Introduction
In order to manage and supervise the operations of the entire company effectively, XYZ Company must consolidate the network infrastructure of the two long-distance sites, and build up one effective and secure network. Each site has its own server-controlled network operating on the Microsoft Windows Server technology. The Dallas site runs MS Windows 2012 Server, while the second site runs MS Windows 2008 Server. The fact that both sites are based on Microsoft Windows Server already gives XYZ Company a major advantage because the consolidation will mainly involve configurations based on the same network operating system.
There may be no need to change or replace the existing network hardware because the two Microsoft server operating systems (OSs) use the same technology. Probably a few additional equipment may be necessary to enable the consolidation of the two infrastructures. For example, a central server (host computer) running Microsoft Windows Server 2012 may be introduced to bridge inter-connectivity between the two sites and control the entire network, and allow sharing of network resources such as storage, internet connection, virtualization, and so on (Cisco, 2014). This will be a large and complex network exploiting both wide-area network (WAN) and local area network (LAN) infrastructure to effectively serve its large 110-member staff in their routine operations. Besides the server, internetworking technology such as the use of a virtual private network (VPN) will be necessary to allow the two remote sites to communicate and share data securely. According to Geier (2013), a VPN is an encrypted tunnel that allows private data to flow through a public network (Internet) without the risk of exposure. An Internet connection is an irreplaceable requirement.
The assumption is that the Dallas site will be the head office where the central server will be installed. From the staff distribution, the entire staff in human resources, finance, and advertising (61 in total) will be based in Dallas, a sure indicator that the management expects Dallas to be the hub.
Besides consolidation, the network for XYZ Company is expected to expand therefore the new expanded network will be flexible enough to allow for the addition of extra nodes without overhauling the system or disrupting service. This paper explores the development, design, and implementation procedures, services, and other necessities that will enable the XYZ Company to realize its dream of a new, powerful, effective, and secure Windows 2012 Server network infrastructure.
Overall Network Diagram
The servers, client workstations, and all other necessary network equipment have already been installed. The network will exploit both wired and wireless connectivity. For these reasons, these network equipments will include hubs, switches, routers, wireless access points, UTP CAT5e cable and RJ-45 connectors, MODEMs, telephone and switchboard especially voice over internet protocol (VoIP). Wireless connectivity will also take place between the local servers, personal desktop computers, laptops, and hand-held personal devices such as a PDA, Wi-Fi enable phone, and so on. XYZ may hire the services of a wireless telecommunications company to transmit data wirelessly between its two sites as microwaves via satellite dish, and also for Internet connectivity. Alternatively, it could use a commercial Digital Subscriber Line (DSL) for the same. Ogero (2011) describes a DSL as a full-time broadband Internet connection that uses the ordinary telephone line to connect the user to the Internet Service Provider (ISP), and allows the user to browse and make telephone calls simultaneously.
A look at the diagram above shows that there will be numerous users operating client workstations at each site. This will result to a lot of manual configurations on the transmission control protocol-internet protocol (TCP/IP) network for each server and PC such as object names, IP addresses, locations, and so on.
The Dallas site will have the following DHCP configuration if a start IP address of 192.168.12.23, an end IP address of 192.168.12.200, and a subnet of 255.255.255.0 are supplied; We will also assume that IP 192.168.12.23 is reserved as a static IP for the router, and that the default gateway IP is 49.124.31.39, then the server manager will generate automatic IPs for PCs in the accounts.xyz.com domain as follows with the last IP as 192.168.12.200;
The most powerful tool in a Microsoft Windows Server network is the Active Directory (AD). Microsoft (2014) describes the AD as a special network directory that serves as a database for storing network objects such as users, computers, devices, and so on in the form of a comprehensive list. The list is organized hierarchically into containers that define its logical structure. At the top of the logical structure is the forest which can hold several domains. Domains hold organizational units. Domains provide network administration support.
According to Microsoft (2014), this logical structure is referred to as AD in Microsoft Windows 2000 Server operating system (OS), but in the newer Microsoft Server OSs such as 2003 Server, 2008 Server and so on, it is referred to as Active Directory Domain Services (AD DS). XYZ will definitely utilize the AD DS logical structure in its Microsoft Windows 2012 Server network. To exploit AD DS, XYZ will require one server running AD DS that will be responsible for storing AD data, allow user log-on and authentication, and control communication between the users and the domains (Microsoft, 2014).
The objects in the AD are domains, schemas, and configurations. The AD keeps track of all network objects including the changes taking place within the network. The power of the AD lies in replication because all data, configurations, and changes replicate to all the domains on the network automatically (Microsoft, 2014). The XYZ Company will implement a complex network spanning over a region, a fact that may make the process of monitoring and auditing the network an impossible task. The AD will therefore come in as a very handy tool in performing this important task.
According to Indiana University (2014), a domain is the local portion of a large network commonly referred to as local sub-network which comprises of servers and client workstations all working under a centralized security database attached to a domain controller. A domain controller (DC) is a centralized server that authenticates each user thus providing secure access for the authenticated user to the server and network services within the portions of the sub-network that the user has access rights and privileges. Microsoft (2014) asserts that the beauty of centralized authentication is that all users within a specific domain can log on to any computer within that domain using their user-name and password. The XYZ Company network will comprise of a minimum of two domains i.e. the Dallas and the Richmond domains. Network domains have names such as adu.iu.edu (Indiana University, 2014). XYZ might therefore have domains like xyz.com, dallas.xyz.com, richmond.xyz.com, and so on.
There is a high likelihood that the XYZ network with have more than two domains because some departments have too many users and functions, for example, the Advertising department in the Dallas site will have 49 employees scooping almost half of the entire staff. Again, this department will have three core functions namely creative, media, and production. It may be desirable to put this department under its own domain. Again, some departments in both sites such as Finance, process and store highly-sensitive data which includes employee payroll and therefore their part of the network must remain inaccessible to the other staff. This again calls for extra domains such as adverts.xyz.com and accounts.xyz.com.
The domain name system (DNS) provides naming conventions for TCP/IP network computers and resources (Microsoft, 2012). This will allow XYZ to supply unique names to identify computers and other network resources. For example, instead of simply assigning an IP to a computer, the computer can be identified by a name such as ‘AccountsPC1’. DNS associates names with IPs. XYZ will implement a DNS server role integrated into the AD DS through installation on a DC. This enables automatic replication of DNS zones. AD DS utilizes DNS to enable named PCs locate DCs in the XYZ network. Microsoft (2012) asserts that DNS and DHCP integrate seamlessly enabling automatic updating of DNS records when new devices are added or dynamic IPs change.
Besides this, DNS provides more benefit to XYZ in the form of enhanced security in the DNS Security Extension (DNSSEC). Again, the integration of DNS into AD DS allows multi-master replication and enhanced security for DNS data (Microsoft, 2012). During DHCP configuration, the server manager allows integration and validation of existing DNS objects (Dell, 2011).
The other aspect to pay keen attention to is functional levels. Each preceding version of Microsoft Windows Server has a lower functional level than the current one i.e. newer versions of the Microsoft Server OS will have more advanced features than the previous version (Microsoft, 2014). For example, MS Windows Server 2003 will have a much lower functional level than MS Windows Server 2012, and MS Windows Server 2008 will have a lower function level than MS Windows Server 2012 but higher than MS Windows Server 2003. Currently, the Richmond site has the lowest functional level because despite running MS Windows Server 2008 OS, the forest runs on a Server 2003 functional level. The Dallas site has a 2012 functional level. We also assume that the owners of XYZ prefer the Server 2012 functionality. That means the company must upgrade the existing OS at Richmond to MS Windows Server 2012 R2 in order to exploit the new advanced features of the OS, and then manually upgrade the functional levels to Server 2012. Microsoft (2014) asserts that upgrading the OS and in essence the AD DS, does not upgrade the functional levels rather this is the preserve of the system administrator.
Again, the use of MS Windows Server 2012 provides XYZ with the benefits of Direct Access Control (DAC) and storage optimization offered only by this OS. According to Microsoft (2013), DAC provides greater control over access of network resources through the implementation of refined rules the resource, the users, and the configurations. For example, DAC will provide the sales personnel restricted access to the network when they use their mobile devices in the field, but relax the rules when the same users use PCs in XYZ offices. Besides the improved control, DAC also improves the security of the system. Microsoft (2013) cautions that to exploit DAC, all DCs in the forest must operate at Windows Server 2012 functional level and share two-way trusts between forests.
Again, XYZ stands to benefit immensely from optimized storage technology which provides unique features such as SMB 3.0 (Baker, 2012), clustering, and cluster shared volume integration. Baker (2012), intimates that clustering enhances storage availability. On the other hand, volume integration provides scalability in the deployment of virtual machines (VMs), sharing of files, and so on. Microsoft has implemented Storage Pool (SP) and Storage Space (SS) in Server 2012 through a technology that consolidates all the physical disk space from one or more disks into a single virtual storage. The OS then creates volumes from this virtual storage.
According to Microsoft (2012), to perform an AD DS upgrade, XYZ must purchase either the Standard or Datacenter version of Microsoft Windows Server 2012 because the other two versions i.e. Essential and Foundation do not support AD DS. Again, both the Standard and the Datacenter versions support virtualization.
Microsoft (2014) asserts that all client workstations on both sites must run Microsoft Windows XP or later (Vista, 7, and 8). At this point we will make another assumption that the current version of MS Windows Server 2008 that runs at Richmond is 64-bit, because it is impossible to upgrade the AD DS of 32-bit Windows Server 2008 and Windows Server 2003 (Microsoft, 2014).
Upgrading the network to Windows Server 2012 automatically enables all domain-wide and forest-wide features (Microsoft, 2012). For this reason, it will be possible for the system administrator, or any officer who has authenticated membership in the Domain Admins or Enterprise Admins groups, to raise all functional levels to Windows Server 2012 by simply selecting ‘Administrative Tools’ from the ‘Start’ menu, then selecting the required level from the ‘Raise Domain Functional Level’ option. The most important action is to install MS Windows Server 2012 on all domain controllers, and selecting the Windows Server 2012 forest functional level during the installation of AD DS on the first XYZ domain controller.
Currently, both the Richmond and the Dallas sites have domain forest such as xyz.com and richmond.com. Since, the two sites now belong to one company, XYZ, its desirable to unite the two domain forests into a single domain forest. Microsoft Windows Server provides the Active Directory Migration tool (ADMT). According to Microsoft (2014), the latest server OS i.e. Windows Server 2012 R2 is so powerful that it allows migrations across subnets. XYZ may acquire Media Guru IT assets either by acquiring the entire Media Guru forest assuming that there is only one instance of it, or by migrating Media Guru’s AD into an XYZ domain (Microsoft, 2010). The latter is best because it allows migration of the AD of the forest or domain without the security identifier (SID) history. This will be important for XYZ because the migration removes system vulnerabilities to previous users such as knowledge of user accounts and passwords, information on user groups and privileges, IP addresses, and so on. XYZ will create a new domain within its forest such as richmond.xyz.com, and migrate the Richmond AD into this domain without SID using the ADMT tool.
A Key component of the XYZ network will be security. One aspect of security concerns data backup. Microsoft provides the Windows Server Backup tools which the user can install by clicking ‘start’ then ‘Server Manager’, the ‘Add Features’ in the ‘Features’ pane. Microsoft (2013) provides that the Windows Server Backup is capable of making both manual backups, and also scheduled backups of files, folders, drives, and even the entire server to a local or remote NTFS drive. XYZ’s network requires these tools which can also be managed by non-IT staff (Microsoft, 2013). The backups will then be used to restore the system in case of a mishap such as a disk crash, virus infection, data corruption, and so on. The OS uses the volume shadow copy service (VSS) to create backups. To complement windows backup, XYZ may use volume shadow copies. A shadow copy is a snapshot of a folder or drive at a specific moment in time. Unlike a backup, it makes a local copy of data and applications as at that time without interrupting the applications of the network. It is especially useful in creating backups of sensitive data during processing.
The other aspect of security concerns communication between the numerous XYZ domains and forests. Acquisition of the Richmond site through forest migration will result in a Windows Server 2012 network with two forests, although the option of migration of the Richmond forest into a Dallas domain remains. According to Microsoft (2012), security across forests and domains is implemented through trust relationships. XYZ should implement forest trust in its AD to allow access and sharing of resources across the Richmond forest and the Dallas forest which is especially useful for companies getting into a merger or acquisition (Microsoft, 2012). Again, trusts will extend the reach to other forest ADs.
Between domains, XYZ should implement one-way and two-way trusts. Some domains will be exclusive to the members of a specific department, yet these departments may require data from other domains. For example, a one-way trust will be implemented between the ‘Accounts’ and ‘Sales’ domains. This will enable ‘Accounts’ to acquire sales data that is relevant for accounting purposes. However, ‘Sales’ will not be able to access ‘Accounts’. XYZ may also implement shortcut trusts. If the Richmond forest is acquired into a Dallas domain, shortcut trusts may be placed between some collaborative domains such as the Dallas IT department and the Richmond IT department assuming that the departments run their own domains.
An important aspect of trust relationships is that it allows data and changes such as passwords, to automatically replicate across domains that share trusts (Microsoft, 2012) because updates within a domain cause automatic replication across other domain controllers in that domain, and this initiates replication in the other domains that enjoy a trust relationship with that domain. Microsoft (2012) asserts that in the AD, trusts for each domain are represented inform of trusted domain object (TDO) which contains objects such as domain name service (DNS), SID, and so on. This in turn facilitates replication across the network. Two-way transitive parent-child trust which may be implemented by XYZ in domain trees that propagate to sub-domains cause replication to ripple across the complete hierarchy (Microsoft, 2012).
BranchCache is an important tool for XYZ to support its WAN and improve security by reducing WAN traffic. Microsoft (2013) informs that this is made possible by copying or hosting some server content from the main servers on a local branch server or client workstation. This removes the need for local PCs to keep accessing the server over the WAN. This optimizes network access and also secures data by reducing network traffic thus exposing less data to network hazards. BranchCache will work for XYZ because its network is based on MS Windows Server 2012, the only server OS that has this capability. However, XYZ may not be able to take advantage of BranchCache if it does not have a local server, and has many PCs that do not run MS Windows 7 or 8. Only those two OSs support BranchCache.
References
Baker, E. (2012, December 18). How to Manage Storage Spaces and Storage Pools in Windows
Server 2012. Microsoft Certified Professional Magazine (MCPMag) . Retrieved 5 June 2014, from, http://mcpmag.com/articles/2012/12/18/ht-storage-spaces-storage-pools.aspx
Cisco. 2014. Servers – Unified Computing. Retrieved 31 May 2014, from,
http://www.cisco.com/c/en/us/products/servers-unified-computing/index.html
Dell. (2011). How to Configure DHCP on Windows Server 2012. Retrieved 5 June 2014, from,
https://en.community.dell.com/techcenter/os-applications/w/wiki/689.how-to-configure-dhcp-on-windows-server-2012.aspx
Geier, E. (2013, March 19). How (and Why) to Set Up a VPN Today. Networking – PC World
Magazine. Retrieved 30 May 2014, from, http://www.pcworld.com/article/2030763/how-and-why-to-set-up-a-vpn-today.html
Indiana University. (2014). What is a Domain? University Information Technology Services
Knowledge Base. Retrieved 30 May 2014, from, https://kb.iu.edu/data/aoup.html
Microsoft. (2014a). So What is Active Directory? Microsoft Developer Network. Retrieved 2
June 2014, from, http://msdn.microsoft.com/en-us/library/aa746492(v=vs.85).aspx
Mircosoft. (2014b). Active Directory. Microsoft TechNet. Retrieved 1 June 2014, from,
http://technet.microsoft.com/en-us/library/bb742424.aspx
Microsoft. (2014c). What is the difference between a domain and a workgroup? Windows.
Retrieved 2 June 2014, from, http://windows.microsoft.com/en-us/windows-vista/what-is-the-difference-between-a-domain-and-a-workgroup
Microsoft. (2014d). Active Directory Domain Services. Microsoft Windows Server. Retrieved 2
June 2014, from, http://technet.microsoft.com/en-us/windowsserver/dd448614.aspx
Microsoft. (2014e). Migrating Roles and Features in Windows Server. Windows Server 2012 R2.
Retrieved 3 June 2014, from, http://technet.microsoft.com/en-us/windowsserver/jj554790.aspx
Microsoft. (2014f). What are Active Directory Functional Levels? Microsoft TechNet. Retrieved
2 June 2014, from, http://technet.microsoft.com/en-us/library/cc787290%28v=ws.10%29.aspx
Microsoft. (2014g, April 28). Upgrade Domain Controllers to Windows Server 2012. Windows
Server. Retrieved 3 June 2014, from, http://technet.microsoft.com/en-us/library/hh994618.aspx
Microsoft. (2012h, July 18). Raise the Domain Functional Level. Windows Server. Retrieved 1
June 2014, from, http://technet.microsoft.com/en-us/library/cc753104.aspx
Microsoft. (2010i). Active Directory Merger, Acquisition, and Divestiture: Restructuring
Limitations. Microsoft TechNet. Retrieved 4 June 2014, from, http://technet.microsoft.com/en-us/library/mergers_acquisitions_active_directory_prune_and_graft_restructuring_support_limitations(v=ws.10).aspx
Microsoft. (2012j, December 11). How Domain and Forest Trusts Work. Microsoft TechNet.
Retrieved 4 June 2014, from, http://technet.microsoft.com/en-us/library/cc773178%28v=ws.10%29.aspx
Microsoft. (2009k, May 1). What is an RODC? Windows Server. Retrieved 1 June 2014, from,
http://technet.microsoft.com/en-us/library/cc755058%28v=ws.10%29.aspx
Microsoft. (2013l, August 14). BranchCache Overview. Microsoft TechNet. Retrieved 2 June
2014, from, http://technet.microsoft.com/en-us/library/hh831696.aspx
Microsoft. (2013m, July 31). Dynamic Access Control Overview. Windows Server. Retrieved 5
June 2012, from, http://technet.microsoft.com/en-us/library/dn408191.aspx
Microsoft. (2013n, January 17). Windows Server Backup Step-by-step Guide for Windows
Server 2008. Windows Server. Retrieved 1 June 2012, from, http://technet.microsoft.com/en-us/library/cc770266%28v=ws.10%29.aspx
Microsoft. (2012o, February 29). Dynamic Host Configuration Protocol (DHCP) Overview.
Microsoft TechNet. Retrieved 4 June 2012, from, http://technet.microsoft.com/en-us/library/hh831825.aspx
Microsoft. (2012p, February 29). Domain Name System (DNS) Overview. Microsoft TechNet.
Retrieved 5 June 2014, from, http://technet.microsoft.com/en-us/library/hh831667.aspx
Microsoft. (2012q, February 29). What’s New in Hyper-V for Windows Server 2012? Windows
Server. Retrieved 2 June 2012, from, http://technet.microsoft.com/en-us/library/hh831410.aspx
Microsoft. (2007r, April 25). Active Directory Federation Services Overview. Windows Server.
Retrieved 1 June 2014, from http://technet.microsoft.com/en-us/library/cc772593%28WS.10%29.aspx
Mircosoft. (2012s, February 8). Active Directory Rights Management Services Overview.
Windows Server. Retrieved 5 June 2012, from, http://technet.microsoft.com/en-us/library/hh831364.aspx
Ogero Telecom. (2011, November 24). DSL Introduction. Telephone Line. Retrieved 30 May
2014, from, https://www.ogero.gov.lb/Published/EN/dslc.html