INTRODUCTION
Worldwide Advertising Inc. is a new advertising firm located in Los Angeles and New York. The firm is looking to hire new IT support staff to take over IT management. Prior to that, they need their IT services configured and as such requires a solution which takes into consideration implementation and configuration of core IT services.WAI looks forward to starting with 90 employees distributed in executive departments, accounts and sales, creative media and production, human resource and finance and IT departments. Most of these staff will be located in Los Angeles with at least one person in each of the departments located in New York. WAI is not resource-constraint and looks for the best solution possible that will fit the scope of their needs for the next two to three years.
A company’s competitiveness is dependent on its ability to establish regional and global presence and at the same time maintain the quality of services it offers at those locations to accepted standard. In a bid to grab a larger market share in advertising industry, WAI has a branch in New York in addition to the headquarters in Los Angeles. The two entities need to be connected in almost real time if WAI is to prosper. Remote employees in New York need to convey near real time information to headquarters in Los Angeles with much ease. The same applies to executive managers who need to pass crucial information and board decisions to branches and sub-branches in real time. As a matter of fact, directives from the headquarters need to be effected immediately and as soon as possible if the company is to gain a competitive edge. The medium of passage of information from one branch to another is critical, considering the time, location and security. The determining success factor in corporate business lies in the effectiveness of corporate network in accessing remote locations and branches, with increased capabilities to support both traditional services such as data and voice and the latest trends such as videoconferencing.
Thus this paper describes a tailored solution meant to suit the needs of WAI for the next couple of years. The paper revolves around Windows Server 2012 implementation and all the recommended changes should be compatible with it. Each department will require different IT resources and policies and a diverse solution that gathers for all of them is anticipated. For instance, Finance and accounting departments will not like to share their data and information with other departments. Therefore, different file sharing policies and solution need to be implemented in these departments. Location also plays a major component in the determination of the best solution. The two branches in Los Angeles and New York should be able to connect seamlessly and share resources in real time in order to enhance productivity. Therefore, this paper describes the implementation of core IT services for WAI in form of server deployment, DNS configuration, Active Directory Controls, file and printer sharing and remote access.
RECOMMENDED SOLUTION
I recommend that WAI implement a Virtual Private Network. A VPN is an established development facilitated by the global interconnectivity. It comprises of hardware and software components that when configured permit organizations employees and other shareholders located in disparate locations to share the same pool of resources that could have otherwise been assessed by those in the headquarters alone. A VPN establishes a secure connection via internet of where users, partners and telecommuting employees can assess company’s resources in wherever location they might be located. VPN has been curved out of WANs and LANs. In traditional WAN networks, company resources are shared through LANs. An organization such as WAI with two locations and likelihood to increase will require installing Wide Area Networks and connect the organization’s premises in the last mile with Local Area Networks. Today’s Wide Area Network technologies include MPLS, Ethernet and, of course, VPN Tunnelling. These installations except tunnelling are expensive and time consuming and even if the cost of implementation is not a factor, it introduces other complications and vulnerabilities. Aligning with the company’s need to utilize IP-Sec encryption standards, VPN is more preferred. In addition, VPN is carrier agnostic and matches seamlessly across multiple networks. Thus, VPN is the preferred solution for WAI because of its long physical distance possibility. VPN has the ability to work over both private and public networks and through tunnelling, it utilizes the same hardware infrastructure as existing Internet or intranet links. An extra factor is the security it will offer data send via its networks.
VPN in WAI is going to work in the following mechanism:
A VPN will be set to support remote and protected access to the corporate office networks via internet. A remote user requiring to access company data will first log into the company network via public ISP. Once the connection is established, the remote client can communicate with internal company systems in the same way as when logging in as a local host.
One provision for WAI was that the network should be segregated such that finance and accounting department’s information and files cannot be accessed by every company employee. This provision is well provided for when using a VPN. Through controlled access, VPN will be configured to limit access to some subnets of the network while allowing others.
WINDOWS SERVER 2012
Windows Server 2012 is the latest of Windows server having been introduced in September 2012. Its biggest characteristics are its innovative user interface, powerful remote management tools, Active Directory Domain Controllers and DFS Namespace and DFS Replication features. Windows Server 2012 is available in four SKUs, Windows Server 2012 DataCenter, Windows Server 2012 Standard, Essentials and Foundation.
WAI has the option of choosing between Windows Server 2012 DataCenter and Windows Sever 2012 Standard. These two options are the most preferred for business organizations and operate almost in the same processor and memory requirements and functionality. The only slight difference is the number of virtual machines they run on. Datacenter is preferred for virtualization and cloud deployment hosting while standard version is favoured for physical server deployment with limited virtualization. Forecasting on the state of the company in the next two to five years, it is apparent that a lot of data will be generated and utilized. The need for virtualization and cloud computing is undisputable in the current age and as more and more company’s seek to host their services over the clouds, this trend is worth investing in. WAI need to adopt cloud deployment to achieve efficiency in performance and minimize resource utilization.
Windows Server 2012 Datacenter is the preferred solution for WAI. This version is suitable for small start-ups as well as established company’s who envision a lot of data in the near future. With Windows Server 2012 Datacentre, WAI will receive customized features and suites that serve it effectively with increased readiness and option to host its services in the clouds.
WAI will use a single application server located in Los Angeles and deployed using centralized application deployment architecture. These results in high degree of economies of scale attained through consolidation of key resources ion a centralized location. WAI will build an application centre in Los Angeles to host business critical operations using enterprise-class servers. This will allow remote and local users to access the services and applications equally and efficiently. Servers will be installed on enterprise-class machines in proximity with the application centre to act as gateway for the users and applications running on companies are computing systems. Headquarters in Los Angeles will be architecturally linked with New York branch to achieve seamless communication. This configuration of core IT services is expected to consolidate WAI’s computing power, thereby, reducing the number of application servers to possibly align with the limited IT infrastructure and staff. Administrative overheads will be eradicated in this way as a single server will be in use rather than establishment of cluster of servers in every branch or location. This is a necessary provision because the company is starting up and huge IT overheads are not desirable at the moment.
With only five employees to manage the entire IT services in the two branches, and their supposed inexperience, it would be prudent to manage application access and its use through a single point of entry. This reduces complexity and workload which ultimately has an impact on productivity. Departments such as creative media and production finance and accounts, sales and human resources work in collaboration. Windows Server 2012 provides for desktop sharing and session-shadowing capabilities that promote team work and collaborative engagement. This kind of collaboration is proven to accelerate production than standalone branch-independent kind of system. First, there is guarantee of work-in-progress achieved through in-built break and resume capability. Second, this capability to break and resume boosts employee’s morale leading to enhanced productivity. At this inception stage, WAI requires a collaborative and team oriented approach of production across all its branches. This can only be acquired through consolidation of resources to one point of entry using centralized application architecture provided in Windows Server 2012 application.
DNS CONFIGURATION
DNS configuration is one of the most essential services in Windows Servers, thus, it is extremely important to configure it correctly. Configuring DNS will include a host of features that touches on server selection, server roles, features, AD DS and deployment. For instance, Active Directory Domain Services stores information about users, computers and other parties on the network. They are useful for administrators in securely managing information and facilitating sharing between users. Installing AD DS will install a range of other features including DFS Namespace, DFS Replication and File Replication.
In respect to WAI intranet resources will be accessed by VPN clients via http://loasangeles/wai.org. A domain name will be created such as DATACENTER-WAI.DE and will also be the name of the forest. Name resolution will require the use of IPv4 or IPv6 DNS resolution. The two resolution mechanisms DNS-based and Windows-based will require the server address to be provisioned on the VPN client side. In this case, IP address of the DNS based server will be located on the VPN client side either via static configuration inside the VPN client or with dynamic configuration from the VPN server. Dynamic configuration is highly recommended in this case because it automatically initiates handshake process through IKEv2-baed virtual reconnection. IPv4 and IPv6 address generated from the VPN server private interface is picked up and passed through IKEv2 tunnel establishment stage.
ACTIVE DIRECTORY DISTRIBUTED FILE SYSTEM
Windows Server 2012 VPN solves most of the prevalent issues of file access on multiple servers and network performance associated with the previous version. For instance, when VPN is used by multiple clients at the same instance, performance issues arises. This also applies to critical file transfer and backup especially when arbitrarily detached on more than one server at different locations.
With active directories, however, network administrators have increased capability to screen all the components of the network including remote users, printers, mobile devices and other computing devices. Active Directories are modelled hierarchically with the topmost phase containing the forest. The forest refers to all the computing resources, wireless devices, and other components available in both branches. Domains are located under the forest and comprise of organizational units which makes up the users and their associated resources in Los Angeles and New York locations. Four IT personnel are located in Los Angeles while a single administrator is located in New York and their functions include supervision of users and their associated computing resources under their domains. In the diagram below, WAI active directory is segregated into two domains LA and NY.
Windows Server 2012 presents two technologies that are relevant in the management of active directory domains.
DFS Namespace
DFS Namespace is an authoritative tool that enables an administrator to group shared folders located on different servers into a single logically structured namespace appearing to users as a single shared folder with series of subfolders. Fundamentally, the namespace contains numerous files located on more than one server and sites. Thus, when a user in Los Angeles searches for a file in the namespace, DFS namespace locates the file in its individual server and links the user with the server containing the file for automatic retrieval. Windows Server 2012 introduces Windows Powershell cdmlets for conducting many of the administrative functionalities for DFS namespace. For remote clients, site awareness functionality is used to provide optimal referrals to corporate resources when connected via Direct Access.
DNS Replication
This phenomenon allows efficient replication of folders across multiple folders and sites. Through Remote Differential Compression mechanism, it automatically detects changes to a file and effect only the altered file blocks instead of the whole file. As with Windows Server 2012, support for data duplication volumes is provided. The Data Duplication functionality saves storage requirements without impacting DFS Replication. A file created, modified or deleted in one server is duplicated on the rest of the servers without compromising on the storage needs and DFS process.
These two enhancements in Windows Server 2012 creates fault tolerance on servers since a failing server will not affect the files in virtual DFS namespaces nor those available on the networks of remaining and standby servers. Lag and bandwidth issues are also sorted out through Remote Differential Compression technologies since clients at local branches will experience enhanced speeds as all servers are rendered local to them. Bandwidth is conserved by replicating only data that have been changed alone.
Other benefits of this file access mechanism are file uniformity and simplified backup and restore functionalities. Any change initiated in one location will be effected in all the others. Likewise, backup and restore of the virtual tree are conducted at a single entry point.
DHCP
DHCP over VPN allows DHCP clients behind WAI network to get an IP address from a DHCP server located at the other end of VPN tunnel. In this case, it is advisable that the WAI VPN networks be located in one logical IP subnet to create an appearance for all VPN networks residing in one IP address space. This will enhance IP administration. The administrator will automatically allocate IP addresses using DHCP. Lease times accorded to a certain user is subject to its functionality on the network. Since most users are not dynamic, a list of IP addresses of the users will be kept and allocated whenever a user connects to the internet. Dynamic DHCP allocation mechanisms where short leases are accorded will be applied if a scenario arises where the number of users exceeds available IP addresses. Web servers will be accorded permanent IP addresses through static addressing.
Files and printer sharing controls will be effected at each branch location. Disk quota will specifically be managed through the use of File Server Resource Manager templates. Disk quota allocations will be determined by the need of each branch and department. Disk quota configurations are achieved through a per-volume policy where certain departments will be allocated more memory than others due to their workload. Disk management practices such as disk usage monitoring, warning and usage enforcement are also implemented. For that matter, certain types of data can be saved in Los Angeles branches while others can be saved in New York. This is achieved through file screen management implementation. Server administrators will impose file screen controls to manage the type of files uploaded/downloaded to servers and desktop computers.
REMOTE ACCESS
WAI shareholders are accommodated through remote-access, intranet-based and extranet-based VPN. Local users located inside the organization will access file and application resources through intranet-based VPN. Remote and telecommuting users will be connected to the company’s network through secure IPSec-VPN dial up service. Extranet-based VPNs will be established to gather for collaborative projects and communication with shareholders.
Before any user is connected to the network, sufficient authentication is required including security patches and antivirus software installed on personal computers. Administrators will provide privileges to telecommuting employees through Direct Access settings in GPO as well as determine outward facing IP addresses.
Windows Server 2012 has a NAP integration module functionality that controls health certificates of WAI’s IPSec peer authentication intranet tunnels. The certificate has a System Health Object Identifier issued by Health Registration Authority after compliance with NAP policy. NAP Health checks determine who to allow to the network and is enforced by Remote Access Setup Wizard.
CONCLUSION
This paper has dealt in detail with best practices for configuring core IT services for Worldwide Advertising Inc. Specifically; it has recommended VPN as the best solution for the organization to serve it for the next couple of years. WAI will deploy Windows Server 2012 Datacenter as its preferred server deployment. A single server with the state-of-the-art machines is used at the headquarters and all the other applications are accessed through a single point of entry to enhance administration. VPN solution will provide remote access as well as file sharing through DNS namespace and DNS replication. Remote authentication is controlled by NAP integration module in Windows Server 2012.
References
Alex Shneyderman, A. C. (2003). Mobile VPN: Delivering Advanced Services in Next Generation Wireless Systems. John Wiley & Sons.
Bishop, T. (2009). Next Generation Data Centers in Financial Services: Driving Extreme Efficiency and Effective Cost Savings. Elsevier.
James F. Broder, G. T. (2011). Risk Analysis and the Security Survey. Elsevier.
Shah, Z. H. (2013). Windows Server 2012 Hyper-V: Deploying the Hyper-V Enterprise Server Virtualization Platform. Packt Publishing Ltd.
Sloan, J. D. (2001). Network Troubleshooting Tools. O'Reilly Media, Inc.
