WingSonghas hired you as computing consultant. Your job is to create a Windows infrastructure proposal. WingSong produces Wind turbines.Your proposal needs to meet the following criteria.
- The company will have 3 locations (New York, Chicago, and Washington) but are planning to grow rapidly due to high demand in Wind turbines. Main staff will be at Boise and Washington offices.
- Data security is priority.
- The Chicago site needsa secure remote access to Washington office.
- The WAN connectivity is in place and it is not an issue. There is ample bandwidth in place.
- Feel free to make other assumptions but they need to be noted in the paper.
- Will this be an expensive task?
Topics to Cover:
Your document should cover the content presented in the course. The outline below contains recommended points to cover. You are free to add other related information.
Describe the technical and business reasons for each choice, citing other resources as appropriate. The Windows Server 2012 operating system should be used for all aspects of the solution.
- What forest/domain model should WingSong implement? What is the domain name?
- Where should the domain controllers be place? Should RODC be part of the consideration?
- FSMO Roles placement
- Plan for AD backup and recovery
- What type of authentication method will be for WingSong? (For example pins, token, and etc)
- Is Group Policy needed?
- What settings might be considered via Group Policy?
- What are some advance audit policies that can be used?
- What will be the fully qualified domain name?
- What namespace should WingSong implement?
- What types of zones needed?
- How will the shares be secured? ( What kind of methods?)
- Will quotas be used? FSRM be configured?
- Will DFS be implemented?
- What technology will be implemented to provide secure remote access for users?
- Who should have remote access?
- If you use a VPN connection which type will you use?
- How will the servers and clients be updated?
- How will new servers be deployed?
There are specific requirements for the assignment: The final submission should contain at least 6 pages’ worth of text written by the student (not counting title page, images, diagrams, tables, or quotations), but may be longer, not to exceed approximately 10 pages’ worth of student-supplied text. (With the required diagram, and other images, title page, etc., the final submission may end up being more than 10 pages in length.) It must be double-spaced, have 1-inch margins, and use 12-point Times New Roman or 10-point Arial/Helvetica font. A title page is required; APA format for the title page is optional.
- At least one original diagram must be included (not counted towards the minimum length described above). You can have more.
- Ensure that your paper how no extra white space between paragraphs.
- The submission must cover all of the 6 major topics outlined above. Each choice should be explained with technical and business reasoning. The solution should be reasonably detailed.
- The structure of the final submission is flexible. There is no specific format required, although it should be organized logically and represent a single, unified solution. It is likely that the format will include separate sections for each of the 6 topics required, as well as a summary.
- At least one non-textbook, non-LabSim, non-Wikipedia reference is required; preferably, this would be a “best practice” guide or similar content from Microsoft or an experienced provider of Microsoft solutions. A minimum of 4 references.
- Be sure to properly quote or cite any sources used. APA format is required for in-text citations and the list of works cited at the end. It is expected that you are already familiar with UMUC’s “Policy on Academic Dishonesty and Plagiarism.” It is available in the Academic Policies section of the Syllabus; there are also links in the Webliography. In its simplest form, if you are using text from a source, you must cite and/or quote it. If plagiarism is found, then there will be a penalty to the grade.
CMIT 370 Windows Network Proposal Sample Project
WingSong is a wind turbines production company that is located in three locations that include Washington, Chicago, and New York. The company is planning to grow swiftly in the future as a result of rapidly growing demand of wind turbines. The company has managed to develop a WAN connection to link the three company’s premises in different cities. The company main staff will be situated in Washington and Boise offices. Boise is found in Idaho State, which neighbors Washington. To be able to serve its customers and purpose effectively and to be recognized as the leading wind turbines system, WingSong need to adjust its self to be among the leading technology based companies in the industry. It should improve its competitiveness by being able to manage its daily duties, research and development, designs, finances, sales, customer accounts, IT duties, and all other business operations. The company is going to learn its network operations using Windows Server 2012. This is the most important Windows Server platform release, with new innovative user interface, improved Windows PowerShell support, powerful novel management tools and numerous new features in the virtualization, storage, and networking. Window Server 2012 has the ability to assist IT to deliver more while cutting cost.
The company is located in three locations, with an extra office in Boise, which is separate from the office in Washington. Thus, four locations will be considered in this case. The company will therefore be in need a total of eight servers. The company will contain the Dynamic Host Configuration Protocol (DHCP) and Domain Name Server (DNS) servers in every location. DHCP refers to a client protocol which automatically gives an Internet Protocol (IP) host containing its IP address as well as other associated configuration information that include default gateway and subnet mask. DNS on the other hand is a phone book internet equivalent. It maintains domain names directory and translate these names to IP addresses. This will make a total of four servers based on the fact that Boise office will also receive this server. The company will also have four more servers located in the New York office where main staffs are located. The two of these servers will be used for the company’s recordings including the company’s files and information shared from different locations. The two other servers will act as backup one for the files servers and the other for the DNS and DHCP, in case any fails.
All the eight servers will execute Window Server Datacenter. Window Server Datacenter refers to a server operating system which allows a computer to address network duties that include file server, printer server, web server, and domain controller. They will also serve manifold server obligations. These servers will assigned to various obligations that include storage and file services, windows deployment services, printing and fax services, window server update services, remote access, remote desktop services, application servers, and right management active directory services.
Active directory store network components information and it permits client to establish objects in its namespace; place where component of a network can be situated. The company should utilize regional domain model. In this model all data object in a domain is duplicated to all domain controllers found in that domain. Consequently, in case a forest involves a huge number of users, who are spread across various geographic locations linked by WAN, the organization require deploying regional domain to lower traffic triplication over the WAN connections. This domain model allows the company to uphold a stable setting over time. In this case, state boundaries will be used to ensure that any other expansion is accommodated as per state. In case another office is opened in the state that already exist, that office will act as a child of the first office, and the naming will be based on the town. It will act as a grandchild of the root domain. In this case, the forest root domain for the company will be WingSong. This will act as the parent domain after which the parent will have three main children. Each child domain will be identified based on the location (Zacker, 2014).
The domain controller will be placed in what would be considered as headquarter of the company which is New York. However, as the company grows and starts having the grand children, the company will establish regional domain control which will either be regional. Regional in this case means a center that controls three or four states based on the level of expansion. This will assist in minimizing the domain controller of the company network system. Writeable domain controllers will only be situated in places where the physical security is highly guaranteed. However, where this security will not be assured, read-only domain controller (RODC) will be deployed. This will ensure no unnecessary changes are made in case unauthorized individual access the database. The company will consider enhancing its physical security which includes using modern security technology such as biometric technology to protect the domain controller (McLean, 2012). Those regions without such measures will be considered insecure ad hence only RODC will be deployed and all changes will be made in the company’s main office. At the moment, the RODC can be employed in Chicago and New York that seems to be less developed compared to the Washington office. Flexible single-master operator (FSMO) can be employed at the moment as the company operations are not extended beyond what one controller can hand. This role should be maintained in some aspects that include the databases that hold the company’s products designs. FSMO is good for critical operations and to safeguard the latency or conflict introduction which could be developed by multi-master updates. Having a one-operation master implies that the relevant of FSMO owner role must be available, discoverable, and online on the network via computers which must perform FSMO-dependent functions (Technet.microsoft.com, 2017).
The company will back up its active directory as section of system state, a system components collection which relies on one another. The company will together back up the components of system state together. To enhance effective AD DS back up, the company will need to store system volumes (SYSVOL), the active directory database (NTDs.dit), and system files on separate volumes which do not have any other application data, operating system, or user. For domain controller, the company will conduct regular system state data backups by use of the wbadmin state systemstatebackup command (Technet.microsoft.com, 2017). Backup volume will be created on a dedicated external or internal hard drive. Moreover, local volume will be used as a backup target to store a backup of system state on a network. The backup will then be copied to the shared backup folder. The best active directory authentication method is RSA PIN code. In this case one has to login using the verified PIN. PIN is considered to be more secure since it is only the owner who has it. Although token is randomly generated and can only be used once, it can be accessed by anyone who can manage to access the registered mobile phone or email, which can easily get to the wrong hands through hacking or stealing. Thus, it is not very trusted. A personal PIN with good password strength would serve as a good alternative (Technet.microsoft.com, 2017).
Group policy is an infrastructure which allows the server administrator to specify controlled configurations for computers and users via group policy preferences and group policy settings. For group policy settings that impact a local use or computer only, one can use editor of local group policy. Group policy is very important in the organization since it will assist in defining the company users, network, and security policies. This assists in ensuring the same level of security, software, application and networking operations at the machine level. The organization will be highly extensive. However, it will require a high level of uniformity in various system aspects. This can only be enhanced by developing group policies. Group policy can consider nine main settings which include account policy, public key policies, local policies, file system, event log, registry, restricted group, system services, and IP security policy mostly on active directory (Stanel, 2012).
Account policy is highly important and it involves other policies that include password policy, Kerberos authentication policy, and account lock out policy. The policies selected in this aspect impact the help desk support needed level for users and the network security attacks and breaches vulnerability. Local computer policies include audit policy; security options ad user rights assignments. All these policies focus on enhancing effective functioning of the system. The company will also employ advanced audit policies which focus on ten main security aspects. They include account logon, global object access, system, account management, privilege use, detailed tracking, policy change, DS access, object access and logon or logoff. The auditing involves 53 subunits in the ten mentions main auditing areas. This ensures that the security measures are well implemented as per the standard and as per the company’s security policy. The auditing of these features ensures that maximum security measures are employed in the organization entire network system (Technet.microsoft.com, 2017).
The company forest domain root should be identified as WingSong. Its full domain name should thus be WingSong.com. The domain name space is presented in a hierarchical manner where the root domain is placed at the top. This will act as the parent domain after which the parent will have three main children. Each child domain will be identified based on the location. For instance in this case, the company has three main locations including New York, Chicago, and Washington. The child domain in this case will be labeled as NY.Wingsong.com, CG.WingSong.com, and DC.WingSong.com respectively. The company will have a private network and thus, the domain name will only be visible in the company. In case there will be new offices opened in other cities in a state where a child domain has been named, then the new offices will act as the grandchildren of the root domain and as children of the existing children. This will highly depend on the company’s rate of grow. Establishment of an office in a new state will add to the company’s children. Each child domain or subdomain contains authority of its domain namespace and it is responsible of naming, subdividing, and administering the DNS computers and domains within its namespace portion. The geographical domain namespace will be used where the region and the root domain name will be combined to create subdomain name as shown above. The domain namespace will appear as follows:
- Region (Chiago CG, New York, NY, and Washington, DC)
This creates the NY.Wingsong.com, CG.WingSong.com, and DC.WingSong.com domain space names. DNS zone refers to any contiguous, distinct portion of the DNS domain namespace, where administrative role has been given to one manager. The company in this case will use a secondary zone, to ensure that the aspect of security and prevention of data modification in places where the security is not sufficient is limited. In secondary zone, the DNS server has the ability to read though, not to update data on a secondary zone. This zone is a duplicate of a primary zone hosted by another DNS. The zone is updated and obtains through transfer of zone from a different server. A text file which is read-only is employed to locally store information. A DNS server in this case has an upper hand on the records stored on a secondary zone.
The permission to share and access resources that include volume or folder based on windows server 2012, are established by the permission of local NTFS for the resource as well as the protocol employed to access the shared resource. The security of the shared file will be enhanced by server message block protocol (SMB) which controls access by giving or denying permissions to the groups and individuals users. This will ensure that none of unauthorized individuals will be allowed to access the shared fire other than those who can manage to demonstrate their right to access the files by passing the authentication challenge. The system will employ quota management to enhance space management and data classification. Quota will enhance limiting the space which is permitted for a folder or volume, and can be applied automatically to new folders, which are developed on a volume (McLean, 2012). The file server resource manager (FSRM) will as well be configured to allow system administrators to keep track of how storage is being utilized and to control the utilization of their storage by creating storage reports, using quotas to folders and volumes as well as screening server files. The system will also use distributed file system enhance the access of shared files in the company. Although the company does not have so many files to bring the complexity of search, the company is intending to keep on expanding and it may in future add to its files servers. DFS will make it easy for the company to manage today and in the future. Moreover it will enhance fault forbearance for the network shares (Technet.microsoft.com, 2017).
The best remote access technology to use will be web application proxy. This technology offers functionality of reverse for web applications in the corporate network to permit users to access the system from outside the network of the company by use of any device. The technology enhances pre-authentications before the device is permitted access to the company’s web application by the use of AD federation services (FS). It also works as a proxy of AD FS. The remote access will only be provided to the company users who include the employees and the manager; only those who can manage to access the system in the company (Technet.microsoft.com, 2017). Company’s employees and those in the management will be permitted for remote access just to ensure that they can perform their work elsewhere other than the office. The remote technology used will ensure that users with the need of remote access are not restricted by their devices, but by their ability to authenticate their right to access the system. The most suitable form of VPN to use in this case is the Remote Access VPN. This is connection permits users to link to a private network and get entry to its resources and services remotely. The link between the private network and the user takes place via the internet, and the link is private and highly secure. This connection will permit workers to easily access the company system; including resources and files, while travelling remotely on a private network, without compromising on its security (Zacker, 2014).
Windows Server 2012 provides Window Server Update Services (WSUS), which permit for distribution and download of windows servers and clients. The WSUS will get updates that are appropriate for the system, which include Microsoft SQL SERVER and Microsoft Office and distribute them to the suitable devices for update. To enhance this, the WingSong will have to get a single WSUS server which will focus on downloading updates; both clients and servers from the Microsoft and distribute these downloads to computers which are configured to get those updates automatically (Stanel, 2012).
The server may be configured to allow administrators assessment of the updates before they are installed into the system. The WSUS deployment process will involve checking on the system requirements including the hardware requirements. The administrator should then focus on planning on the best way to configure the server to serve the needed purpose and ensure that its performance is highly optimized. The server hosting WSUS will be joined to the organization domain. Simple WSUS deployment will be employed since the company is not too large to demand multiple deployments. Window internal database will suit well for the company’s deployment of WSUS. For WSUS installation, the admin will need to access Server Manager and chose add features and roles command located in the manage menu. This will be followed by launching of the added features and roles wizard. Normally, it is important to bypass all wizards while configuring any aspect of Windows Server 2012 or any other. Manual configuration should always be adopted since it provides the admin to include critical and specific details regarding the unique network and system. Similarly, this rule will be applied here and thus, the admin will bypass the wizard, and select the featured-based or role-based installation option at the installation type screed and move forward manually (Posey, 2015).
Windows Server 2012 has more added features compared to all the previous versions. In this regard, the admin should focus on utilizing most of the advanced feature to help the company enjoy the added advantage of using this system software. The report have maximized on the best possible technologies to ensure that the system installation and configuration provide the best that the company can get from the Windows Server 2012.