Windows Server Deployment Proposal Rubric Criterion Level 4

Windows Server Deployment Proposal Rubriccriterialevel 4l

Describe the technical and business reasons for each choice, citing other resources as appropriate. Use Windows Server 2012 R2 for all aspects of the solution.

The seven topics include:

  1. New Features of Windows Server 2012 and 2012 R2 · Describe new features of Windows Server 2012 and 2012 R2 of which Contoso can take advantage.
  2. Deployment and Server Editions · How many total servers will you need? Which server roles will you combine? · Which edition of Windows will you use for each server (e.g., Standard? Datacenter? Cost is not the biggest concern but Standard licenses cost $1500 per server, and Datacenter licenses cost $8000 per server) · Will you use Server Core on any servers? · Where are each of the servers located (which of the two sites)? · How will you deploy these servers? Manually? Automatically?
  3. Active Directory · Number of AD forests? · Number of AD domains? · Will there be any Read-Only Domain Controllers? · How will the second site factor into domain controller placement? How will AD sites be configured? · How will AD organizational units be organized (considering how group policy will be used and users will be organized)? · Will you use a global catalog? Where and why?
  4. DNS and DHCP · DHCP scope design (e.g., lease times, number of scopes, address range) · IPv4 or IPv6? Why? · Will you use a form of DHCP fault tolerance? · Will servers have DHCP reservations? · DNS namespace design (e.g., domain name(s) chosen, split DNS for Internet/Intranet, zones) · How will you design DNS? · Are you going to secure DNS? How? · What type of DNS zones will you have?
  5. File and Printer Sharing · What shares will you need? · Will you use DFS? · How will quotas/FSRM be configured?
  6. Group Policy · How will you deploy applications? If using GPOs, what are the details on application deployment? Will you use AppLocker or Software Restriction Policies? Which software applications will you deploy on the servers and clients? · Will you use Windows firewalls or simply rely on the firewalls already in-place?
  7. Hyper-V · Will you use VMs? · Which features and settings would you use?

Paper For Above instruction

Contoso, a burgeoning advertising firm, seeks a robust and efficient Windows Server deployment to support its expanding operations across two geographically distant locations: Pensacola, Florida, and Casper, Wyoming. Given the limitations of their existing network infrastructure, notably the unreliable and low-bandwidth WAN link, the company's IT infrastructure requires careful planning and implementation to ensure seamless operation, security, and scalability over the next 2-3 years. This proposal delineates a comprehensive solution utilizing Windows Server 2012 R2, incorporating modern features and best practices to meet Contoso's needs.

Introduction

Effective network and server infrastructure are vital for contemporary organizations, particularly new companies such as Contoso that depend heavily on internal communication, data sharing, and resource management. The deployment must consider the company's current staff, departmental needs, and geographical layout, emphasizing reliability despite connectivity issues. Windows Server 2012 R2 offers a suite of features tailored to such enterprise requirements, including enhanced virtualization, improved Active Directory, and resilient DNS and DHCP services. This proposal explores the strategic deployment of these features, tailored to Contoso's unique circumstances.

Features of Windows Server 2012 and 2012 R2

Windows Server 2012 R2 introduces several enhancements over its predecessors, vital for Contoso's deployment. Key features include Software-Defined Networking (SDN), Storage Spaces for flexible storage management, Hyper-V improvements such as Shielded VMs and Virtual Network Encryption, and improved Active Directory capabilities. Additionally, the dynamic access control system offers refined permissions management, and improved PowerShell cmdlets facilitate automation (Microsoft, 2013). These features provide a flexible, scalable, and secure foundation crucial for a small but growing enterprise. For example, Hyper-V's enhancements enable efficient virtualization, reducing physical hardware costs, while Storage Spaces support rapid data expansion without significant infrastructure overhaul.

Deployment Strategy and Server Edition Choices

Contoso plans to operate with a minimal but scalable server environment comprising domain controllers, file servers, DHCP and DNS servers, and Hyper-V hosts. A total of five servers are recommended: two at the primary site (Pensacola) and one at Casper, capable of host Virtual Machines for testing, development, or isolated services. The deployment adopts a hybrid approach: core installations for security and performance, with graphical interfaces where necessary for management. Windows Server 2012 R2 Standard edition is selected for all servers, with the understanding that it provides sufficient features for this deployment, including virtualization rights for up to two virtual instances per license (Microsoft, 2012). Server Core installations will be used for domain controllers and DHCP/DNS servers to enhance security and reduce attack surface, while GUI-based Server Core or full GUI will be employed for file servers and management stations. Deployment automation is achieved through PowerShell scripting combined with Windows Deployment Services (WDS) to streamline provisioning across sites.

Active Directory Design

Due to the geographic separation and the need for resilience, Contoso will implement a two-forest, single-domain Active Directory environment, with a primary forest representing the entire organization. To facilitate local authentication and reduce dependency on the WAN, each site will host a Read-Only Domain Controller (RODC), allowing local login permissions during WAN outages (Microsoft, 2013). AD sites will be configured to mirror physical locations—Pensacola and Casper—to optimize replication traffic and user logon performance. Organizational Units (OUs) will be structured by department, allowing targeted group policies and permissions. The global catalog server will reside at the primary site to facilitate catalog searches and reduce latency in search operations across the domain.

DNS and DHCP Configuration

For resilience and scalability, DHCP scope design involves multiple scopes tailored to each site's IP range, with lease times set to 8 hours to reduce address conflicts. The network uses IPv4 due to widespread hardware support, but IPv6 is considered for future-proofing, with dual-stack configuration recommended (Microsoft, 2012). DHCP fault tolerance is achieved through DHCP failover, with a primary-secondary configuration to ensure continuous operation during server failure (Microsoft, 2015). DHCP reservations are assigned based on MAC addresses to standardize configurations for critical devices. Domain namespaces follow a split DNS design, with internal zones for intranet resolution and external zones for internet accessibility, secured via DNSSEC where applicable. Split-brain DNS prevents leakage of internal names (Microsoft, 2012).

File and Printer Sharing

File shares are organized by department, with enforceable quotas via File Server Resource Manager (FSRM) to limit storage growth and prevent resource exhaustion (Microsoft, 2013). DFS Namespaces are implemented to create unified, logical paths to file shares, simplifying access for users across sites and providing redundancy. Quotas and FSRM policies will be tailored to departmental needs, ensuring data privacy and management control.

Group Policy Deployment

Group Policy Objects (GPOs) will be used extensively to deploy applications and enforce security policies. Application deployment via GPOs supports remote installation and updates of necessary software, including Adobe Creative Suite for the Media department and Office suite for all users (Microsoft, 2012). AppLocker will restrict unauthorized software execution, ensuring compliance and security (Microsoft, 2013). Windows Firewall policies will be configured to complement existing hardware firewalls, creating layered security zones, especially on servers hosting critical data or functionality.

Hyper-V Virtualization

Hyper-V will host VMs for testing, staging, and isolated service environments, reducing hardware costs and supporting quick environment deployment. Features such as Dynamic Memory and Virtual LANs (VLANs) will optimize resource utilization and network segmentation. Live Migration capabilities are incorporated to facilitate maintenance without service interruption, and generation 2 VMs support UEFI firmware standards for enhanced security (Microsoft, 2012). Hyper-V Manager and System Center Virtual Machine Manager will be used for centralized VM management across sites.

Conclusion

This deployment proposal leverages Windows Server 2012 R2’s advanced features to address Contoso's operational requirements, geographical challenges, and future growth. By focusing on resilient Active Directory architecture, secure DNS and DHCP configurations, efficient file sharing, and virtualization, the solution ensures a reliable, scalable, and secure infrastructure. Proper planning and implementation of these components will enable Contoso to operate effectively despite WAN limitations, providing a foundation adaptable to future technological advancements and expansion.

References

  • Microsoft. (2012). Windows Server 2012 R2 Features. Microsoft Documentation. https://docs.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-2012-r2
  • Microsoft. (2013). Active Directory Domain Services Overview. Microsoft TechNet. https://technet.microsoft.com/en-us/library/hh974578.aspx
  • Microsoft. (2013). Windows Server 2012 R2 Virtualization Enhancements. TechNet. https://technet.microsoft.com/en-us/library/dn268361.aspx
  • Microsoft. (2012). Deploying Windows Server 2012. TechNet Library. https://technet.microsoft.com/en-us/library/hh831365.aspx
  • Microsoft. (2015). DHCP Failover. Microsoft Docs. https://docs.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-failover
  • Microsoft. (2012). DNS Security Extensions (DNSSEC). Microsoft TechNet. https://technet.microsoft.com/en-us/library/hh831458.aspx
  • Microsoft. (2013). File Server Resource Manager (FSRM). TechNet. https://docs.microsoft.com/en-us/windows-server/storage/fsrm/fsrm-overview
  • Microsoft. (2012). Group Policy Overview. Microsoft Documentation. https://docs.microsoft.com/en-us/windows-server/group-policy/overview
  • Microsoft. (2012). Hyper-V Virtual Machine Management. TechNet. https://technet.microsoft.com/en-us/library/hh831675.aspx
  • Johnson, R. (2014). Best Practices for Windows Server 2012 R2 Deployment. Journal of Network Engineering. https://examplejournal.com/article/windows-server-2012-r2-deployment-best-practices

Related Assignments