Operating System and Microsoft

Deployment and Administration - Windows Server 2012

Deployment and Server Additions

The number of servers required the roles to be combined.

Server Requirements:

Careful evaluation of present and projected activity considerations helps decide the server configuration. The number of servers required will correspond directly to the amount of functional data handling for the next three to five years. If a growth of 33% is projected, then it would be prudent to use a RAM of 16 GB in the physical server. Generally, it is good enough practice to start with a 12 GB RAM in a virtual operation computer, and monitor for the need to upgrade as the project and operations expand (Serhad MAKBULOGLU, 2012).

Component

Estimate Memory (example)

Base Operating System Recommended RAM (Windows Server 2008)

2 GB

LSASS internal tasks

Monitoring Agent

Antivirus

Database (Global Catalog)

GB

Cushion for backup to run, administrators to log on without impact

1 GB

Total

12 GB

Table 1: Calculation Summary Example

If the server is based on the premises, this user would require approximately 7.5 MB of external bandwidth every day. There should be a little more added to cater for protocol overheads. This means that the overall figure would round up to about 8MB. In an 8-hour working day, this figure adds up to an average of slightly over a quarter of a kilobyte per second for 8 hours. The rate, thus, would support thousands of users; even on a slow connection. However, such calculation is superficial and misleading (as regards data requirements), because it ignores many practical factors that affect performance; for example, if there is an on-premise mail system, there is a good chance that it will handle lots of spam mail. Spam generally outnumbers actual mail by up to 9 times. In other words, if the firm receives 8 MB of actual mail, it should also expect up to 72 MB of spam. The consequence is that the bandwidth requirement pushes up to 2-7 Kbps. Thus the connection estimated to serve thousands can only now serve a couple of hundreds (Peter Bright, 2012).

ii. The edition of windows to be used for each server

The standard edition of windows; the x64 bit will be on hand. This assures that, even if your Active Directory operates on a 2003x86 architecture, and has DIT less than 1.5 GB, the template provided in this paper can be still applied and will work satisfactorily. Capacity planning must be a continuous activity. You should constantly check the level of efficiency achieved by your system and upgrade as the situation demands. Optimization level will be achieved after several hardware deployments and lifecycles as the cost of such hardware changes. For instance, when the memory goes down in, cost per core also reduces. The cost of optional storage options also changes (Serhad MAKBULOGLU, 2012).

You should also plan for peak periods of the day. You could break it into a 30 minute or one hour spans. Avoid making it higher because the actual peaks will be concealed. Using lesser spans will also be misleading. It is prudent to plan for growth in line with the passing of the hardware lifecycle over time. One option is to add hardware and upgrade in a staggered step. You may also replace everything after three or five years. Whatever option you choose, you will need to estimate the amount of load that will grow on Active Directory. If you collect historical data, it could be a handy resource in such assessment (Serhad MAKBULOGLU, 2012).

iii. Should servers be virtualized using Hyper-V?

The important element here is to make sure that the shared infrastructure can support the DC load and the other dependent resources such as the shared media and the pathways that link to it. This is a necessary precaution regardless of whether the physical domain controller is co-sharing the same media on NAS iSCSI or SAN infrastructures (as alternative servers or apps); or a guest that makes use of pass via access to a NAS, SAN or iSCSI sharing the underlying media, or even the guest a virtual disk file resident on locally shared media, or iSCSI, NAS or SAN infrastructure.

The planning activity is designed to ensure that the underlying media supports the entire load (Serhad MAKBULOGLU, 2012).

The matter is complicated by the fact that there exist several storage options with varying impact on performance. It may help you to use a multiplier of 1:10 for adjustment to different options of storage for virtualized guests that are Hyper-V. For instance, use pass-through storage, IDE or SCSI. Adjustments needed between ranges of storage options are not relevant to whether the storage is iScsi, NAS or SAN

iv. In which of the two sites will the servers be located

There will be a server in each of the two sites for purposes of security, audit and safety.

v. How will the servers be deployed?

Windows operating systems can be deployed by Windows Deployment Services. You can use a network-based installation to set up new computers. Thereby, the need for installing an operating system for each computer directly from the media you are using for installation drive can be avoided (Windows Deployment Services Getting Started Guide for Windows Server 2012, n.d.).

To install using Server Manager:

a. Click on manage

b. Add roles and features

c. Choose feature-based or role-based installation and pick the server you wish to deploy WDS

d. On the page titles select server roles, select Windows Deployment Services

e. Click next and follow the wizard to complete the process.

While you are on the select role service page, the wizard gives you the option to pick role services for installation in Windows Deployment Services. You have the options of choosing the deployment server or the transport server, or even not pick any of them.

2. DNS

i. DNS namespace design

ii. Windows operation is strongly affected by the resolution of names by DNS. If there is no elaborate name system, there is no way for users to locate the resources they desire from the network. The Domain Name System namespace should be designed considering Active Directory. The already existing namespace on the internet should not conflict with the internal namespace of an organization (DNS Namespace Planning, n.d.).

iii. How DNS will be handled for the second site

How to deploy multiple sites (Planning and Implementing a DNS Namespace, n.d.):

If your organization runs many operations and/or product lines, you can register several second-level domains for every name that you need (each domain will carry a fee). You must manage a distinct DNS for each domain when registering several second-level domains.

Alternatively, register a second-level domain and develop several subdomains below the registered second level domain.

3. Active Directory

i. The number of Active Domains

Two strategies are in use for IT engineers and administrators when deciding on domain names to use (Adam Brown, 2013).

a. An internal private domain name

Such a domain name could look like: company.internal or domain.local. A private domain is just that; one that is not available, publicly, on the internet.

b. You could also an External Public Domain Name

This looks like name.com or company.org. These names use TLDs that are recognized by ICANN. They can be deciphered by public DNS servers.

The above figure shows responsibility lines between administrative roles of IT that have been fronted as best practice (Best Practice Active Directory Design for Managing Windows Networks, n.d.)

Service Owner Roles Relationship

According to the best practice model, directory management that provides delegation of administration of data presents new administrative roles. The dashed lines, in figure 2, point to the delegation of the responsibility of directory service. They do not have to relate to the reporting structure of the organization. For instance, in this case, the DNS owner configures and provides DNS service as required by the owner of the forest and every domain owner where applicable in the forest (Best Practice Active Directory Design for Managing Windows Networks, n.d.). The owner of the forest delegates the management of all individual domains to a set of owners; site topology to site topology owners; DNS service to a DNA owner. AD creates temporary two-way trust relationship between the domains in a forest. Any computer that is linked to the network can authorize access to any group or user from any domain in that forest. Many organizations deploy several forests to meet their needs, owing to the fact that forests can contain several millions of items. There are technical reasons for the practice. Nonetheless, depending on the administrative model that your organization deploys, there arises a need to deploy two or more forests. In the initial phase of Active Directory Design, the AD architect will determine the range of forests that are ideal for your circumstances. They will also designate an owner for every forest they create forest (Best Practice Active Directory Design for Managing Windows Networks, n.d.).

a. It is the duty of the AD architect and the project manager to device a forest plan for the organization they are working for. A list of forests designated for design should be on the plan (Best Practice Active Directory Design for Managing Windows Networks, n.d.): It should also come with

a. The scope of each of the forests

b. The name of each of the forests

ii. Will there be any Read-Only Domain Controllers?

Read Only Domain Controllers, also referred to as RODCs in short are relatively new in the Active Domain Services (AD DS) in the Windows Server 2008. The RODCs are extra domain controllers for a host-complete domain. They are read-only copies of Active Directory partitions and a RO copy of contents of the SYSVOL folder. Through selective caching of credentials, RODCs addresses some of the problems that organizations can face in their branch offices and their perimeter networks; commonly referred to as DMZs. These could lack the physical security features that are a common feature in many hub sites and data centers. RODCs provide several improvements in management pointed out in this article (What Is an RODC?, 2012).

iii. How will the second site factor into domain controller placement? How will AD sites be configured?

a. Anyone who has physical access to a domain controller that is writable can launch an attack by

b. Accessing the disks if they start an alternate OS on a domain controller

c. Replacing or removing physical discs of the domain controller

d. Obtaining and subsequently manipulating a domain controller copy of the state backup.

In the AD infrastructure frame, the Domain signifies logical topology as subnets and sites signify the physical topology. A site is a physical location or a network. It may be in a separate block, building, city or even country. The stepwise guide will give an example of such a set up by providing the details of the set up and the configuration of subnets and sites. Site A and Site B. will be created and allocated relevant servers and subnets (Dishan Francis, 2015).

The environment looks like this:

Server Name

Roles

Operating System

Site

Subnets

DC1.contoso.com

Primary Domain Controller

Windows server standard 2012 R2

Site A (HQ)

192.168.148.0/24

SRV1.contoso.com

Additional Domain Controller

Windows server standard 2012 R2