Active Directory Infrastructure

198 views 8 pages ~ 1980 words Print

Because to the production of new versions of current technologies and the extension of Windows Server 2008 R2 component capabilities, Windows Server 2012 has adopted a more supportable, adaptable, and intuitive experience for architects and administrators. Integration of a new domain into an existing forest necessitates the introduction of new features in Windows Server 2012, such as AD DS, which is key to the new Server Management Architecture. This addon enables for remote deployments (Desmond et al., 2008). The AD DS deployment and configuration engine is the Windows PowerShell and is applicable even with graphical setup. The Server 2012 has been configured to conduct prerequisite checking for the validation of the forest and domain readiness that creates room for new domain controller hence lowering the chance of failed promotions. The importance of this feature is that unlike the previous twelve dialogs contained by the graphical configuration of new replica domain controller, the dialogue box in the Server 2012 contains eight dialogues. Another feature that would enable successful creation of a new Active Directory forest is a single Windows PowerShell command that is fed with the name of the domain.

How will Forest Functional Levels be implemented?

Functional levels are an extension of the mixed mode and the native mode concepts that were introduced in Microsoft Windows 2000 Server to activate new Active Directory features. The newest functional domain features are implemented to higher levels if domain controllers are running the newest version of windows server operating system. International Marketing Inc. should therefore meet this provision and ensure that the domains in the forest run the Windows Server operating system that corresponds to the desired forest functional level (Saxena et al., 2012). The functional level cannot be raised using a domain controller of an earlier version than the version mean for the level that is destined for raising. For instance, the Windows Server 2008 functional level requires that all domain controllers have Windows Server 2008 for compatibility or a later operating system installed in the domain or in the forest. These restrictions are given because the features often change the communication between the domain controllers, or because the features change the storage of the Active Directory data in the database.

How will cross-forest trusts be implemented?

The parent domain in Houston, TX is linked with a child domain in Richmond, VA on what is called forest two-way trust relationship because it is a transitive trust allowing both firms to use the same domain (Desmond et al., 2008). Creation of the trust is made possible by establishing a name resolution which is then configured and tested for connectivity between the extreme ends of the two domains. Once trust affiliation is configured, the resource administrators between the two firms will be in a position to configure permissions, privileges and rights to the trusted forest users.

How will replication be handled?

Cloud-hosted requests and services are often arrayed to several datacenters. This methodology is in a position to moderate network inactivity for internationally located users. It also has provisions of comprehensive failover ability in case one deployment or one datacenter is inaccessible. In order to realize the best results, data utilized by a given application ought to be positioned close to where the application is deployed, so that replication of this data in each datacenter is enabled. The process of synchronization is done by applying these modifications to every copy of the data if there are data changes.

On the other hand, the organization can also build a hybrid application or service solution that stores and retrieves data from an on-premises data store hosted by your own organization. For example, an organization may hold the main data repository on-premises and then replicate only the necessary data to a data store in the cloud. This can help to protect sensitive data that is not required in all applications. It is also a useful approach if updates to the data occur mainly on-premises, such as when maintaining the catalog of an e-commerce retailer or the account details of suppliers and customers.

Read-Only Domain Controllers - how will they be used?

By selectively caching credentials, RODCs will be used to address some of the challenges that the parent domain in Houston, TX can encounter in its branch offices in Richmond and its perimeter networks (also known as DMZs) that may lack the physical security that is commonly found in datacenters and hub sites.

File and Storage Solutions

Will BranchCache be used? Why/Why not?

BranchCache is a wide area network (WAN) bandwidth optimization technology that is included in some editions of the Windows Server 2012 and Windows 8 operating systems, as well as in some editions of Windows Server 2008 R2 and Windows 7 (Desmond et al., 2008). It helps in the optimization of WAN bandwidth when users are accessing content on remote servers hence applicable to the IMI. It does so by copying content from the main office or hosted cloud content servers and caches this content and branch offices hence enabling customer computers at branch sites to access the content locally rather than over the WAN.

How can Dynamic Access Control benefit the organization?

Dynamic Access Control is configured in Windows Server 2012 to aid in data governance across all file servers and control who can access information and audit all the activities that have passed through the servers. It also allows for the application of RMS protection. The incorporation of Automatic Rights Management Services assists in encryption of sensitive Office information.

What about storage optimization?

Storage optimization is known as an ongoing effort that maintains optimized placement of business data across all spectrums in the storage infrastructure. Having completed all the technical procedures such as storage, networks and servers through visualization, data storage optimization comes next so that the group meet greater data efficiency

Disaster Recovery

How can Windows Server Backup be utilized?

In recovery of lost files, volumes of data, and folders. The backup can also be used to perform system state and operating system recoveries and also in the arena of moving backups offsite for disaster protection.

Will the organization use Volume Shadow Copies?

Yes. This is because the installation of the Shadow Copies feature protects the company from losing important files deleted accidentally within a share network since the company share a single domain. Shadow copies allow users to view previous sessions and files.

DNS and DHCP

How had DHCP installation and authorization been implemented?

The company first configures the server with a static IP address before installing the DHCP service on the network server.

DHCP scope design (e.g., lease times, number of scopes, address range)

The scope harbors many IP addresses for enabling dynamic assignments to those hosted in a given subnet. The IMI scope is determined by the network address of the broadcast DHCP request. The organization therefore configures parameters to be assigned to client computers when the address is assigned to DNS servers, default gateways, IP routing information, and subnet masks.

Will DHCP reservations be used for servers?

It is expected that some machines within the organization might need static IP addresses hence in this scenario, reservations are necessary for these devices whose IP addresses remain constant within the DHCP address pool so that the activity prevents other machines from leasing the same IP address.

How can IPAM be utilized?

The parent domain in Houston, TX will have its Grid member configured with IPAM for Microsoft license. This will ensure Microsoft data is sync to the Grid and all the IP addresses for the organization will automatically get managed with necessarily doing things the administrative way. This enables the synchronization to be configured for read only or read write.

How will IPv6 be utilized?

Internet Protocol Version 6 (IPv6) is a replacement of IPv4. This is a network layer protocol that permits data communication over a packet switched network. Sending and receiving of data between two nodes in a network is what is called packet-switching (Kuz et al., 2002). Due to the large number of employees the IMI will utilize IPv6 since it allows an almost limitless number of unique IP addresses. This is enabled by the increased address space to 128-bit length unlike the IPv4 which had 32-bit length. This size limits threads such as IP scanning and allows a significant gain in supporting a larger payload tan IPv4 packets, thus increased throughput in the online business is realized.

How will DNS be implemented?

By configuring DNS clients to query Secondary DNS servers instead of the primary DNS servers for a zone. This would help curb the demand subjected on the primary DNS server and ensure that DNS queries for the zone are handled even if the primary server is not available.

DNS Security

DNS offers high security to the company’s data because the server contains more information than just a single server (Saxena et al., 2012). The security is assured because the server contains mail spam keys, mail routing information, and information for a variety of hosts that would assist in solving the issues if the servers handling the domain go down.

How will DNS be handled for the second site?

With secondary DNS server in place, the issues encountered by the primary DNS server such as crashing are handled because the secondary DNS serves the purpose of a backup hence the servers would still be functional hence IMI would not lose its customers.

High Availability

What implementation of Hyper-V would benefit IMI?

The new version of Windows Server 2012 Hyper-V has myriads of new features which are competitive. Virtualization has a virtual machine that store the company’s information and can only be accessed through an authorized server. The idea behind the utilization of this Hyper-V by the company is to reduce server footprints. What this means is that, unlike the initial years when companies used a lot of servers, Hyper-V will enable the organization to create servers without necessarily using the big server boxes. Of course one physical box is necessary for hosting the virtual machine but this one box can still host numerous virtual machines ranging from 10 to 30.

Network Load Balancing

Active Directory Certificate Services

Will AD Certificate Services used in both domains need to be modified?

The Certificate services need modification because they help create or rather generate an extension of Public Key Infrastructure (PKI). For an organization like IMI, since it has two directory domains, its PKI ought to meet the requirements of most organizations by using a multi-tier Certification Authority hierarchy that implements an offline root Certification Autority.

Active Directory Rights Management Services

What use of AD Rights Management Services can be implemented?

To augment the security strategy for International Marketing Inc. by protecting documents using information rights management (IRM). AD RMS allows individuals and administrators through IRM policies to specify access permissions to documents, workbooks, and presentations.

Active Directory Federation Services

AD Federation Services

It runs on Windows Server operating systems and is set in such a way that it only allows single sign-in access to the organizational systems and applications across the borders. The model it uses is referred to as a claims-based access-control authorization and its objective is to maintain application security and to enhance identity federation (Kuz et al., 2002). With this in place, IMI is enabled to establish trust between two security realms in its server domains whereby a federation server on the parent domain authenticates the activities of a user on the child domain through the standard means in Active Directory Domain Services after which it issues a token containing a chain of claims about the user.

References

Desmond, B., Richards, J., Allen, R., & Lowe-Norris, A. G. (2008). Active Directory: Designing, Deploying, and Running Active Directory. “ O’Reilly Media, Inc.”.

Kuz, I., Van Steen, M., & Sips, H. J. (2002). The globe infrastructure directory service. Computer Communications, 25(9), 835-845.

Saxena, V., Doddavula, S. K., & Jain, A. (2012). Implementation of a secure genome sequence search platform on public cloud-leveraging open source solutions. Journal of Cloud Computing: Advances, Systems and Applications, 1(1), 14.

June 12, 2023
Subcategory:

Medicine

Number of pages

8

Number of words

1980

Downloads:

36

Writer #

Rate:

4.7

Expertise Data Analysis
Verified writer

Richard is the best writer for Data Science tasks, even if you have something really complex. I needed to do tasks on security matters and already had a draft. Sharing my ideas with Richard ended up in a perfect paper!

Hire Writer

Use this essay example as a template for assignments, a source of information, and to borrow arguments and ideas for your paper. Remember, it is publicly available to other students and search engines, so direct copying may result in plagiarism.

Eliminate the stress of research and writing!

Hire one of our experts to create a completely original paper even in 3 hours!

Hire a Pro