Below is a project for my Windows Server Administration Course. This was the first course of the kind I have taken. Let me know what you think.
Summary
Servers are the backbone of an organization. The implementation and configuration of a server network can determine the prosperity or failure of a business. After reviewing the needs of Worldwide Advertising Inc., I have come up with what I think is the best solution.
I will be covering infrastructure server roles such as: DHCP and DNS, which work behind the scenes, to the application servers which give life to your advertising dreams. I have prescribed an active directory schema that will require effortless management. I have proposed a File and Sharing implementation that suites a growing enterprise as well as state of the art data storage. I have also noted some preliminary estimates of scheduling and manpower required for the solution.
Deployment and Server Edition
Throughout the infrastructure the most advanced server operating system, Windows Server 2008 R2, will be used. Enterprise edition will be leveraged on all servers, because it has 4 virtual licenses per OS. To increase reliability and security Server Core will be on all servers. There will be a total of 10 servers for the Worldwide Advertising Inc. internal network. The majority of the servers will be managed from the Los Angeles main office while four servers will be located at the New York branch. All 35 desktops will run Windows Vista Service Pack 1 for its’ operability with the network and specifically Terminal Services Web Access. Thirty terminals will be utilized to satisfy the current employees’ needs, and five desktops for backup. (Zacker, 2009)
All servers and operating systems will be installed using image files remotely from a master computer through Windows Deployment Services (WDS). Windows Deployment Services role will make the installation of 45 operating systems dramatically faster than sitting behind each console or desktop. Windows Automated Installation Kit (AIK) needed to install Windows System Image Manage (SIM) for answer files, which can be downloaded from the Windows website. Answer files will be created with Windows SIM from a technician computer and will express the install process as well. (Zacker, 2009)
The configuration settings of Windows SIM are as follows: select standard core/enterprise core edition install image, create new catalog file, new answer file, UILlanguage =<English> for both install and setup, AcceptEula=true, Product Key =<product key>, WillShowUI= OnError, Product Key=<product key>, DiskID=0, WillWipeDisk=true, Extend=false, Order=1, Size=45000, Type=Primary, Active=true, Extend=false, Format=NTFS, Label=<EntOS_install><StdOS_install>, Letter=<C>,Order=<1>, PartitionID=<1>, InstallToAvailablePartition=true, ForceShutdownNow=false, Mode=<oobeSystem>.The unattended answer files settings are as follows: Input, SystemLocale, UILanguage & UserLocale=<English>, HideEULAPage=true, ComputerName=<Comp1>, Value=<password> (Zacker, 2009)
The server roles will be distributed in a way that will take advantage of fault tolerance, resource allocation, availability, and security. (Zacker, 2009)
Server
|
Roles
|
Location
|
Edition
|
Virtual SERV1
|
WDS
File & Sharing services
Print Services
|
LA
|
Enterprise
|
SERV2
|
Main DHCP
Primary DNS
Main Active Directory (DC)
|
LA
|
Enterprise
|
Virtual SERV3
|
Split Scope DHCP
Application Service
Terminal Services
Webserver IIS 7.0
|
LA
|
Enterprise
|
SERV4
|
iSCSI Fail-over SAN
|
LA
|
Enterprise
|
Virtual SERV5
|
iSCSI Fail-over SAN
|
LA
|
Enterprise
|
Virtual SERV6
|
File and Sharing
Application Services
Backup AD
Print services
|
LA
|
Enterprise
|
Virtual SERV7
|
DHCP Relay Agent
Primary DNS
Active Directory (RODC)
|
NY
|
Enterprise
|
SERV8
|
DHCP Relay Agent
Application Services
Terminal Services
Webserver IIS 7.0
|
NY
|
Enterprise
|
Virtual SERV9
|
DHCP Relay Agent
Print Services
File and sharing
|
NY
|
Enterprise
|
Virtual SERV10
|
File and Sharing
Applications
iSCSI local SAN
|
NY
|
Enterprise
|
The foundation of placing workstations and servers, and deploying OS image files could be completed in a day with one or two system administrators.
DNS and DHCP
A hybrid DHCP infrastructure will be used with relay agents. This will save on expense and administrators time. The ideal solution would be a main and backup DHCP at the main LA office and several relay agents at the NY branch office. This would free traffic from the WAN link between. To further prevent excessive network traffic at each site I will implement automatic allocation of IP addresses. There is a solid network layout with large subnets for each department to grow. Fault tolerance for the DHCP network will be accomplished using the 80/20 configuration for scope splitting. The address range is 10.0.0.1-10.0.1.200, on main DHCP the exclusion will be 10.0.0.1-10.0.0.90, and the split scope DHCP exclusion will be 10.0.0.91-10.0.1.200. On all the relay agents at the New York branch will be configured to use boot threshold to ensure that DHCP clients always obtain their address from the local server. A hybrid DHCP for Worldwide Adverting should take a couple hours to configure and test, and could be completed by one system administrator. (Zacker, 2009)
Active Directory
Proper practice with domain controllers requires a minimum of two per active directory. At Worldwide Advertising there are two domain controllers, one per site. I have placed a main domain controller and backup at the Los Angeles office and a Read Only Domain Controller (RODC) at the branch office for efficiency. Placing a RODC at the branch site will free the WAN link of unnecessary traffic. Active Directory Integrated Zones will be used so that DNS replication traffic can be processed through the Active directory. The domain controllers have universal scope. (Zacker, 2009)
The parent domain is WAI.local with the child domains for each site respectively LA.WAI.local and NY.WAI.local. Departments have been established as organizational units containing all employees at both sites. Organizational units are as follows: Executive, HR, Accounting, Sales, Finance, Production, IT, Computers and Users. The Group scope for the OUs is global because they encompass all employees at two locations. NTFS and share permissions will be configured strictly to prevent financial data from departments other than those who direct work with the data. The head administrator will have Full Control over permission changes for users and can make changes on a by case basis as he/she sees fit. The Active Directory schema for Worldwide Advertising Inc. would take about a couple hours at most and could be accomplished by one administrator. (Zacker, 2009)
Applications
Applications will be server based and available using terminal services architecture through Microsoft Systems Management Services (SMS). Remote Desktop Services has many advantages over Group Policy deployment which include: low bandwidth consumption, easy configuration and updates, reduce client hardware requirements, conservation of licenses, no client backups and power savings. In the Remote Application Manager, run and install the .msi files for each application to add them to your options in the remote app wizard. Applications will be distributed by Web Access for intranet use through port 3389. From both offices, clients will just simply click on Internet Explorer on their workstations to access the applications needed. In order for web access to work properly IIS 7.0 component will need to be installed. All the client machines are equipped with RDC 6.0 with ActiveX control because they have Vista OS service pack 1. (Zacker, 2009)
The applications that will be available for the clients to leverage through web access are; Microsoft SharePoint 2010 that includes Word, PowerPoint, Access, Excel, and Outlook, Adobe Creative Suite 5.5 Master Collection, and Inuit QuickBooks Pro. To avoid legal issue while being audited the applications will need volume licenses. Updates to SharePoint are available through Windows Server Update Services (WSUS), to update the other applications a third party EminentWare WSUS extension pack is needed. Applications for the whole network could be run and installed as well as tested in a couple hours by one system administrator. (Zacker, 2009)
An Internet-facing web site will be possible using SharePoint 2010. Content will be written in XHTML and CSS to comply with standards. ASP.Net framework is needed for master pages and IIS 7 that is already installed for remote desktop. Anonymous access will need to be turned on a server level and site level. Lockdown mode will need to be setup to block visitors from viewing sensitive pages or other data. From start a web site to when it is published, I would give a programmer a couple weeks. (Olson, 2010)
File and Printer Sharing
File Services for Worldwide Advertising uses the recommendations from Microsoft. Clients will be given a home folder for private storage, a shared folder for collaboration and a collaborative workspace through SharePoint. Shares will be spilt up among two servers at both sites, making a total of four servers for the network installed with file services. By placing a local file services at each site allows for toleration if the WAN link fails and minimizes WAN traffic as well. The file system will also need to be synchronized to insure both sites have all the current data. Synchronization will be accomplished with DFS replication which works with DFS namespace and Remote Differential Compression (RDC). RDC reduces the bandwidth needed by transmitting only the changes to the files. (Zacker, 2009)
Distributed File Services (DFS) will be implemented to appear as a single unified directory for the users’ convenience and provide consistent backups. The DFS will be a domain-based namespace to increase availability and because the implementation is using multiple servers. The namespaces root will use the convention mentioned above with shared folders named shared and private files home with users account name. Account names will be in the first name initial followed by four letters of the last name. If there are multiple names that are the same a sequential number will be added. (Zacker, 2009)
In order to monitor and regulate file storage File Server Resource Manager will be utilized. Each Client will be allotted 1000 MB limit. In the settings soft quotas will be configured to alert administrators and users that they have reached 90% threshold of their allotted storage. File Screens will be configured on shared and public folders to prevent saving executable files, which will increase security. Since the company’s business is advertising, the users may need to save audio and video files, so a file screen to prevent that would impede productivity. File and Print sharing can be setup and successful in a couple hours as well with only one system administrator. (Zacker, 2009)
Print services with be available through the Remote Desktop infrastructure already in place for applications. This will be efficient because the productivity suite uses the intranet framework as well. For the benefit of allowing an administrator to manage to print jobs, consider network-attached printer sharing. This will cut out the time users may have to wait if an error occurs that needs attention from an administrator. Print Services for a small organization can be configured and tested in a couple hours by one system administrator. (Zacker, 2009)
Storage
Storage is very important for this organization. Advertising denotes tons of space needed to save audio, video and other large files, so skimping on storage would be a bad idea. I recommend the storage and file servers have ample enough storage to keep business running smoothly. A preliminary estimate of working storage need is 15 TB total between the two sites. Disk Management snap-in will be helpful during this process. All drives in the network will be configured with NTFS and the GPT partition style to improve integrity. All local drives will have dynamic disks and have simple volumes. (Zacker, 2009)
Bulk storage will be configured in a storage area network (SAN) at the Los Angeles site. Data from the New York site will be transmitted to the LA site via the iSCSI network. RAID 5 will be implemented on drives because it can tolerate a loss to anyone of the drives. The storage infrastructure will use iSCSI technology. Initiators and targets must be put in place; I recommend the hardware versions of iSCSI initiators and targets. Hardware versions do not take up system resources like the software-based initiators and targets. Internet Storage Name Service provided by Windows Server 2008 is the next step for the targets and initiators to locate one another. Storage manager and storage explorer enable setup of the SAN servers. Fault tolerance is paramount, so a fail-over cluster for the SAN network will be used for all the data in the organization. In order to accomplish this, two enterprise version servers, and three NIC cards per server are needed. The add features wizard will simplify the process and allows testing afterward. Storage and backup solution could be up and running in a couple hours as well with one system administrator (Zacker, 2009)
Schedule and Manpower
This full implementation for Worldwide Advertising Inc. will take a week with two system administrators. One administrator is needed at each site at a minimum. If you had more manning this solution could be implemented and ready for use in two days tops.
Conclusion
In Conclusion a reliable server implementation is vital to the success of a business. The server network must be aim to; decrease unnecessary traffic, increase availability, and improve productivity. Infrastructure servers are just as important to an organization as the application servers. The Active Directory schema helps to manage security of resources and distribute group policy down to the users. Ample storage solution and logical collaborative file system will increase efficiency because users will not have to search for space for their files. I believe this solution will bring much success to Worldwide Advertising Inc. and restful nights to its system administrators.
Bibliography
Olson, E. (2010, March). Designing an Internet-Facing Web Site Using SharePoint 2010. (Microsoft) Retrieved Oct 2011, from Channel 9: http://channel9.msdn.com/Events/MIX/MIX10/PR02
Zacker, C. (2009). Windows Server 2008 Administrator (1st ed.). (C. Zacker, Ed.) US: John Wiley & Sons, Inc.
Can you tell what grade have you got?
ReplyDeleteTechgirl thankyou for the post. your rock!
ReplyDeleteI just Love This!
ReplyDeleteGet Blazing Fast New York Dedicated Server For Affordable Price Here - THESTACK.NET
ReplyDeleteGet Blazing Fast Los Angeles Dedicated Server (Asia Optimized) For Affordable Price Here - THESTACK.NET
ReplyDeletededicated servers los angeles365 Hosting Services is providing hosting and dedicated servers in Los Angeles. If you need a solution to dedicated servers in Los Angeles Visit for the info - 365hosting.services
ReplyDelete