Introduction
This document is a proposal for the setup and implementation of the Information Technology infrastructure of Shiv LLC company. The document covers the technologies to be used in implementing a multi-location infrastructure that will aid the business processes of the three different locations of Shiv LLC which are at Los Angeles, Dallas and Houston. Owing to the prospects of a rapid growth, the designs proposed in this document are flexible enough to allow room for future expansion and scaling. This proposal document was prepared with an assumption that there will be sufficient funds to procure all the equipment necessary to fully implement the considerations put forward in the document.
Active Directory
A server running Active Directory Domain Services is known as a domain controller. A domain controller provides a distributed database which is used to store and manage information about network resources and application-specific data from applications that are directory-enabled. Active Directory Domain Services can be used by system administrators to organize the elements of a network (users, computers, and other devices) into a hierarchical structure that includes the Active Directory forest as well as the domains in the forest and the organizational units present in each domain. The domain controllers for Shiv LLC would be placed at the Dallas office of the organization.
The organization of the network elements (users, computers and other devices) into an hierarchical tree structure has security advantages since the forest acts as an organization security boundary and defines the scope of authority for the system administrators. For Shiv LLC, the forest would contain a single domain which is the forest root domain (www.shivllc.com).
Group Policy
Group policy is a hierarchical infrastructure that allows specific implementations of configurations for computers and users. They are contained in what is referred to as the Group Policy Objects (GPOs) and are linked to the sites, domains or organizational units of the active directory containers. It defines the security, user and networking policy to be implemented at machine level. In implementing Group Policy for Shiv LLC, administrators can define the options for what each user can do on the network, the applications, files and folders they can access. The group policy will also help control the security of the files that are available for share by limiting users to only the files they are authorized to access based on the configurations for each user as per the GPO.
DNS
The function of DNS servers is to provide the service that allows the translation of IP addresses which are used by machines to names that are easily remembered by humans and vice versa. They are used to resolve host names to IP addresses and the reverse of resolving IP addresses to names; also to locate domain controllers and global catalog servers as well as locate mail servers. Figure 1 illustrates a namespace.
Figure 1: Illustration of a Namespace
For the design at Shiv LLC, the Split DNS infrastructure will be implemented. In this design two zones are created for the same domain of the organization. The first zone would be used for the internal network while the second zone would be used by the external network. In the configuration of the Split DNS infrastructure, internal hosts to the network are directed to the internal domain name server for name resolution while the external hosts are directed for name resolution to the external domain name server. The topology of split DNS infrastructure is shown in figure 2.
Figure 2: Topology of Split DNS infrastructure
The Windows server 2012 as would be used for the deployment has the capability to resolve fully qualified domain names to an IP address (for both IPv4 and Ipv6 addresses). The IP Adddress Management (IPAM) feature of the Windows Server 2012 makes management of the the DNS and DHCP services easy as system administrators can have a unified view of the DNS zones and IP address configurations.
In designing the DNS namespace for Shiv LLC, the DNS namespace requirements of the organization would first be identified and then a second level DNS domain name that represents the organization would be chosen. The proposed domain name for Shiv LLC is “shivllc”. The consideration for the top level domain name to be tied to the second level domain name which reflects what the organization does would be based on the services that Shiv LLC provides. An example would be the use of a “.com” top level domain for commercial purposes as reflected in the case of Shiv LLC. Other sub-domains (child domains) can then be added to the parent domain to further represent different departments in the organization e.g. accounts.shivllc.com in which case the child domain is “accounts”. For ease of maintenance, the assignment of child domains should be based on the function the child-domain performs. In the example given above, the accounts.shivllc.com indicates a sub-domain belonging to the accounting department. For securing the namespace for external access, the internal Active Directory namespace will be such that it is totally different from the namespace used for the external namespace.
The deployment of the DNS server on Microsoft Windows 2012 will be achieved by taking the following steps.
The 'Add Roles and Features' button on the manage menu will be selected after starting the server. A new role will be added to the server using the Server Manager feature. Clicking the next button will bring up the Add Roles and Features Wizard window in order to select the installation type. Since the configuration is as a DNS, the Role-based or feature-based installation radio button will be selected. From the server pool, the server on which the DNS server role is to be installed is selected. On the next window is an offer to install additional tools that will be required to manage the DNS. For the use of Shiv LLC, the DNS server tools will be installed on the same server as the DNS to make the management of the server easier to accomplish. The remaining prompts can then be run through to the final confirmation page and the installation will be completed.
In order to avoid having to make files and folders available at each of the three locations of Shiv LLC, Distributed File System (DFS) will be implemented across board, making only one copy of the files and folders accessible to all employees across the three locations. This will reduce the total cost of establishing file system for each of the three locations. The use of DFS namespaces will enable the grouping of shared folders that are located on different servers across the three locations of Shiv LLC into logically structured namespaces in a manner that each namespace would appear to a user as a single shared folder having subfolders. With the three different locations of operation from which Shiv LLC employees would be operating the files on the servers at the three locations can easily be shared to users in a manner that is location-transparent to the user accessing a file.
In the Windows Server 2012, the File Server Resource Manager (FSRM) is part of the File and Storage Services role of the server (Microsoft Corporation, 2015) which is available by default with the server installation. In order to enable management of the File Server Resource Manager, more features may need to be added based on the configuration of the server. The File Server Resource Manager will be configured and used for quota management by creating a quota for a folder and its sub-tree or for a volume so that the space allocated for it can be limited. The quota can be a hard quota or a soft quota. A hard quota will not permit users to save files after the limit of the allotted space is reached while a soft quota will still permit users to save files but a notification is generated for the administrator. The notification works by configuring a threshold so as to be aware when the quota is approached and also reached. Email notifications to be received by the administrator, scripts, event logs and storage reports can be used.
In order to implement the quota management feature on the Windows 2012 server, the Quota Templates node under Quota Management will be clicked to reveal another selection option. The template on which to base the quota will then be selected from the Results pane. A right-click on the template and a click on Create Quota from Template will reveal the Create Quota dialog box showing the summary properties of the quota template displayed. Then under quota path, the volume or folder that the settings will apply to is typed or browsed for selection of the volume or folder under quota path. A click on the Create quota on path option and then clicking on Create will complete the configuration.
For Shiv LLC, Distributed File System (DFS) would be implemented as this would make the task of replicating data between the three different locations of the company in a cost-effective and efficient manner possible. DFS also makes the access of files by users transparent, which means that the system is operated in a manner that cannot be perceived by the users of the system. It provides access transparency, where the processes on a client host can access files from a remote host as if the file is resident on the client; location transparency, where the names of the files do not in any way reveal where the file is physically located; mobility transparency where files can be moved from one server at one of the locations of Shiv LLC to another server at another location without affecting the way clients access the files. Files can also be replicated in order to improve efficiency of client access to files and likewise provide redundancy (Lee and Vellore, 2006; Patel et al., 2014) to guarantee high availability of the system.
Implementing DFS for Shiv LLC also guarantees concurrency especially for the multi-location nature of the company. This is very important since a file accessed from a location of the company, it is possible that the same file is accessed simultaneously by more than one client from any of the other locations. Concurrency of file updates will make sure that the changes to a file by one client do not affect the operations of other clients on the same file.
Remote Services
Remote desktop services is one of the server roles of in Windows server 2012 which enables users to access desktops, virtual machines and applications in a session-based manner both from within a corporate network or from outside of it over the internet. This feature enables users to access computers from any location and work. With the tri-location of Shiv LLC, it would be very easy for any employee to access own workspace through any computer from any of the locations as if he/she were physically before the computer. In windows server 2012, the remote desktop feature allows the administration of remote programs, virtual desktops management and add servers all from one centralized console. The ability to make use of user profile disks enables the preservation of the personalization settings of the user across the sessions of pooled virtual desktops.
In Windows Server 2012, remote desktop can be configured either in the standard option or the quick start option. The standard option is usually deployed in production environments while the quick start option is used to deploy remote desktop service role on a single computer as intended for test environments, using the default options. For Shiv LLC, the remote desktop service will be configured in the standard option for production environments.
WSUS
The Windows Server Update Services (WSUS) enables system administrators to install the latest Microsoft product updates to the computers that are running the Windows operating system. The management of the update can be achieved by using a WSUS server to be the source of update for the client computers and other WSUS servers deployed within the organization. This server which will serve as the update source will need to be connected to Microsoft Update in order to get the available updates which are in turn made available to the other servers within the organization. The WSUS will be deployed in the Shiv LLC implementation to ensure that the Microsoft products on the network are up to date in order to reduce risk of security breaches owing to software bugs. The update of the softwares will be based on the group policy settings for automatic updates. The use of update servers will reduce the overhead cost of carrying out important updates on the infrastructure of Shiv LLC company across multiple locations. Using this service from a single update server, all the infrastructure can be centrally coordinated from a single point.
Conclusion
The designs presented in this document have been made to reflect the peculiarities of the Shiv LLC company in order to support and enhance the operations of the company. The implementation will not be difficult with the ready availability of the technologies required as part of the Microsoft Windows 2012 operating system.
REFERENCES
Lee, M. and Vellore, M. (2006). Exploring the Distributed File System in Microsoft Windows Server 2003 R2. Dell Power Solutions. PDF. Accessed on 21 January 2016 from http://www.dell.com/downloads/global/power/ps2q06-20050301-Lee.pdf
Microsoft Corporation. (2015). [MS-DFSC]: Distributed File System (DFS): Referral Protocol. PDF. Retrieved from http://www.google.com.ng/url?sa=t&rct=j&q=&esrc=s&source=web&cd=20&cad=rja&uact=8&ved=0ahUKEwiH5ODhubvKAhUFtQ8KHduHBQY4ChAWCE4wCQ&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F9%2F5%2FE%2F95EF66AF-9026-4BB0-A41D-A4F81802D92C%2F[MS-DFSC].pdf&usg=AFQjCNFkkkXDEeOplAm8HVN9dvWsm4gjxg&sig2=N2Q4vXVf_Nr5Kt0ZzmlX5A
Patel, Neha M., Patel, Narendra M., Hasan, M.I. and Patel, M.M. (2014).Improving Data Transfer Rate and Throughput of HDFS using Efficient Replica Placement. International Journal of Computer Applications, 86(2), Pp 0975-8887.
Windows Server. Remote Differential Compression Overview. Accessed on 21 January 2016 from https://technet.microsoft.com/en-us/library/cc754372.aspx
