Windows Server Deployment Proposal

Windows Server Deployment Proposal

Assignment Requirements

There are specific requirements for the assignment: The final submission should contain at least
6 pages’ worth of text written by the student (not counting title page, images, diagrams, tables, or
quotations), but may be longer, not to exceed approximately 10 pages’ worth of student-supplied
text. (With the required diagram, and other images, title page, etc., the final submission may end
up being more than 10 pages in length.) It must be double-spaced, have 1-inch margins, and use
12-point Times New Roman or 10-point Arial/Helvetica font. A title page is required; APA
format for the title page is optional.
1.At least one diagram must be included (not counted towards the minimum length
described above); this could be a diagram describing Active Directory components,
DHCP/DNS design, file share hierarchy, or anything else that is worth displaying
graphically to enhance the reader’s understanding of the proposal. Additional diagrams,
images, or tables are welcome.
2.The submission must cover all of the 6 major topics outlined above. Each choice should
be explained with technical and business reasoning. The solution should be reasonably
detailed. Additional topics may be covered as desired.
3.The structure of the final submission is flexible. There is no specific format required,
although it should be organized logically and represent a single, unified solution. It is
likely that the format will include separate sections for each of the 6 topics required, as
well as a summary.
4.At least two non-textbook, non-LabSim, non-Wikipedia reference is required; preferably,
this would be a “best practice” guide or similar content from Microsoft or an experienced
provider of Microsoft solutions.
5. Be sure to properly quote or cite any sources used. APA format is required for in-text
citations and the list of works cited at the end. It is expected that you are already familiar
with UMUC's "Policy on Academic Dishonesty and Plagiarism." It is available in the
Academic Policies section of the Syllabus; there are also links in the Webliography. In its
simplest form, if you are using text from a source, you must cite and/or quote it. If
plagiarism is found, then there will be a penalty to the grade.

Introduction

A group of operating systems which supports data storage, enterprise-level management, communications, and applications designed by Microsoft is Windows Server. The focus of the previous version of the Windows server was on security, improvement to the file system, and stability (Russinovich et al., 2005).  Specialized SKUs of windows server has been created by Microsoft which focus is on small business markets. The development of Windows server was started in 1980 when two operating systems were produced by the Microsoft: MS-DOS and Windows NT (Russinovich et al., 2005).
Software and hardware of the entire network which enable communication, network connectivity, management, and operation of the enterprise network are Network Infrastructure (Vange et al., 2015). Network Infrastructure provides services and path between the internet and users, application, processes, and services. Network infrastructure is one of the most important parts of the infrastructure of the information technology which is found in most of the enterprise information technology environments (Vange et al., 2015). The network infrastructure includes; Networking Hardware (Routers, LAN cards, Cables, Switches, Wireless routers), Networking Software (Network operations and management, Firewall, Operations system, Network security applications), Network Services (T-1 Line, DSL, Wireless protocols, Satellite, IP addressing).

New Features of Windows Server 2012

• Direct Access:
If there are two sites available, so to connect two sites, in such scenario this new feature called “Direct Access” can be used to make the possible secure connection between these two sites and allow the smooth communication between these sites (Xu, 2016).
• Dynamic access control:
Dynamic Access Control is a new feature where we storage has been centralized so that if anyone wants to make data private from other department or group of users, he or she can use “dynamic access control” features to isolate/separate data of different departments (Xu, 2016).
*Diagram of Basic Topology for the scenario along with server deployment locations*

Deployment and Server Editions

As per the requirement, there are two sites, and there is a need for total four different server roles. To fulfill this requirement, they need to deploy only three servers. Two servers will be located in loss Angeles and another server we will be placed at New York site.
For the batter server management, they will create RODC at New York site. They will use here two different combinations, one is a combination of ADDS and DHCP server roles, and in second combination they will combine Application and Print server role (Nguyen et al., 2015).
As there is an only difference of some virtual VMs in both Standard Edition of 2012 servers and Datacenter edition of 2012, they will choose for Standard Edition of server 2012 as it can fulfill the requirement (Xu, 2016).
As per the given topology server management is less required in New York site. So, they can place server core edition in New York to use a server with minimal hardware resources.
They will place ADDS, DHCP, DNS, Application server and Print server at LA sites and only one Server RODC at NY site.
To deploy server, they can go for either manual or automated mode. To use the automated mode, they have to create one WDS server after that only. They will be able to install it on other hardware resources. In WDS they have to provide two image file one is boot.wim and the second is install.wim   of server 2012, and after that, they have to boot from LAN in each machine to install server 2012 (Nguyen et al., 2015).  

Active Directory

Active directory is a database which is used to track all information about users, groups OUs and relative information of each object in the server (Touboul et al., 2018). After installing server 2012 in the first task, they will provide server a name and after that one static IP. On completion of this basic set up, they will add the role of ADDS in newly install server.
To install ADDS server role follow the mentioned below procedure:
Start> server manager > manage > add roles and features than select ADDS server role and do as directed according to our requirement. Make sure that the forest and domain functional level is set to server 2012 and DNS server box is checked. Here, they will use gai.com as domain name they can use any name, but they have to provide domain name according to the domain name rules. After that, they need to reboot the machine to finish the installation of server ADDS and DNS server roles (Tan, 2017).                                                                                                                                                                                                                                            
After above procedure they will add all users and group and OUs according to the given requirement as they have five departments, they will create 4 OUs for isolating the group policy, and they will create 5 group for assigning the folder and share permission.
They will create one RODC at NY location. Now at this time they will go for server core edition and install that they will configure it in CLI mode as this version of the server is only having a CLI support and GUI is not supported (Tan, 2017). To do that they will use set of command to use this NY site as RODC of LA sites server.
Before adding a new site, first, they have to set up a server after setting up a server they are ready to add any new site. To add a new site in the active directory, they need to go to start then server manager and tools then they need to go to the option new site, provide the appropriate site name in their case they will use NY for the site name. They will also add new site named LA to the main server. After adding these two sites, they will provide subnet, and they will link these NY and LA sites. After adding and configuring these sites, they will schedule replication from LA to NY site (Tan, 2017).
After adding users, they will create Groups. To create new Groups, go to start the computer, and user option then clicks on new and select "New Group." Create 5 Group of following departments: Executives, Accounts and Sales, Creative, Media and Production Department, Human Resources and Finances, IT.
Now to restrict users with Group Policy according to the department, they will create OUs for the following department: Executives, Accounts and Sales, Creative, Media and Production Department, Human Resources and Finances, IT.
After creating OUs, they will add appropriate user to appropriate groups and OUs. They will move created a group to appropriate OU, and after that, they will be able to isolate policy of one department to another.

DHCP and DNS:

DHCP:
DHCP is the abbreviation of “Dynamic Host Configuration Protocol." This protocol is used to assign necessary parameters to DHCP client for the communications like IP address, subnet mask, Default Gateway IP address, DNS IP address, etc. For this computer or node (DHCP Client) should have set automatic IP address scheme (Sheng et al., 2015).
In Microsoft server 2012, they have the functionality to provide automatic IP address according to our requirement, but for that, they have to add server role for the DHCP server.
To add DHCP server role they need to follow the below-mentioned steps:
Go to start > server manager > manage > add new roles and feature > then check on DHCP role and do as directed. Please note DHCP roles can be configured later on so if system asks to enter the scope detail just select skip or next button and finish the installation of DHCP server role (Sheng et al., 2015).
After adding DHCP server role, they will be able to configure it. But first, let's understand the terms related to DHCP. “Scope” is a range of IP addresses. The IP address to the Client will be assign from these range of IP addresses, “Lease time” is the time duration for the client to acquire an IP address and after that duration, IP will be renewed. “Reservation” this term is used to provide static IP address from the DHCP server for an example, if they have network printer and if they want to provide static fixed IP address when this printer connects into the network where DHCP server resides then they can use these reservation options to provide fixed static IP address to Fix Clients these IPs will be reserved and will only be allotted to assigned DHCP client (Sheng et al., 2015).
According to the requirement, they have a host which are less than the 256. So they can use private IP address range of class C in their case they will use 192.168.1.0/24 which is starting from 192.168.1.0 and ending at 192.168.1.255.
Now, they can provide any name for the scope, but they will use GAI the range of IP will be from 192.168.1.1 to 192.168.1.254 the subnet mask will be 255.255.255.0 here their main server IP address is 192.168.1.1. So, they will use 192.168.1.1 as default gateway address and for the DNS address also because they have combined two server roles into the single physical system.   
It is possible that DHCP may be unavailable for a while so that the client in LAN are unable to get IP address so there is no network connectivity to the client to get rid of this problem they can set up a DHCP fault tolerance server in which when primary DHCP server unavailable to serve the IP address our secondary DHCP will serve the facility of the IP address. In their case, they can set up failover DHCP along with Application server (Kumari et al., 2015).
DHCP reservation has been discussed before, based on the same they can conclude that if they want to provide fixed IP address via DHCP server then they can use reservation in DHCP server but in this case for the Application Print and RODC, they will be providing the IP address manually, and for the client it will be configured automatically via DHCP (Kumari et al., 2015).
DNS:
The DNS namespace used for internal name resolution and Active Directory should be based on a domain name that is unique and registered for the organization’s exclusive use.  The name of the internal network domain can be the same or different from the domain name used by external users to access resources located on the internal network (Fukuda et al., 2017).
For example, if the registered namespace is example.com, the internal namespace could be something like example.com.  Or the internal namespace could be contiguous with the name publicly accessible namespace, for instance, AD.example.com.  Also, the namespace used for both internal and external name resolution can be the same.
In Some instances, it is being preferred to use different names for internal and external domains. This is the perspective of those who look at the problem from the single vantage point of DNS security.  A DNS suffix like .com cannot be resolved accessed by external network clients because it is not a publicly available top level domain name.
However, whatever security advantages that may be gained by this DNS design are mitigated by the complications and user dissatisfaction, you will encounter when using different domain names for internal and external network resources (Fukuda et al., 2017).
LA site of GIA will become the primary DNS server. So, they are going to provide the DNS information to the NY site by providing IP address of the main server in DNS entry at NY sites.

Application Services:

The application server is used to provide an application to the client machine (Putman et al., 2015). To provide application server services, they already have separated windows server machine in which they can configure the application server. To do those follow the steps mentioned below
First, they will make this server machine as a client of LA server having an IP address 192.168.1.1 after that they are going to add server role having name application server.
After adding ADDS role, they can configure a group policy. They have already created user and OUs. So, they will install application according to the department wise (Putman et al., 2015).
First of all, before creating a group policy, they require a folder which is shared and having privilege so that client can access software from that folder. Now, they will get MSI file of package form the internet. After getting software's MSI file (in our case we have used seven zip file) they will paste it into our shared folder. After sharing the folder, they will copy the UNC path of the folder for deploying. Their server is having system name DC1 so UNC path will be \\DC1\APP here APP is a folder which having MSI file available.
After initial setup for software deployment, they are going to create a group policy to create group policy follow the step mentioned hereunder.
Start > group policy here you will find their newly created OU  just right click on OU, and select option creates GPO and link here option, it will ask for the proper name provide a name. Right, click and select edit configure GPO > computer configuration > software setting > software installation here right click and add the application that they have downloaded and created a folder for it earlier (Putman et al., 2015). After creating GPO open cmd and run command “update" to update the group policy on the server. Make sure that security setting in local policy has provided proper rights to run this group policy.
Now to verify this by logging into the client pc, they will get the app which has already been installed.

File and printer sharing:

To share files and printer they have separately created server which has an IP address 192.168.1.2. To create a private share of the finance department, they will create a separate folder for them and assign the permission only to the finance group all other permission will be removed (Otsuka, 2014). After removing the permission, they will create a common folder for sharing and provide this folder to each user via GPO.to add GPO of shared folder follows the step:  
Start > group policy >user > preferences > windows settings > drive maps
No, they have already copied the UNC path for the shared folder just click on new and paste the path into the address bar and select the appropriate drive letter and select ok. After creating GPO one needs to update it. To update GPO one needs to go to cmd and run up update command to update the GPO.
To check folder is present or not just log off and log in or just restart the client machine.
By using above step, they can provide shared drive or shared folder to each department.
DFS is abbreviation Distributed File System. It is used to access multiple shares at a single location. Take for instance; they have two machine 192.168.1.1 and 192.168.1.2 these two machines having folder name share1 and share2 (Otsua, 2014). If they want to get both folders at the same location, they can use DFS. But in this case, they only have one location where they have shared files and folder, so they don’t have any requirement for setting up DFS.
Quota enables server admin to restrict the use of physical hard disk according to a specific size. Assuming they have 250 GB HDD and they have shared folder share 3, and they have hard quota limited to 20 GB then the user cannot use drive more than 20 GB this is a hard quota, but in soft quota, users can save the data in monitoring mode. To configure quota on a shared folder, follow the steps mentioned below.
Assuming they have shared folder share3:
First, they have to add role service in file server role to add role service go to server manager find option file server and click on add role services and check the box that tells "file server resource manager." After adding FSRM options go to start and find option file server resource manager. Now go to quota > create new quota profile > (provide the path of the shared folder, i.e., d:/share3) than provide the size (1024 MB) and select hard quota option and apply it. To check the configuration log on to the cline pc and one can see the size reduction in map network drive.

Place Order For A Top Grade Assignment Now

We have some amazing discount offers running for the students

Place Your Order

FSRM:

FSRM is one type file type restriction. By default, users can save all file type like videos files audios file, etc. but if they want to restrict the user from saving the video file to the shared folder, then it is possible with FSRM to do that follow the steps mentioned hereafter (Schönbrodt et al., 2016).
Start > administrative tools > file server resource manager > file screening > file screens
(In our case we will allow user to save only doc file)
Now again create new profile, provide the path select passive screening and check the option doc files and provide information to get report and press ok
After above step client is only able to save doc files if the user wants to save another file type than he/she will not be able to save.

References

Russinovich, M. E., Solomon, D. A., & Allchin, J. (2005). Microsoft Windows Internals: Microsoft Windows Server 2003, Windows XP, and Windows 2000 (Vol. 4). Redmond: Microsoft Press.
Vange, M., Plumb, M., Kouts, M., & Wilson, G. S. (2015). U.S. Patent No. 9,185,185. Washington, DC: U.S. Patent and Trademark Office.
Xu, Z. X. (2016). Practices to Administration of Windows Server 2012 and 2012 R2. Memory, 4, 64.
Nguyen, B. M., Tran, D., & Nguyen, Q. (2015, October). A strategy for server management to improve cloud service QoS. In Proceedings of the 19th International Symposium on Distributed Simulation and Real-Time Applications (pp. 120-127). IEEE Press.
Touboul, S., Levin, H., Roubach, S., Mischari, A., David, I. B., Avraham, I., ... & Gareh, L. (2018). U.S. Patent Application No. 15/679,180.
Tan, C. H. (2017). Kodi 17 Installation and VPNs Setup on Raspberry Pi 2 & 3: A Step-by-Step Guide To Install OSMC And Four Different VPNs On Raspberry Pi 2/3.
Sheng, S., Ebersman, P., & Kumari, W. (2015). Captive-Portal Identification Using DHCP or Router Advertisements (RAs).
Kumari, W., Gudmundsson, O., Ebersman, P., & Sheng, S. (2015). Captive-Portal Identification Using DHCP or Router Advertisements (RAs) (No. RFC 7710).
Fukuda, K., Heidemann, J., & Qadeer, A. (2017). Detecting Malicious Activity With DNS Backscatter Over Time. IEEE/ACM Transactions on Networking, 25(5), 3203-3218.
Putman, J. R., Nguyen, M. H., Hanson, T. C., & Srinivasan, S. (2015). U.S. Patent No. 9,015,297. Washington, DC: U.S. Patent and Trademark Office.
Otsuka, N. (2014). U.S. Patent No. 8,896,859. Washington, DC: U.S. Patent and Trademark Office.
Schönbrodt, F., Stas, L., Loeys, T., & Schönbrodt, M. F. (2016). Package ‘fSRM’.

Get Quality Assignment Without Paying Upfront

Hire World's #1 Assignment Help Company

Place Your Order