Deployment and Administration of Windows Server 2012

WINDOWS SERVER 2012 10

Deploymentand Administration of Windows Server 2012

CaseStudy: WorldwideAdvertising, Inc. (WAI)

Deployand Administer Windows Server 2012

Deploymentand Server Editions

Inthe case scenario presented, three servers will be needed. These areActive Directory (AD), Domain Name System (DNS) and Dynamic HostConfiguration Protocol (DHCP) servers.

TheAD server acts as domain controller or member server and is thecentral repository that stores all objects within the enterprise, andall the respective attributes. AD is a multi-master database thatstores millions of objects. In Worldwide Advertising Inc., AD will beinstalled in Los Angeles location, from where the databases forvarious departments will be accessed regardless of whether the domaincontroller for the departments is disconnected or connected to thenetwork(Finn,2013).

DNSis critical to resolving the human-readable hostnames into IPaddresses that can be easily read by the machine for each new sitevisited. DNS server will be required in WAI to enhance lookupprocesses. This server will be installed in New York.

TheDHCP server will be used in providing automatic IP addresses to allcomputers configured in the network so as to obtain the addresses. InWAI, the DHCP server will be installed in Los Angeles. This will helpin central management of IP addresses and other related informationto the various departments automatically. The DHCP allowsconfiguration of the network settings for the server rather thanconfiguring all the computers for each employee(Stanek,2012).

Normally,Windows Server 2012 comes in three editions standard and datacenter, low-end editions, and specialist editions. In WAI, datacenteredition will be used as they it is feature-complete, but the othersdo not come with exclusive features. Also, datacenter edition offersunlimited virtual instances in VMs on host server.

Forthis reason, since WAI will use data center edition, Hyper-Vwill be needed in virtualizing the networks. TheHyper-V helps in working with the virtual machines. In our case, thevarious departments` operating system can be added at this stage,with all the necessary software installed. The users of virtualmachines can be able to access the information in the ActiveDirectory after generalization. Also, Hyper-V helps the usersnavigate through their department, and any other department asaccorded access(Stanek, 2012).

Indeploying the servers, Windows Deployment Services, WDS will be used.

Figure1: ServerDeployment

TheWDS allows the integration of the active directory containing all thedepartments. The features in WDS allow for deployment of serversthrough first renamingthe server, joining the domain and disabling all the host firewalls.The IP settings of the server and windows update should beconfigured, ensuring that all the system restart settings arespecified. The security configuration of internet explorer should bedisabled and time zone settings configured, while ensuring that theserver is enlightened. This helps in ascertaining that the operatingsystem has the appropriate drivers to enhance virtualizationcapabilities(Lynn,2012).The remoteinstalled location on C-drive or a secondary hard drive can be usedfor storage. After checking the DHCP servers, the images can be addedand installed. The operating systems that are not required may bedisabled to prevent users from installing them. All programs fordeployment, including the roles for the various departments, will becaptured for deployment in this server.

DNS

TheDNS namespace design can either be external, visible by internalusers, or internal, accessible to computers and users within theinternal network, particularly after deploying the DNS namespace.Administrators and data managers play a major role in maintaining andmanaging the DNS namespace(Stanek, 2012).Since the WAI will be using Active Directory, the design fornamespace will be critical. This implies that before any properimplementation of DNS domain space, the structure for the ActiveDirectory should be availed. The AD domains take the names of theDNS. For this reason, the choice of the DNS name for use in Activedirectory domains must use the registered names for the DNS that arereserved for use on the Internet.

COM

WORLDWIDE

Public Namespace

Private Namespace

CORP

NEW YORK

LOS ANGELES

Creative/Media/

Production

Acc and Sales

Creative/Media/

Production

Executive

HR &amp Finance

Executive

IT

IT

Acc and Sales

HR &amp Finance

Figure2: WAI Network organized using location/countries as fourth-leveldomains and Departments as fifth-level domains.

Forinstance, if the registered namespace for WAI is worldwide.com,then the internal namespace will be worldwide.corp,or AD.worldwide.comfor the external namespaces. For security purposes, employees arerequired to remember the FQDS, with one of the domain names used whenaccessing internal network resources in remote locations, and theother used for direct network connections. Conflicts may arise if theextranet is set exclusively for external users and internal users tryto connect to the server through use of external FQDN(Finn, 2013).

Domainname will, therefore, be worldwide.comfor the internet web, creating a delegated domain corp, serves asroot for all the internal network, and to acts as the root for theActive Directory that contains data for all the departments. For thisreason, starting with this domain corp.worldwide.com,it is possible to create fourth level domain using the code for NewYork and Los Angeles. Within these two domains, the fifth-leveldomains can be created for each department.

Figure3: DNSSplit

Fromthe DNS split above, one pair is located on the intranet while theother is located on the DMZ servicing Internet. The two sets of DNSin the split design are not the same as corp.net zone in betweenthem, and each split holds a primary and secondary zone for thecorp.net.

Onthe other hand, the second DNS server handles the domain after themain server goes down and fails to work. The second DNS server isalways ready for service and is critical in balancing the networkloads. While the master DNS performs updates automatically, thesecond DNS server is the exact clone of master DNS and act as standby(Finn, 2013).

ActiveDirectory

WAIhas five departments in each of its two different locations. Thisimplies the need for more than one domain due to different passwordrequirements across the various departments, the increased number oftasks for each employee, more replication controls and thedecentralized network administration(Finn,2013).For this reason, the ID domains will be five while the names of thedomains will be at least five. Though the use of a single domain forthe entire network is advantageous, multiple domains may beconsidered in order to meet the additional security, scalability orreplication requirements(Finn,2013).

Forthis reason, to handle replication, the read-only domain controller(RODC) can help in replicating updates from the domain partition onlyfrom a writable domain controller in Windows Server 2012. TheRODC will enhance physical security in remote locations for theservers. Server holds read-only data for the AD data store. Hence,RODC will ensure that the data confidentiality is not compromised,and is crucial in enforcing Password Replication Policy (PRP)(Stanek, 2012).

Normally,AD uses store-and-forward replication method that communicatesdirectory changes to the second domain controller, which thencommunicates across the other domain controllers in the network(Lynn, 2012).The first domain controller in the forest acts as a major storage forglobal catalog, while the second domain controller act as standby. Inthe network that hosts multiple domains, the first domain assumes therole of the master roles while the second domain controller acts as astandby operations master. On the other hand, when all the domaincontrollers within the forest root domain do not have any globalcatalog servers, all the operations of the master roles are moved tosecond domain controller within the forest root domain, ensuring thatit is not configured as global catalog server, since the first domaincontroller is the infrastructure master and always a global catalogserver. Hence, not placed on domain controller unless the otherdomain controllers available are global catalog servers. The thirddomain controller within the forest root domain is configured to actas standby controller.

Theactive directory provides Active Directory Sites and Services snap-inthat allows performance of all configuration activities that arepertinent to the sites. Opening the snap-in gives the Inter-SiteTransports and Subnets, as well as the Default-First-Site-Name wherethe Active Directory is installed. The configuration allows creationof sites, addition of the domain controllers in the sites andassociation of the IP subnets with the specific sites(Stanek, 2012).

Fileand Printer Sharing

ForWindows Server 2012 and Hyper-V installed, as in this case of WAI,the users may experience problems when they need to open the adminshares from the server(Stanek,2012).This is because the printer and file sharing are, by default,disabled. However,this can be solved by typing in the command

netshadvfirewall firewall set rule group=”File and Printer Sharing”new enable=Yes

Thiswill be done in command prompt to allow the users reach the adminshares on Hyper-V 2012 and Windows Server 2012. The user is promptedto choose the protocol for the new share. This can either be SMB orNFS. Each provides multiple profiles from which to choose from. TheSMB share quick provide the fastest way of creating SMB file share,especially for Windows-based computers(Lynn, 2012).The SMB share-advanced offers some additional options that configurethe SMB file share. Mostly, SMB share application allows file sharesettings that are appropriate for the Hyper-V, databases, and otherserver applications. The NFS quick share allows for the fastest wayof creating NFS file while the NFS advanced share provide additionaloptions for configuring NFS file share.

FileServer Resource Manager (FSRM) in Windows Server 2012 helps inclassifying and managing the data in file servers. The features areconfigured using Microsoft Management Console. These features includefile classification infrastructure that automates the processes andprovide a better approach to data management. The file managementfeature helps in applying the conditional policies or actions basedon classification. The quota management feature enables theadministrators limit space used for the folders, while storagereports enable the identification of the trends in disk usage(Lynn, 2012).

TheDistributed File System (DFS) technologies will be implemented inWindows Server 2012 to perform the roles of the file services. Thetwo major child roles of DFS include Namespaces and Replication(Stanek, 2012).

References

Finn,A. (2013). WindowsServer 2012: Hyper-V Installation and Configuration Guide.Indianapolis, IN: John Wiley &amp Sons.

Lynn,S. (2012). WindowsServer 2012: Up and Running.Sebastopol, CA: O`Reilly Media.

Stanek,W. R. (2012). WindowsServer 2012: Pocket Consultant.Redmond, WA: Microsoft.

Related Posts

© All Right Reserved