN. • Remote access server configuration. o Remote access hardware. • Dial-up: identify the number of concurrent users and the bandwidth requirements to identify the number of modem ports. • VPN: existing Internet connection must handle traffic caused by the remote users. o Consider these factors: • Remote Access Resources. • Remote Access Server Placement. • Address Assignment. • Protocol Support. • Name Resolution. o VPN connection design includes: • Port Configuration. • Firewall Integration. • Authentication and encryption levels. o Authentication. • EAP, MS-CHAP v1, MS-CHAP v2, CHAP, SPAP, PAP. o Encryption. • MPPE, IPSec. o Tunneling Protocol. • PPTP, L2TP. o Remote access client support. • Review remote access policies. o Conditions. o Permissions. o Profile settings. o Review rules used to identify and apply remote access policies. o Policy design guidelines: • For a policy to be applied, the connection characteristics must match all conditions. • Policies are checked in order. • If the connection is denied no other policies are checked. • Policies are stored on each remote access server. o To have similar policies on multiple servers, create the policy on each server or use a RADIUS server. • AD mixed mode and standalone servers: permissions controlled through user accounts. • AD native mode: permissions controlled through user accounts or remote access policy. ©2002 TestOut Corporation (Rev 11/02) 41 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  43. 43. • Remote access client configuration. o Client configuration settings. o Connection Manager. • Review how RADIUS works. o RADIUS server. o RADIUS client. o Remote access client. • RADIUS design decisions. o RADIUS client/server placement. o RADIUS client/server configuration. o Authentication domain. • Discuss enhancing the remote access design. o Increasing remote access security. o Increasing remote access performance. o Increasing remote access availability. Lab/Activity Design Activity • If your needs include remote access, design a remote access server solution for your network. o Include the connection method, server configuration, authentication, and encryption levels. o What remote access policies do you need to design? Will everyone have access, or is access limited to select users? Will access be limited by time of day? o What client configuration settings are required? o Will you use RADIUS? • Your plan should include information about security, availability, and performance. Assessment Check design notebooks. Homework Suggestions • Read Section 3-4 and take the section test. • Research the focus question for the next section. o How do I use DHCP to automatically configure client computers? • Go to: http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/def ault.asp. Download and read Connecting Dial-up Remote Access Users to an Intranet, Connecting Remote Users Across the Internet Using PPTP, and Connecting Remote Users Across the Internet Using L2TP. ©2002 TestOut Corporation (Rev 11/02) 42 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  44. 44. • Skill Review Exercises o If necessary, install fake modems on student computers. o Run the Routing and Remote Access Setup Wizard. Configure your server as a remote access server. Configure the server to assign IP addresses from the static address pool of 192.168.10.50 to 192.168.10.100. o Configure a RAS server to use a DHCP server for client IP configuration. o Use the Network Connection Wizard to connect to a RAS server (Dial up to a private network option). o Create a group called Sales. Create a remote access policy that allows members of the Sales group to connect to the RAS server between 6:00 AM and 10:00 PM. Record procedure in lab notebooks. o Configure user account properties to always call a user back at 555-1111. o Configure a profile to disconnect users after 30 minutes of idle time. Restrict the maximum session to 3 hours. o Configure a profile to allow multilink access. o Configure a profile to allow smart card authentication. o Configure a policy on an IAS server. o Configure a RAS server as a RADUIS client. ©2002 TestOut Corporation (Rev 11/02) 43 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  45. 45. Section 4-1: DHCP Concept Review Preparation You can use the Dynamic Host Configuration Protocol (DHCP) to automatically configure hosts on a network with IP addressing information. This section reviews DHCP. Be prepared to fill in details about existing DHCP services and identify desired improvements. Exam Objectives 303 Design a DHCP strategy. Vocabulary: DHCP, scope, address range, exclusions, reservation, lease renewal, superscope, server level option, scope level option, reserved client level options, class level option Focus Question: How do I use DHCP to automatically configure client computers? Time About 2 hours Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • DHCP scopes. o Address range. o Exclusion. o Reservation. o Discuss reasons to reserve specific IP addresses. • DHCP lease duration. o Default lease is 8 days. o Review lease renewal process. • Superscopes. o You can use multiple scopes on a single physical subnet. o Why create superscopes? • Non-contiguous IP addresses. • Add more computers to subnet, but limited available IP addresses. • Replace existing address ranges with new address ranges. • DHCP client options. o Review common parameters. • 003 router, 006 DNS servers, 105 DNS Domain Name, 044 WINS/NBNS Servers, 046 WINS/NBT Node Type. ©2002 TestOut Corporation (Rev 11/02) 44 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  46. 46. o Control options/parameters delivered to each client using levels. • Server level options. • Scope level options. • Reserved client level options. • Class level options. Lab/Activity Design Activity • Fill in details about existing DHCP services and add them to your design requirements documentation. • Identify desired improvements. Desired conditions may have been covered when you initially discussed requirements. • If necessary, revise your desired outcomes document and readdress balancing of requirements. Assessment Check design notebooks. Homework Suggestions • Read Section 4-1 and take the section test. • Research the focus question for the next section. o How do I design an IP addressing strategy and DHCP options? • In the Deployment Planning Guide – Complete read Chapter 7, Determining Network Connectivity Strategies, Windows 2000 DHCP. • Skill Review Exercises o Install DHCP on student computers. o Authorize the servers. o Make sure the lab is disconnected from the rest of the network before you proceed with this exercise. Create a scope. o Create a client reservation. o Change the lease duration on the existing scope. o Set a DNS server address as a server level option. o Set a different DNS server address as a scope level option. Which DNS address will be used by the client and why? o Create a superscope. o Create a multicast scope. ©2002 TestOut Corporation (Rev 11/02) 45 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  47. 47. Section 4-2: Designing Address Allocation Preparation All TCP/IP hosts are identified by an IP address. As part of the infrastructure design, you should plan how IP addresses are assigned to each host. This section covers selecting an IP addressing strategy and designing DHCP options. Exam Objectives 303 Design a DHCP strategy. Vocabulary: APIPA, DHCP relay agent, multihomed DHCP server Focus Question: How do I design an IP addressing strategy and DHCP options? Time About 1 hour Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Selecting the Address Assignment Method. o Manual. o Manual DHCP. • Reservations. o Automatic DHCP. o APIPA. • 169.254.x.y, 255.255.0.0 o Discuss selecting the address assignment method. • Identifying DHCP server placement. Discuss the implications of each placement strategy. o DHCP at each location. o Multiple DHCP servers on a single subnet. o Single DHCP server for multiple subnets. • Designing DHCP for multiple subnets. o By default, DHCP broadcasts are not forwarded through routers. o DHCP server on each subnet. o Forward DHCP broadcasts. o DHCP relay agent. o Multihomed DHCP server. • Configuring DHCP servers. o When designing a scope. • Create a scope for each subnet. • Identify exclusions. • Identify reservations. ©2002 TestOut Corporation (Rev 11/02) 46 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  48. 48. o Discuss using superscopes. • Identifying DHCP client options. o Identify options to deliver to each client or group of clients. o Determine the option level. o Determine the lease length. o Identify clients with limited or no DHCP support. • BOOTP clients. • Non-DHCP clients. Lab/Activity Design Activity • Design IP address allocation for your network. o Identify computers that will be configured manually, via DHCP reservations, and via DHCP. o Identify DHCP server placement. o If you are serving multiple subnets, how does your design address this issue? o Identify the scopes to be used on your DHCP servers. o Identify scope options. Assessment Check design notebook. Homework Suggestions • Read Section 4-2 and take the section test. • Research the focus question for the next section. o How do I improve my DHCP design? • Go to http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/def ault.asp. Download and read DHCP Configuration for a Multiple Subnet Environment. ©2002 TestOut Corporation (Rev 11/02) 47 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  49. 49. Section 4-3: Enhancing Address Allocation Preparation For most networks, you will need to modify your DHCP design to improve security, availability, and performance. This section covers enhancing the DHCP design. Exam Objectives 303 Design a DHCP strategy. Vocabulary: distributed scope Focus Question: How do I improve my DHCP design? Time About 1 hour Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Designing distributed scopes. o Multiple DHCP servers with scopes for the same subnet – distributed scopes. o Recommendations for creating distributed scopes. • Multiple DHCP servers on the same subnet (50/50). • Multiple DHCP servers on different subnets (80/20). • DHCP Relay Agent settings for distributed scopes. • Enhancing DHCP security. o DHCP security and Windows 2000 groups. • DHCP Users. • DHCP Administrators. o DHCP server authorization. • If Windows 2000 DHCP server not authorized, it can’t hand out IP addresses. o DHCP security in a screened subnet. • Long leases. • Minimize size of scope. • Create client reservations. • Enhancing DHCP availability and performance. o Availability. • Add servers. • Server clustering. ©2002 TestOut Corporation (Rev 11/02) 48 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  50. 50. o Performance. • Multihomed server. • Upgrade server hardware. • Add servers. • Modify lease length. Lab/Activity Design Activity • Review your initial DHCP design. Does the design adequately address the following issues? Update the design as necessary. o Distributed scopes. o Security. o Availability. o Performance. Assessment Check design notebook. Homework Suggestions • Read Section 4-3 and take the section test. • Research the focus question for the next section. o What is the role of DNS in a Windows 2000 network? ©2002 TestOut Corporation (Rev 11/02) 49 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
  51. 51. Section 5-1: Host Names and DNS Review Preparation The principle method for identifying resources on a Windows 2000 network and on the Internet is by using host names that conform to the Domain Name System (DNS) standard. This section reviews DNS and its role in a Windows 2000 network. Be prepared to fill in details about existing DNS services and identify desired improvements. Exam Objectives 304 Design name resolution services. Vocabulary: domain name space, fully qualified domain name, public DNS namespace, private DNS namespace, Active Directory DNS namespace, forward lookup, reverse lookup, zone, zone delegation, root hint, forwarder, standard zone, Active Directory-integrated zone, standard zone synchronization, Active Directory-integrated zone synchronization Focus Question: What is the role of DNS in a Windows 2000 network? Time About 1 hour Lecture Tips • Start with the focus question. Do students have any questions about the material they have studied? • Review host names and the DNS naming standard. o Internet domain namespace. o Fully qualified domain name. • Discuss namespaces on a Windows 2000 network. o Public DNS namespace. o Private DNS namespace. o Active Directory namespace. • Review DNS servers, lookups, and resource records. o DNS servers. • Windows NT 4.0, Windows 2000, BIND. o Forward lookup. o Reverse lookup. o Locating Active Directory with SRV records. o Manual resource record registration. o Dynamic resource record registration. ©2002 TestOut Corporation (Rev 11/02) 50 Designing a Microsoft Windows 2000 Network Infrastructure (70-221)

×