Windows Server Deployment Proposal

Windows boniface Deployment ProposalContoso Advertising has two locations. The main target location is in Pensacola, Florida (FL) with a minorer land post in Casper, Wyoming (WY). twofold hosts get out be distri exactlyed through with(predicate) prohibited these sites to support the various go requisite by individually surgical incision. Throughout the growing opening, in that location allow in ab initio be 90 employees distributed into five parts between the two sites. Contoso has a small Executive subdivision of 9 personnel, 15 employees in the Accounts and Sales plane section, 49 personnel provideing the Creative, Media, and Production department, 12 members of the Human alternatives and pay department and 5 IT employees. As FL is Contosos main site, the majority of employees leave alone be based at that place with one-third of from each one department working out of the WY site to carve up company responsibilities between locations.Windows emcee 2012 pull up stakes be the Operating organisation (OS) deployed to all waiters in spite of appearance the make-up due to a a couple of(prenominal) severalize features. Firstly, the hold of PowerShell inside Windows innkeeper 2012 go away be very grand to the eliminatement of Contosos interlocking. Microsoft has vastly increased the number of on tap(predicate) PowerShell cmdlets to allow for much than robust doment from the command line (Otey, 2011). This bequeath allow the IT staff to manage company as clubs via command line larboard and script out a majority of routine net instruction duties. Furthermore, Microsofts legion director utility can remotely manage multiple servers, up to c at a single time (Microsoft, 2013). This pass on allow the IT employees to manage the entire organization remotely without physically visiting each server as rise up as eliminating the need for the Remote Desktop communications protocol (RDP) for charge tasks. These two features in particular ordain simplify the mesh topology management for Contosos small IT support staff passim both sites. some otherwise(a) features such as the use of Storage Tiers bequeath be kind of impactful for drug users end-to-end the organization, particularly the employees in the Creative, Media, and Production department. These ar just a few features that Contoso can take advantage of within their organization.Deployment and legion ConfigurationsContosos meshing pull up stakes be constructed with 24 total servers throughout the enterprise to overcompensate organizational growth over the next few years small-arm being configured to befool robust failover solutions. This lead be through to go over the company can recover from any single ill fortune plot of land still fulfilling their organizational goals. Services for Contosos daily operations, such as cranial orbit Controllers, Dynamic Host Control Protocol (DHCP), body politic call up Servers (DNS), file servers, weathervane servers and print servers give be provided by these servers. In sum total, both sites will be mirrored to allow each site to function if the WAN link between the sites happens to go d profess, but as well as for organizational purposes and ease of management by the small IT department. If machineed properly, Contosos enterprise profits can scale to their expected growth while having fabulously proud reliability.The main FL site will suck up two field of view Controllers FL_DC1 and FL_DC2. The primary domain controller, FL_DC1, will be configured to imbibe Domain Name Services (DNS), Dynamic Host Control Protocol (DHCP) as well as performing the role of Domain Controller. FL_DC2 will be a copy of FL_DC1 and will act as a fireman in case of corruption or server adversity. Both Domain Controllers will run the Server join version of Windows Server with the pictorial user interface (GUI). The agile Directory role will need to be installed to provide D irectory Services along with being able to organize and manage the organization through the use of free radical form _or_ system of government discussed later in the device. Additionally, FL_DC2 will be designated as a Global Catalogue to avail in any type of searching to be do throughout the other site, decreasing the commove on the primary DC. A sound chart of needed servers and their intended purpose can be seen below.ServerRoleLocationFL_DC* direct/Secondary Domain Controller/DNS/DHCP ServerPensacola, FloridaFL_FS_HRF* primary winding/Secondary HRF deposit ServerPensacola, FloridaFL_FS_CMP*Primary/Secondary CMP File ServerPensacola, FloridaFL_FS*Primary/Secondary File Server/Print ServerPensacola, FloridaFL_MX*Primary/Secondary Mail ServerPensacola, FloridaFL_WWW*Primary/Secondary web ServerPensacola, FloridaWY_DC*Primary/Secondary Domain Controller/DNS/DHCP ServerCasper, WyomingWY_FS_HRF*Primary/Secondary HRF File ServerCasper, WyomingWY_FS_CMP*Primary/Secondary CMP Fi le ServerCasper, WyomingWY_FS*Primary/Secondary File Server/Print ServerCasper, WyomingWY_MX*Primary/Secondary Mail ServerCasper, WyomingWY_WWW*Primary/Secondary Web ServerCasper, WyomingAs the Human Resources and pecuniary resource department will be dealings with highly sensitive financial information for the company, they will have their own exclusive file server, FL_FS_HRF1, which will be backed up to FL_FS_HRF2. affluent backups will be conducted weekly with diametricalial backups occurring every night. Sh ars will be hosted on this server with permissions utilize to completely allow members of the Human Resources and finances department access to any resources on it.The other department to have their own dedicated file servers is the Creative, Media, and Production employees. Similar to the Finance department, on that point will be a primary server and a backup, FL_FS_CMP1 and FL_FS_CMP2. These servers will overly follow the same backup schedule as the Finance departm ent as well as having its share accesses locked down to only those employees within the department. Storage pools will be created to implement retentivity points on the primary file server. Multiple traditional mechanical hard plough drives (HDD) and solid state drives (SSD) will be assigned to the storage pool. The SSD tier will be configured to house the most frequently accessed data while the HDD tier will house data accessed less often. The storage tier optimization task will be scheduled to run every evening during off hours.The rest of the personnel at the FL site will use a single file server FL_FS1, which will also be backed up to FL_FS2 in a expressive style similar to the Finance and Creative departments. Storage on this server will be split among the other departments and quotas will be implement utilize the File Server Resource Manager (FSRM). Using this method of quota management will allow the IT department to centrally control and monitor the daily storage resou rces and generate storage reports to analyze disk usage trends (Microsoft, 2008). Users will be set up for home folders nested under their respective department share with access being granted only to those members of the department, and each user of that department only having access to their own personal folder through application of NTFS permissions. Users will all be given the same center of space initially and expansion requests will be scrutinized. Due to the more advanced features of FSRM as compared to NTFS quotas, administrative notification scripts can be set to run when a user nears their allocated quota limit (Microsoft, 2008). The IT department will implement a semi-automated process with administrative scripts once these quotas are met to trigger a quota increase request process. All file servers in the network will be installed with Server Core with the GUI.Having a public presence on the internet will be crucial for Contoso to gain new clients and allow their busine ss to grow over the next few years. Company postal service servers will also be needed to communicate internally and interface with their customers as well. The FL site will have their own dedicated mail service and web servers, with FL_MX1 and FL_WWW1 acting as primary, and FL_MX2 and FL_WWW2 being mirrored backups for their respective roles. These servers will run the Server Core edition of Windows Server 2012 because of its stability improvements as well as it being inherently more skillful than other editions of Windows Server due to far less running services than adequate GUI versions (Microsoft, 2017). Public facing assets, such as mail or web servers, are often the counterbalance point of cyber-attacks and Server Core will decrease the attack footprint.The WY site will have the contain same configuration as the primary FL site as seen in the network diagram below. Backup solutions and speck tolerance were built-in to this proposal to pr payoff downtime for the network and impede monetary loss for the company. In the event that any one node within the network fails, Contoso can stick with their day to day operations while resolutions are phraseed and employ by the IT department. This configuration was chosen to have the maximum reliability and fault tolerance which will be crucial for a growing organization. A simplified diagram of Contosos network can be seen below to enlarge how their network could be structured to accomplish the goals of this deployment proposal.NETWORK DIAGRAMActive Directory and Group PolicyContosos network will have two domains within a single forest, one for each site. The FL site will be contoso.com and the WY site will be north.contoso.com with each new site that Contoso builds in the future following a similar structure. Domain Controllers will be move in each site for management within their domain. organisational Units (OU) will be apply for organization with Active Directory with each department having their ow n OU nested under their domain. Active Directory objects will be created for each user and will be organized by job role and placed into their respective OUs. Computer objects within Active Directory will follow a similar structure. This is to ensure proper organization, application of Group Policy, and ease of network management throughout the domain.Software programs needed throughout the organization will be deployed through the use of group insurance, if the number of employees that require it are high enough or it is not feasible for the IT department to physically visit every computer for installation. This can be done with the group policy management console within Windows Server. Packages can be configured that will deploy .msi files and will be installed upon next computer reboot, if the policy was configured under the computer configuration section of the GPO management editor. Programs manage Adobe Reader, Photoshop, and QuickBooks could be deployed to contrasting depar tments while Wireshark or Zenmap could be deployed to different servers throughout the network for traffic analysis. Software restriction policies will also be use in the domain as they will be able to control execution of software at the discretion of the network administrators (Microsoft, 2004). Using these policies, the IT department can configure the environment to prevent wildcat programs at their discretion based on a hash, certificate, path, or order identifiers.To maintain a high level of security throughout the enterprise, a strong password policy will be strictly enforced. dependable passwords that are often changed will be used as passwords are continuously vulnerable, especially during password assignment, management, and use (Microsoft, 2017). Contoso employees will be necessary to have a password of at least 10 characters in length with a mixture of mixed case characters, special characters, and numbers. countersignature age thresholds will be set in the password policy for a maximum age of 45 age and a negligible age of 30 days. A password history of 10 will be set to prevent users from cycling back to previously used passwords quickly. This will ensure that if any user credentials are compromised, they routine be of use to an undetected malicious user for long.In addition to the general password policy just discussed, the administrators will also be subject to a fine-grained password policy for security reasons. close-grained password policies will allow for multiple password policies to affect different users throughout a domain (Microsoft, 2012). Contoso will be able to use this feature of Windows Server to enforce stronger password restrictions upon select users, the IT department in this situation. Additional complexity, password history, minimum and maximum password ages, as well as increased password length requirements will be enforced upon these employees to protect the corporate network. In the event of a network breach, accou nts with high power or permissions, such as the members of the IT department, will be the first group to be targeted by malicious users. By having frequently ever-changing and complex passwords, this will increase the time for passwords to be cracked as well as shorten the available time for them to be used by malicious cyber actors.Additional security measures to be enforced will include the disabling of user accounts after 10 days of no activity. Account deletion will occur after 30 days of inactivity, unless prior arrangement is made through the IT support department. This will be done to ensure access to network and company resources remain secure from malicious attacks. Furthermore, account logon hours will be applied as decided by the employees regular work hours with an hour of buffer time at the start and end of their regular work day.In addition to the ironware firewalls already in place, the use of Windows Firewall will be applied to each computer within the organization through group policy and rules will be tailored to each department. For example, outbound traffic from the Human Resources and Finance department user workstations to the Creative, Media, and Production file server will be blocked. Special precautions for the public facing infrastructure, such as the mail and web servers, will have extra restrictions placed on them for redundant security. For example, elect(postnominal) ICMP traffic from the public internet will be blocked to prevent against Denial of Service (DOS) attacks. Windows Defender will also be prompt on all employee workstations throughout the enterprise as well as all servers. The right configuration of the hardware and software firewalls and Microsofts security reaping should protect Contoso from numerous cyber threats. These are just a few policies dictated out to begin the hardening of the network and the IT department will develop others as they see fit.Print ServicesThe print and document services role will be installed on the primary file server at each site, FL_FS1 and WY_FS1, with multiple print devices located throughout the environment. Specifically, there will initially be two print devices located within each department to accommodate printer pooling as a heart of load balancing the print jobs between the many users. Any employee will be able to print to other print devices outside of their department, but they will have a lower priority than employees utilizing their own department resources.DNS and DHCPIPv4 addresses will be used throughout the organization for simplicity of management as that is still widely used today. In the future when Contoso grows and globular adoption rates of IPv6 increase, reconsideration of addressing will take place. As there will be many network-critical devices throughout the enterprise network, such as file servers, printers, and domain controllers, these computers will all be assigned stable IP addresses rather than have DHCP reservations. This will be done to ensure that critical devices are always reachable in case of a DHCP failure. Other devices such as employee workstations, company laptops, or other planetary devices will have address management performed through the use of DHCP. Scopes will be configured to have lease durations of 16 hours. This will ensure that an address assignment covers a full work day while still being short enough to prevent the pool of available addresses from running low from mobile devices entering and leaving the network throughout the day. DNS and DHCP services will be handled by the primary domain controllers of each site, respectively. Those servers will also act as a backup for their babe servers in the opposite site for failover solutions in the event of server failure or corruption. The 80/20 rule will be applied within each scope the primary DHCP server provides roughly 80% of the addresses within its scope with the secondary providing the remaining addresses. This will be done t o provide address assignment in situations where the primary DHCP server is uneffective to fulfill its services (Microsoft, 2005).SummaryIn summary, the network infrastructure and hardware will be set up at both sites in a mirrored fashion to provide ease of management for the IT department in addition to allowing for easy growth over the next few years. The multiple domains and logical structure of active directory will ease the burden of organization and administration of the enterprise network. Each server will have a dedicated backup server for cases of machine failure, corruption, or other disaster. Security practices such as the password policy, use of Windows security software, and additional firewall restrictions will ensure that the company sensitive business matters are protected. Estimating conservatively, the IT department could complete the initial setup within a week. While this network deployment may seem excessive, Contoso Advertising is a growing enterprise that re quires a solution that will be able to scale as their organization grows.ReferencesManage Multiple, Remote Servers with Server Manager. (2013, June 24). Retrieved January 10, 2017, from https//technet.microsoft.com/en-us/library/hh831456(v=ws.11).aspxMicrosoft. (2008, January 21). File Server Resource Manager. Retrieved February 01, 2017, from https//technet.microsoft.com/en-us/library/cc754810(v=ws.10).aspxMicrosoft. (2017). Why Is Server Core Useful? Retrieved January 18, 2017, from https//msdn.microsoft.com/en-us/library/dd184076.aspxMicrosoft. (2017). Configuring countersign Policies. Retrieved February 09, 2017, from https//technet.microsoft.com/en-us/library/dd277399.aspxMicrosoft. (2005, January 21). Best Practices. Retrieved February 20, 2017, from https//technet.microsoft.com/en-us/library/cc958920.aspxMicrosoft. (2012, October 19). AD DS Fine-Grained word Policies. Retrieved February 25, 2017, from https//technet.microsoft.com/en-us/library/cc770394(v=ws.10).aspxMicrosof t. (2004, May 25). Using Software Restriction Policies to Protect Against unaccredited Software. Retrieved February 25, 2017, from https//technet.microsoft.com/en-us/library/bb457006.aspxEEAAOtey, M. (2011, October 17). Top 10 New Features in Windows Server 2012. Retrieved January 10, 2017, from http//windowsitpro.com/windows-server-2012/top-10-new-features-windows-server-2012