The proposal recommends deploying 4 Windows Server 2012 R2 servers across two office locations to support 90-200 employees over 2-3 years. Two servers would be at the Los Angeles headquarters, handling core services like Active Directory, DNS, DHCP and file sharing, while the other two at the New York branch would provide backups. Active Directory would use a single domain spanning both sites, with OUs for each department and security groups to control access. DHCP and file sharing would also be segmented by department.
Windows Server Deployment Proposal For Worldwide Advertising, In.docx
1. Windows Server Deployment Proposal For
Worldwide Advertising, Inc.
Proposed By: Jermaine Nicholson
10/20/15
This Windows Server Deployment Proposal will include
potential network infrastructure solutions that will
accommodate all factors needed for the establishment of
Worldwide Advertising, Inc to have a strong infrastructure. This
proposal will provide the details that will go into account for
the implementation and configuration of the Windows 2012
Servers along with the roles and features that these server will
provide so that the network infrastructure meets the needs for
WAI now and take in consideration for company growth for the
next 2-3 years. The proposal will also include the technical
reasons for the choices we’re presenting, as well as the business
reasons so you can take into account the cost of implementing
these proposed solutions.
We took into account that WAI will begin with roughly 90
employees and we assume that the company will continue to
roughly 150-200 employees over the next 2-3 years. So this
proposal will be tailored towards this assumption. We are also
2. taking into account the two locations, Los Angeles (being the
Headquarters) and New York (being the branch office). We are
proposing that we introduce 4 servers, with all four hosting the
Windows Server 2012 R2 Datacenter edition, to be deployed
across these two locations. Two servers will be located at the
Headquarters in Los Angeles and the other two will be deployed
in the New York office.
The two servers at the Los Angeles location will be the main
servers used for the core I.T network services, such as DHCP,
DNS, Active Directory, and File Server (these services will all
be explained later in this proposal). One of the two servers at
both locations will solely be used as a backup server for fault
tolerance, in case the main server goes down for whatever
reason. The backup server will be configured the same way as
the primary server would with all of the roles and features as
the primary, but will only be used in the event of an outage to
the primary server.
The deployment method of these servers would be to manually
build the primary server from scratch at the Headquarters, then
we will used a script from the primary to automate the
deployment process of the backup server. This way we know for
sure that the both servers at the Headquarters will both be
configured in a uniform manner. We will also manually deploy
the primary branch server since they will host different roles
and features than the HQ servers, then use a script to deploy the
backup. The branch servers will be configured with Server core
as a security measure, it minimizes the risk of potential hackers
trying to find loopholes in the branch sites networks.
Windows Server 2012 Features
When it comes to implementing a network infrastructure from
the ground-up, it takes patience and thorough configuration to
make sure that no steps are missed, if not would result with
major network problems down the road. This being said,
Microsoft latest product Windows Server 2012 has made it so
easy to configure the core services needed to build a corporate
network infrastructure from the ground-up, it would be pretty
3. difficult to miss a configuration step during the deployment
process.
One amazing feature offered from Microsoft that will be
implemented with this network infrastructure design will be the
Hyper-V role. This feature will single handily eliminate a ton of
hardware space in your server closest in addition to saving you
money on purchasing additional servers to host company
applications, and other network resources. With the addition of
Hyper-V you can consolidate the all network resources to a
single server, or two, by placing all of your network roles inside
of VMs on the physical server. There’s isn’t a need to have a
single server that’s only dependent on performing one task and
wasting unused hardware resources (HD space, CPU, and
RAM). You can now accommodate and make sure that all of
these resources are being used, which again, will maximize
company cost savings. Also, with the Datacenter version of
Server 2012 R2, you wouldn’t have to worry about any
licensing issues for virtualization, so as your company gets
bigger over the next 2-3 years, you can implement multiple
VMs to accommodate any new applications that could be
introduced into your organization (TechNet, n.d). For the sake
of the network design we will introduce 4 VMs, there will be
two individual VMs that will combine the roles of DNS and
Active Directory, one will be the DHCP server, and the other
will be a dedicated Network File Server. In addition to this
feature, Windows Server 2012 introduces Server Manager,
which allows your IT staff to manage the local and remote
servers from a single location, so there’s no need in having IT
staff onsite in both of your site locations to manage the servers
even though you stated having someone from each of your
departments at your New York location, this could eliminate the
possibility of having someone physically there managing the
server. (Otey, 2011).
Active Directory
WAI OU Structure
4. We will create one domain preferably, (corp.wai.com) that will
span across both sites. We assume that the WAN connection
between both the L.A. and N.Y. sites will be a pretty decent
speed, so we will configure both servers (Primary & Backup) at
the L.A location to be a Global Catalog Domain Controllers
within virtual machines, this way users at the HQ site won’t
have no time delay authenticating to the domain and accessing
network resources. We will configure the branch server
(Primary & backup) as Read-Only Domain Controllers, reason
being the small amount of people that will be located at the site.
From a technical perspective it improves security, improves
faster logon times and offers a more efficient way of accessing
resources on the network. From a business perspective, this
ensures that your staff are all able to logon to their workstations
without any issues and are able to get their work completed for
the day. We will also configure replication to occur on these
configured virtual domain controllers, so that for whatever
reason (i.e You hire new staff, fire staff, change staff to
different departments, add more computers to the organization,
etc) these changes within Active Directory will be consistent at
both locations, so your staff that travel to N.Y and vice versa to
L.A won’t have any problems logging onto the network and
resources.
We also are taking into consideration the fact that certain
departments want to have their data private, so we decided to
consider structuring each department (Executives,
Accounts/Sales, Creative/Media/Production, Human
Resources/Finances, and IT) to have their own organizational
units within Active Directory, as well as creating a subdirectory
OU for the department’s workstations. This way we can
configure the Account tab of each user to only logon to the
workstations within their department:
This is the Account tab of a user in the Account_Sales OU,
where they’re only allowed to logon to the Account_Sales1
computer.
5. With this configuration we can adjust the account tab of all
user’s within the organization to only logon to the machines
that are deployed in their departments, this would surely
eliminate your staff from trying to login to unauthorized
departmental computers. Of course we will grant the IT staff the
right to login to every computer within the domain.
As another security measure for your company we will create
global security groups for each department, add the user’s in
each department to the global security group, then create a
domain local security group & add that global security group
within that. This way when we need to assign permissions to
grant your staff to certain network resources, they will be either
granted or denied access. This will prevent your staff from
accessing files that they have no business in. We will talk more
about network resources a little later, and how we will
configure everyone to access what they need to see to get their
job done. (Group Scope, 2014)
Users Global Security Groups Domain Local Security Groups
Assign Permissions
(The structure of grouping like user’s together & assigning
permissive access based on their group and what they can
access.)
File Sharing
As presented earlier we will structure the security groups and
add your staff to their specific department groups, we assume
that there will need to access files shared on the network for
collaborative purposes or even reference documentation for
their job duties. So we are considering creating a file share
server within a Virtual machine which will be hosted on the
main company server located in Los Angeles. We will also
deploy the Branch Cache role onto the server at the New York
location, even though we assume that you’ll will have a fast
WAN connection from L.A to New York, this will help reduce
6. network traffic for your offsite employees connecting back to
file server.
“After a client computer requests and receives content from the
main office and the content is cached at the branch office, other
computers at the same branch office can obtain the content
locally rather than downloading the content from the content
server over the WAN link.” (TechNet/Branch cache, 2014)
This would ensure that your employees have the most recent
copies of files and to mitigate any issues with version control,
where your staff are accessing old documents, saving the old
documents and overwriting the latest ones. The flow of business
will not be disrupted too much. Listed below is the file share
structure for your organization. We’ve broken down the shares
with three primary folders, Public Folders where your staff can
save data that could benefit the organization as a whole such as
training documents or other collaborative files; Departmental
folder where we will create sub-folders for each department,
these folders will only be accessed by the members of that
department utilizing the FSRM (File Source Resource Manager)
feature and enabling access-based enumeration (ABE). ABE is
configured on the properties of the folder, in this case we will
configure it on each departmental sub-folder, then add NTFS
permissions to departmental Domain local groups to these
folders, this will ensure that the user’s only see their
departments share folder under the Departmental share. Another
good security measure to keep your staff from accessing
unauthorized files in other departments. We assume space won’t
be a problem within your organization, so we won’t configure
disk quotas to limit your user’s disk space, this could always be
configure later down the road as your company expands and
more employees are hired, you should want to limit disk usage
per user. We will in fact implement File Screening, to monitor
what type of files your employees are saving within their
personal folders on the Private User Data share and on the
Public Folders share. You don’t want to compromise your
companies sensitive data with a chance a user saving a
7. malicious executable file on the file share server, this would
certainly be detrimental to the business functions of the
company.
WAI File Share Structure
*Subfolders for each department
IT
Creative_Media_Production
Accounts_Sales
Executives
Share where everyone has a personal folder to save their data to
on the network.
Private User Data
HR_Finances
Departmental
Folder where everyone in the company can place files to
collaborate amongst themselves.
Public Folders
Application Deployment Services
With this organizational structure, it helps with the development
of applying group policies, all departments would have the
essential work applications deployed to them such as Microsoft
Office suite, Antivirus software, Adobe Acrobat and reader, etc.
We assume that each department will also be having specific
applications needed that other departments don’t need. With this
organizational unit structure, it surely helps with your IT staff
managing and deploying these applications across the
departments. The way to deploy the department specific
8. software would be to create a package within group policy
object that has the .msi file (Microsoft installer filer), and
install that software to the workstation within the department
that needs it. This eliminates the need to walk around with an
installation disc and manually adding the software to the
computers in the organization (Uhing, 2012). This greatly
reduce time and effort by ensuring that all workstations in the
environment have the necessary applications to perform their
job roles & streamlining the business as a whole.
DHCP
For the IP address assignment to the clients and server within
the organization, we have decided to configure each department
with their own scope within the DHCP server. There will be 5
scopes total for all five departments. We assume that there will
be growth in the future as the company expands, so we will
configure these scopes to have the necessary IP address range to
accommodate the companies user’s now and down the road. We
understand that for the time being there will be 9 hosts within
the Executive department, 15 hosts within the Account/Sales
department, 49 hosts within the Creative/Media/Production
department, 12 hosts within the HR & Finance department, and
5 hosts within the IT department. We will configure the scope’s
address range to accommodate 3x times what the department
will currently have. We will assume that the routers in the
environment will be configured properly so that these devices
can communicate with one another whenever they need to do so.
In the table below is the potential IP addressing scheme that
will be configured for the organization for the main site. The
branch site server will have the DHCP role installed to deploy
IP addresses to the machines located there. The private IP
addressing scheme will be configured to host a maximum of 30
hosts, since there will only be about one person per department
at the branch site, this is ample amount of addresses to deploy
to the workstations as well as the network printers there. The
network printers at both the main site and branch site will all
have reserved IP addresses, this will ensure that the printers IP
9. addresses will never change. The servers will be given static IP
addresses, as well as the routers for the given subnets. These
addresses will be excluded from the scope range so that they
won’t be delivered accidently.
W.A.I IP Addressing Scheme
Department
# of hosts needed now
Address Range that will be Implemented
Subnet Mask & CIDR
# of hosts the scope can accommodate
Creative/Media/Production
49
192.168.0.1 – 192.168.0.254
255.255.255.0 /24
147
Accounts/Sales
15
192.168.1.1 – 192.168.1.62
255.255.255.192 /26
62
HR & Finance
12
192.168.1.64 – 192.168.1.126
255.255.255.192 /26
36
Executives
9
192.168.1.129 – 192.168.1.158
255.255.255.224 /27
30
IT
5
192.168.1.161 – 192.168.1.190
255.255.255.224 /27
15
10. In this proposal we’ve covered the necessary factors that should
be considered when developing a network infrastructure from
the ground-up, we truly appreciate you looking and reading over
this proposal and taking it all into consideration. We’re honored
that you’ve come to us to look over your networking
infrastructure needs and would consider us in the
implementation of it all. We hope that you will acquire our
services for we will be sure that all technical and business
aspects of your company are surely met.
REFERENCES:
Otey, M. (2011, October 17). Windows IT Pro. Retrieved from
http://windowsitpro.com/windows-server-2012/top-10-new-
features-windows-server-2012
Uhing, A. (2012). Deploy MSI's through your network with
GPO. Retrieved December 2, 2015, from
https://community.spiceworks.com/how_to/8595-deploy-msi-s-
through-your-network-with-gpo
Group scope. (2014, October 1). Retrieved December 2, 2015,
from https://technet.microsoft.com/en-
us/library/cc755692(v=ws.10).aspx
BranchCache Design Guide. (2009, November 4). Retrieved
December 2, 2015, from https://technet.microsoft.com/en-
us/library/ee731918(v=ws.10).aspx
Windows Server 2012 Standard License and VMs. (n.d.).
Retrieved December 2, 2015, from
https://social.technet.microsoft.com/Forums/windowsserver/en-
US/02388f19-796c-4d20-8511-c124ac91ad41/windows-server-
2012-standard-license-and-vms?forum=winserver8gen
11. 13
Windows Server Deployment Proposal
Professor Jared Spencer
CMIT 369 Installing and Configuring Windows Server
Elizabeth Schulz
October 4th 2015
12. CONTENTS
Summary………………………………………….
…………………………...…...3
New Features of Windows Server
2012…………............................................…...4
Deployment and Server
Editions…………………………………………………..4
· How many total servers are needed?
· What edition of Windows will be used for each server?
· Will Server Core be used on any servers?
· Where are each of the servers located?
· How will the servers be deployed?
Active
Directory………………………………………………………………
……..6
· Number of AD domains?
· Will there be any Read-Only Domain Controllers?
· How will AD sites be configured?
· How will AD organizational units be organized?
DNS and
DHCP…………………………………………………………………
……8
· DHCP scope design
· DNS namespace
Application
Services………………………………………………………………
….9
· How will applications be deployed?
· Which software applications will likely be needed?
13. File and Printer
Sharing……………………………………………………………..9
· What shares might be needed?
· DFS Needed?
· How will quotas/FSRM be configured?
Man Power/Scheduling
estimates…………………………………………………...11
Conclusion………………..…....................................................
..................................11
References……………………………...………............................
..............................12
Summary
With today’s businesses relying so heavily on technology it is
important that your new company develops the correct Windows
network infrastructure the first time. That being said it is also
important to make sure that the infrastructure is reliable, secure
and well managed. All businesses have different requirements
and environments but they all have the need for an IT
organization that can help them reach their goals. After
reviewing the companies requirements I have decided on what I
believe will give you the best overall infrastructure.
In this proposal I will talk about what kind of new features of
Windows server 2012 that WAI can take advantage of. I will
also list the deployment plan and what editions I plan to use.
Active directory, DNS and DHCP, application services and file
sharing and print services are also important topics and will be
included in this proposal. Each of these characteristics will have
an impact on the overall infrastructure of the company.
14. The recommendations made are based on research data and the
requirements of your company. They will both save your
company money and improve your company in the long run.
With the Windows Server 2012 deployment your company will
be set up for success with the newest technologies.
New Features of Windows Server 2012
The new features of Windows Server 2012 that WAI can take
advantage of are:
· Server management: A console that allows system
administrators to have a view of all their servers and the health
of them in one location. It also allows the system administrators
access to all the tools required for daily management. This will
make the job of the system administrators at your company a
little easier.
· Server Core: As mentioned later in the paper windows server
2012 allows you to the option to switch between a server core
installation and a GUI installation. Server core is a minimal
installation that uses a command line to manage the server. It
will protect your network by reducing the attack surface,
require less management and be more reliable. If you need the
GUI to manage an application you can switch to the GUI to
manage it and then switch back to the server core when you are
done.
· Data Deduplication: Disk space can be expansive and most of
the time hard to come by. This feature will allow you to reduce
15. your storage needs by getting rid of duplicate copies of files
and just saving one copy of the file.
Deployment and Server Editions
The general rule for how many servers a company should have
is for every 10 employees there should be a server. With the
company stating that they will be starting with 90 people I think
it is safe to assume they plan on growing in the near feature. To
leave some room for the growing company the total number of
servers that will be needed is 10. There will be 6 located at the
Los Angeles office and 4 located in the New York office. Each
server requires a license so we will have to purchase 10
licenses.
The roles that will be combined are DHCP and DNS, file and
print services on one of the New York servers. All servers will
have Windows Server 2012 installed on it. Since there was no
mention of any virtualization needs we are going to install the
Essentials edition on all servers. This will give the company
Simple administration, no virtualization rights and 25 accounts
per server (Lowe, 2012).
With Windows 2012 you can switch between the full
installation, Server Core and MinShell whenever you want. The
full installation comes with the full graphic interface Windows
Server has always had. Server Core comes with a minimal
command line/Windows PowerShell interface. MinShell comes
with the core OS installed with the ability to run basic GUI
administrative tools such as Server Manager or the Microsoft
Management Console (MMC) Computer Management snap-in.
We will start out with a full installation to make sure that
everything gets configured to your liking. After we have had a
chance to run it and fix anything that needed fixing we can
switch all servers to Server Core to make them more secure,
reliable and reduce the amount of management required (Deuby,
2013).
The servers will be deployed in the following locations with the
16. following roles. The servers are deployed in this manner to
provide fault tolerance and availability to every application that
each site might need.
Server
Roles
Location
Server1
AD primary
Los Angles
Server2
AD Secondary
Los Angles
Server3
DHCP primary & DNS primary
Los Angles
Server4
Application Services & WDS
Los Angles
Server5
File & Print services
Los Angles
Server6
DHCP secondary &Web services
Los Angles
Server7
AD RODC
New York
Server8
DHCP & DNS secondary
New York
Server9
File & Print services
New York
Server10
Web services & Application services
17. New York
All of the servers and operating systems will be deployed using
WDS (Windows Deployment Services) to make the installation
process smoother. WDS not only will save the company money
but will also dramatically reduce the number of man hours
required for the installation and the chances of mistakes
happening. To do this we will use a standalone server with WDS
installed on it. By using Windows System Image Manager
(Windows SIM) to create an answer file we will be able to use
windows Setup to install Server 2012 and all settings listed in
the answer file (Microsoft, 2013). Deploying these servers
would take approximately 3 days and require 2 system
administrators.
Active Directory
Active Directory is the backbone of every organization. A crash
of your AD could cause loss of productivity, excessive man
hours to troubleshoot and rebuild and loss of data. With that in
mind we want to make sure that we have enough domain
controllers set up for fault tolerance.
We will deploy three Active Directory servers. The two main
domain controllers will be located at the Los Angeles office and
the RODC will be located at the New York office. The RODC is
a read only domain controller that will provide active directory
services without the security risk. The RODC will create a fault
tolerance so if both of the main office DCs fail the data will
still be available on the RODC. If the RODC fails the data will
still be available on the two AD servers in the main office.
Each AD will have a dedicated server for increased
performance. In order for replication to occur we will first
create the sites for the AD domain controllers at both sites.
Then the subnet needs to be created for both sites. Now we can
create a site link that will connect the two sites so replication
can occur. Active Directory Sites and Services tool will be used
18. to configure the WAN link to connect the two LANs.
The AD organizational units will be organized first by site then
by departments. Each of the following departments will have its
own organizational unit, Executives, Accounts and Sales
Department, Creative, Media and Production Department,
Human Resources and Finances and IT. GPOs will be created
and applied to each OU and then linked to active directory.
Along with having their own folder each department will have
permissions assigned to their folder to make sure that only
authorized users have access. The main system administrator
will have access to all folders so they can manage permissions.
Deployment and setup of active directory will take
approximately 4 hours with one system administrator.
DNS and DHCP
DHCP hands out IP addresses to clients and is essential for
connecting to the internet. Because DHCP are so important we
will configure for fault tolerance and load balancing. The DHCP
scope design will involve 2 DHCP servers at the Los Angles site
and 1 DHCP server at the New York site. All of the DHCP
servers will be put into failover load balance mode. All of the
DCHP servers will be configured in load balance mode. With
this set up if one server fails the other will take over. If they are
all working properly then they will share the load balance. A
scope with the address range of 192.168.1.2-192.168.1.110 will
be created.
DHCP reservations will be used for all servers within both sites
so they will get the same IP address every time. This will speed
up the response time from the server and make sure that users
will not have any issues finding the servers. The lease times
will be in the default 8 day increments to ensure that there will
be plenty of IP addresses available at all times. Deploying the
19. DHCP servers should take approximately 3 hours with two
system administrators.
DNS servers map domain names to IP addresses. If DNS were to
fail the users would have a hard time connecting to any
websites. There will be one server located at each site. By
having one server at each site the chances that both will go
down at the same time is low. This will provide fault tolerance
and thus making sure that the clients will have access to
websites. Using an internal private domain the DNS name space
design will include la.wai.localhost as the parent and
ny.wai.localhost as the child. Split DNS will be set up with two
different scopes. One for the internal DNS records and one for
the external DNS records. These scopes will be hosted on the
same DNS server. This will keep the information on the internal
DNS server secure from issues such as foot printing. To set up
these scopes policies need to be created and implemented so
each name resolution request that is sent is evaluated against
the policies on the DNS server. If the server interface on which
the query has been received matches any of the policy, the
associated zone scope is used to respond to the query
(Microsoft, 2015). Deploying and configuring the DNS servers
would take approximately 4 hours with two system
administrators.
Applications Services
Applications will be deployed using group policy. Using group
policy the applications will be installed a lot faster and with
fewer errors. First we have to create a shared folder and put the
MSI file into the shared folder. Next we create a GPO and add
all the computers or users that we want to deploy the
application to. We will choose to assign the application to the
clients so we know that everyone has access to it. Now we can
update the GPO to finish the process.
Software applications can boost productivity in your business
20. and save you time and money. Because the company is just
starting out and relatively small I recommend starting off with a
few of the basic applications and adding more as needed The
applications that will likely be needed are: Google Chrome to
allow access to the internet, Kaspersky Small Office Security
4.0 for antivirus protection, QuickBooks accounting software
for the accounting department and Microsoft office to create
documents, spread sheets and power points. Application
services can be installed in approximately 5 hours with one
administrator.
File and Printer Sharing
There will be a total of two file servers and two print servers
deployed between the two sites. One file server and one print
server for each site. We will enable the file and printer sharing
feature on all four of the servers. By having two file servers and
two print servers we can ensure that files and printers will be
available at all times with fault tolerance. The file servers can
be deployed in approximately 1 day with two administrators.
We will start out with five shares created with SMB share quick
for the following departments, Executives, Accounts and Sales
Department, Creative, Media and Production Department,
Human Resources and Finances and IT. Since some departments
will want their data to remain private from other departments
we will enable file and printer sharing with NTFS permissions
to restrict access to each of the shares. As a best practice
administrators will assign the least amount of access needed to
each user to do their job. Access-based enumeration will be
enabled for all users except the administrators. This will allow
users to see only the folders that each user has access to. Shares
can be created in about 4 hours with one administrator.
Distributed file system or DFS will be used to organize the
shared resources on the network. With DFS employees at both
sites will be able to access shared folders with each other. DFS
Namespaces will be used to enable you to group shared folders
that are located on different servers into one or more logically
21. structured namespaces. DFS Replication will be used to enable
you to efficiently replicate folders across multiple servers and
sites (Microsoft, 2013).
FSRM or File server resource manager will be used to manage
the quotas and all data stored on the file servers. Quotas will be
created for each department using the quota template. To start
out each user will get a set amount based on their needs such as
500 MB each. Soft quotas will be set so they won’t lose the
ability to save data if they are over their limit but will still be
notified when they are at 95% of their storage capacity. To
remind users that they are nearing their limit notification limits
will be set to the default. If any special circumstances or
changes need to be made later the quotas can be changed.
Quotas are important because otherwise employees will be free
to use as much disk space as they want. FSRM will also be used
to create storage reports for the administrators so they know can
watch the trends and know when the storage is reaching its
capacity. For file screening management I would create a file
screen for executable files saved to the server. Executable files
should only be saved by administrators because they alter the
system. Also I would set email notifications to the
administrators if any unauthorized files were saved. FSRM can
be configured in approximately 2 hours with one administrator.
The print servers will be managed using the print management
console. The print server will be set up with V4 printer drivers
so that we will not have to install the print drivers on all of the
clients. V4 printer drivers will also make sharing the printers a
lot easier. We would deploy the print servers using group policy
so that we can make sure that each user or group has access to
the printer in their office. Print servers can be deployed in about
5 hours with one administrator.
Man power/scheduling estimates
Each section was given an estimate of approximately how long
it would take to complete the task. Overall I estimate the total
job to take about 2 weeks with 3 administrators on the job.
Conclusion
22. Each of the above topics are important in their own way but as a
whole they will make your business smoother to run. Windows
Server 2012 has a good amount of new features that will appeal
to your users and administrators. With the standard edition
being deployed to all the servers your company will have the
latest technology available. Active Directory is the backbone of
every organization and has been set up in a way that will make
it highly reliable. DHCP and DNS are essential for connecting
to the internet and will keep your company productive.
Applications will be used to increase productivity for the users.
The file and print servers will make saving or retrieving files
easier and printer to network shared printers a breeze. With the
recommendations in this proposal your company will start out
on the right foot.
23. References
Deuby, S. (2013, March 1). Windows Server 2012 Deployment.
Retrieved from Windows IT Pro:
http://windowsitpro.com/windows-server-2012/windows-server-
2012-deployment
Lowe, S. (2012, July 6). Microsoft announces four Windows
Server 2012 editions: What you need to know. Retrieved from
TechRepublic: http://www.techrepublic.com/blog/data-
center/microsoft-announces-four-windows-server-2012-editions-
what-you-need-to-know/
Microsoft. (2013, November 13). DFS Namespaces and DFS
Replication Overview. Retrieved from TechNet:
https://technet.microsoft.com/en-us/library/jj127250.aspx
Microsoft. (2013, October 20). Windows Setup Scenarios and
Best Practices. Retrieved from TechNet:
https://technet.microsoft.com/en-us/library/hh825163.aspx
Microsoft. (2015, May 12). Split-Brain DNS Deployment Using
Windows DNS Server Policies. Retrieved from TechNet Blogs:
http://blogs.technet.com/b/networking/archive/2015/05/12/split-
brain-dns-deployment-using-windows-dns-server-policies.aspx
Running Head: WINDOWS SERVER DEPLOYMENT
PROPOSAL1
WINDOWS SERVER DEPLOYMENT PROPOSAL9
Windows Server Deployment Proposal
24. CMIT 369 7981 Installing
and Configuring Windows Server
Lester Brent
Introduction
The business infrastructure that a business invests in is critical
in its success and management in today’s world. Information
technology is at the core of all business activities in the
advertising industry and the success of WAI is hinged on its
ability to deploy and manage the correct windows that will help
in streaming the activities of the business. The correct
configuration and management of the server can be determined
through counter checking on the security, reliability and
efficiency of the accompanying infrastructure of the business.
The strength of the IT department at WAI can only be as good
as the infrastructure that it will run and manage. The various
requirements and needs for WAI demand that the chosen server
and its deployment be in tandem with its business activities and
enable seamless communication and synchronization between
the New York and Los Angeles offices. This proposal has been
prepared with the intent to deliver the best results for the firm
in respect to the infrastructure.
This proposal looks at the features of Windows Server 2012 and
how the firm can utilize these features to drive growth and
productivity at both the New York and Los Angeles offices.
The proposal also presents the deployment plan of the server
and the edition to be used, active directory, DHCP and DNS and
sharing services such as printing and sharing. The various
features analyzed in the proposal are based on the available
infrastructure of the company.
The proposal presented here is specific to the requirements and
the business scenario of the company. The proposal has been
developed with the objective of enabling efficiency, reducing
business costs and giving the firm a platform through which it
25. can take advantage of the latest applications and technology in
the industry.
Windows Server 2012 New Features
There are several features in Windows Server 2012 that are now
available and didn’t exist in earlier version of Windows Server
(Morimoto et al., 2012). The firm in various ways as described
below can use these features of functions.
Data de-duplication: One of the most precious aspects of the
server is the disk space, which is difficult to get in most
scenarios. In some instances the difference between efficiency
and lack of the same is based on how well the disk space is
managed. Through this feature the firm can save only one copy
of a file, as the server will help it to flag and delete duplicate
copies that reduce disk space.
Server Management: The system administrator’s role is to
ensure that the health of all the servers is at requisite levels.
The server management tool enables the system administrator to
view the entire server and manage them from one place thereby
increasing the speed at which conflict in the system are
resolved.
Server Core: The server core is what allows the installation of
the server without going through many steps and procedures and
uses a command line. Windows Server 2012 allows the
administrator the opportunity to easily move between the GUI
and server core installation. The feature to easily switch
between these two installation protocols protects the network by
reducing the number of avenues through which an attack can
take place.
Server Editions and Deployment
The number of services and employees in a firm dictate the
number of servers that the firm should have ("Windows Setup
Scenarios and Best Practices", 2016). The functions that a firm
26. expects to execute on its network are what mainly dictate the
editions of the server deployed with the number of users
dictating the number of servers. In the best case and for
efficiency it is ideal to have about ten users or employees per
server, which means that the company will require about ten
servers to cater for its 90 employees. The need for ten servers
instead of nine is to cater for future growth in the projected
period of two to three years. Given that there are two locations
the one with the most employees needs to get the most of the
servers and the other one needs to have some functions
combined. In the proposed set up there will be six servers at the
Los Angeles office with the remaining four being put at New
York. To run the ten servers it is required that each of them
does get a license meaning that ten licenses will be purchased
for this installation. For efficiency some functions that have to
be combined include file sharing and DHCP/DNS for the servers
in New York. The servers will run Windows Server 2012 that
will give the company an east way to administrate all of them.
The ten servers that will be deployed in the two offices will be
dependent on the roles that they are to perform. The installation
and designation of roles for the servers is done with a view of
ensuring minimum faults and to increase the availability of the
services hosted for different site requirements.
New York Servers: Application and Web services, DHCP &
DNS secondary, Print & File services, AD RODC.
Los Angeles Servers: AD primary, AD secondary, WDS &
Application services, DHCP primary & DNS primary, Web and
DHCP secondary, DNS primary & DHCP primary.
The installation will be done using Windows Deployment
Services for efficient installation and to facilitate correct
configuration. The stand-alone server that has a WDS
installation will be used with help of an answer file configured
with Windows System Image Manager. This would require a
period of about three days when the task is done by personnel of
two.
Active Directory
27. Disruptions in the business can be costly especially in the event
that an active directory does crash. Domain controllers are used
as fault tolerance and the set up dictated here takes of it. In the
infrastructure three active directories and two domain
controllers are required. The best scenario would be two have
the domain controllers at the less busy site, which is New York
with the LA hosting RODC. This ensures security as the RODC
is read only. To ensure that that all active directories perform at
their optimum they will be assigned dedicated servers. The
configuration will be such that each site for AD domains is
created and subnets to link them created. WAN link will
connect the two LANs as configured in the AD sites (Finn,
2013).
The figure below shows AD organization that is dictated by
the number of sites and departments based on organizational
structure. The permissions or level access that each user will
have will be based on their departments and the level of access
that they should have to control the servers (Morimoto et al.,
2012). The IT administrators have access to all folders and
services. This configuration and set up is expected to take
approximately four days when done by a single administrator.
DNS and DHCP
DHCP is responsible for assigning IP addresses to the users in
the network to enable them access to the Internet. The site with
a lower number of users i.e. New York will have one DHCP
server with LA getting two. To ensure smooth operations and
efficiency the servers will be configured to address failover
load to ensure that where one server is unable to provide
services the other one takes over its functions. This means that
when the servers are working at optimum capacity they will
balance the load between them. DHCP reservation will be used
to facilitate their IP addresses and to ensure that users can
locate them easily ("Split-Brain DNS Deployment Using
Windows DNS Server Policies", 2015). The DNS server is
28. responsible for mapping IP addresses and domain names. Each
site will have one DNS server to provide tolerance for clients
trying to access the sites. The scope of the DNS will be
configured in such a manner that they will evaluate the name
resolution request is always checked against the DNS server
policies. The deployment and configuration of the DNS server
should take four hours when two administrators are on site.
Application Services
Group policy will be used in the deployment of all applications
as this has a better chance for fewer errors. This is to be done
by creating a shared folder, create a GPO and have computer
and applications added to it, then the applications will be
assigned to clients on the network and the GPO is then updated
to complete the set up. In the initial set up just a few
applications are needed to run, as the firm doesn’t have many
tasks. Applications are added with time and the recommended
basic one include an antivirus, preferably Kaspersky, a browser
e.g. chrome and accounting software e.g. Quick Books and
Microsoft Office. Applications don’t take ling to install with
about seven hours being sufficient to install and configure them
all.
File and Printer Sharing
File sharing and printing is one of the most essential services in
the set up. A total of four servers are to be deployed between
the two services. This means that it is easier to provide the
services to all users taking into account the possibility of faults
that could cripple the services. The installation will be done by
having the different departments allocated shares and taking
into consideration the privacy level of various departments such
as Finance (Shinder, Diogenes, & Shinder, 2013). The privacy
will be ensured by the creation of the NTFS file system
permissions. This ensures that various users have access to what
29. they are authorized to even though they are all on a shared
server. DFS is exploited in the organization of the shared
functions or resources, which will facilitate sharing of folders
between users. FSRM will be used to manage the departmental
quotas and manage the space allocated to various departments
("What's New in DFS Replication and DFS Namespaces in
Windows Server", 2016). The amount of space allocated to
users will be based on their needs. The other function that will
be used is the management console for print services. This
could be deployed in approximately six to seven hours.
Conclusion
Windows Server 2012 is one of the most versatile server
management software available for businesses that is easy to
configure and ensures a great deal of control to the system
administrators. The new features available also guarantee that
there is less likely chance of the servers being compromised
with various controls for both the services within the LAN and
over the WAN. The deployment procedures provided here
ensure that WAI can take full advantage of the servers and be
able to grow as the business grows and the number of functions
increases.
References
Finn, A. (2013). Windows server 2012 hyper-v installation and
configuration guide. Indianapolis, Ind.: Sybex.
Morimoto, R., Noel, M., Droubi, O., Abbate, A., Yardeni, G., &
Amaris, C. (2012). Windows Server 2012 unleashed.
Indianapolis, IN: Sams.
Shinder, T., Diogenes, Y., & Shinder, D. (2013). Windows
server 2012 security from end to edge and beyond. Amsterdam:
Elsevier.
Split-Brain DNS Deployment Using Windows DNS Server
Policies. (2015). Blogs.technet.microsoft.com. Retrieved 16
April 2016, from
30. https://blogs.technet.microsoft.com/networking/2015/05/12/split
-brain-dns-deployment-using-windows-dns-server-policies/
What's New in DFS Replication and DFS Namespaces in
Windows Server. (2016).Technet.microsoft.com. Retrieved 16
April 2016, from https://technet.microsoft.com/en-
us/library/dn281957.aspx
Windows Setup Scenarios and Best Practices.
(2016). Technet.microsoft.com. Retrieved 16 April 2016, from
https://technet.microsoft.com/en-us/library/hh825163
Letter of Transmittal
MEMO
Date:March 22, 2015
To: Executive Management Team, Worldwide Advertising, Inc.
(WAI)
From:Gary Pollard, Pinnacle Network
Solution
s (PNS)
Subject: Windows Server Deployment Proposal
Attached is a recommendation proposal Pinnacle Network