Windows Server Deployment Proposal
University of Maryland University College
CMIT 369 Windows Server: Install and Storage
Background Information – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 3
New Features of Windows Server 2016 – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 3
Deployment and Server Editions – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 4
How many total servers are needed? Which roles will be combined?
What edition of Windows will be used for each server?
Will Server Core be used on any servers?
Where are each of the servers located?
How will the servers be deployed?
Active Directory – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 5
Number of AD domains?
Will there be any Read-Only Domain Controllers?
How will second site factor into domain controller placement?
How will AD organizational units be organized?
DNS and DHCP – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 7
DHCP scope design
Will a form of DHCP fault tolerance be implemented?
Will DHCP reservations be used for servers?
DNS namespace design
How will DNS be handled for the second site?
Application Services – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 8
How will applications be deployed? If using Group Policy, what are the details on how Group Policy will be used to deploy the software? Which software applications will likely be needed?
File and Printer Sharing – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 8
What shares might be needed?
References – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 10
“We Make Windows”, Inc. is a new advertising company that desire to implement a Windows network infrastructure. WMW plans to start with 90 employees for the following departments:
Human Resources and Finances (12 employees) – perform HR and financial duties
- Executives (9 employees) – manage and run the company
- Accounts and Sales Department (15 employees) – perform market research and maintain accounts
- Creative, Media and Production Department (49 employees) – advertising
IT (5 employees) – manage IT for the company
It has established one location in Los Angeles and one in New York that already have an existing networking equipment. WMW requires the appropriate solution that is scalable to their growing demands for the next 2-3 years.
In this proposal, we will discuss the new features of Windows server 2016 that WMW can take advantage of. In addition, a listing of the deployment plan and what editions is recommended to deploy. It will also cover the recommended active directory, DNS and DHCP, application services, file sharing and print services.
New Features of Windows Server 2016
The new features that are integrated into the new Windows Server 2016 are Server Manager, Hyper-V, and Powershell Direct. With the Server Manager, administrators are able to manage multiple servers throughout the network both local and remote locations. Additionally, Hyper-V provides the ability to manage virtual machines, networks, and active directories. With the new powershell direct. the remoting commands now features a VM parameters that allows the capability to send Powershell directly into the Hyper-V virtual machines. Lastly, the Active Directory Domain Service (AD DS) has the ability to secure the Active Directory environment to include the Privileged Access Management (PAM) which helps an organization from any misuse of privileged access by allowing for a better method to monitor the network activity.
Deployment and Server Editions
The deployment of a server, it is crucial to understand the amounts of servers that are required by a business to function and for growth. WMW requires for a stable and powerful platform to be establish to for 90 employees; however, it is scalable for growth for the next 2-3 years. There will be 6 servers located at the Los Angeles site and 4 servers located in the New York site. Each server requires a license; therefore, purchases of 10 software licenses is required.
All servers will have Windows Server 2016 Essential edition installed. It provides a better method to manage domains, users and devices by adding support for multiple domain, domain controllers and the functionality to assign specific domain controller (Ge & Poggemeyer, 2016). The roles that will be combined are DHCP, DNS, file and print services that is illustrated in figure 1.
Figure 1: Roles and Location of Servers
|Server1||AD primary||Los Angeles|
|Server2||AD Secondary||Los Angeles|
|Server3||DHCP primary & DNS primary||Los Angeles|
|Server4||Application Services & WDS||Los Angeles|
|Server5||File & Print services||Los Angeles|
|Server6||DHCP secondary &Web services||Los Angeles|
|Server7||AD RODC||New York|
|Server8||DHCP & DNS secondary||New York|
|Server9||File & Print services||New York|
|Server10||Web services & Application services||New York|
Windows Deployment Services (WDS) will be utilized for the installation. WDS is a technology that will dramatically reduce the installation time by deploying Windows on multiple workstations at the same time. Therefore, a standalone server will be set in place with WDS to accomplish the tasking of loading Windows to the rest of the servers. In addition, Windows System Image Manager (Windows SIM) will be utilized to create an unattended answer file that will assist in the windows setup of Windows Server 2016 by providing component settings answers (Microsoft, 2017).
Active Directory is the backbone infrastructure of every critical enterprise of an organization. Therefore, a crash on AD could cause loss of productivity that can be detrimental to the daily operation. To ensure redundancy for continuous operation, multiple domain controllers will be set up in place for fault tolerance.
Three Active Directory (AD) servers will be setup which consists of two main domain controllers located at the Los Angeles site and the Read-Only Domain Controller (RODC) will be located at the New York site. The RODC will provide active directory services minus the security risk to save the company money for establishing two separate physical security for each site. Also, it creates a fault tolerance for the two domain controllers located in Los Angeles and vice versa. Each Active Directory will have a dedicated server for increased performance. For replication to transpire, the creation of the AD domain controllers at both sites must be established. Then, the subnet for both sites must be created to establish a site link that will connect the two sites. Active Directory Sites and Services tool will be utilized to configure the WAN link to connect the two LANs.
Figure 2: Active Directory Replication
The Active Directory organizational units must first establish site to follow by departments. Each of the following departments will have its own organizational unit such as the Executives, Accounts and Sales Department, Creative, Media and Production Department, Human Resources and Finances and IT. Group Policy Objects (GPO) will be created for each Organizational Units (OU) to be linked to the Active Directory. Additionally, each department will have permissions assigned to their respective folders to ensure that only authorized users have access. The system administrator will be the only entity to have access to all folders to provide a method to manage permissions.
Figure 3: Organizational Unit Structure
DNS and DHCP
Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) are critical for the functionality of the network because DHCP assigns IP addresses and DNS maintains the IP addresses database. DHCP must be configured for fault tolerance and load balancing. The scope design will comprise of two DHCP servers at the Los Angeles site and one DHCP server at the New York site. All of the DHCP servers will placed into failover load balance mode and configured in load balance mode. This design will allow for each server to share the load balance and take control if a server fails. A scope will have an address range of 192.168.1.2 – 192.168.1.110. DHCP reservations will be utilized for all servers to provide a faster response time and proper allocation of IP addresses. The lease times will be set to 10-day increment to ensure that unused IP addresses are re-cycled and have plenty of IP addresses to be assigned.
DNS is another crucial component that must maintain redundancy to provide continuous service to the network. Therefore, each site will have a DNS server that contains the IP addresses database. An internal DNS will be created for both sites and have the Los Angeles site as the parent domain. In addition, a split DNS will be configured with two different scope to include one internal DNS and one for the external DNS that are hosted on the same DNS server. This configuration will provide an added layer of security and privacy for the network. Zone scopes and policies will be created. Once DNS server is configured with required policies, when a name resolution query is requested it will be evaluated against the policies on the DNS server. If it matches, the associated zone scope is used to respond to the query (Windows Networking Team, 2015).
Applications will be deployed using group policy to provide a process that will be fast and minimize errors. A shared folder must first be created to place the MSI file in it. Then, create a GPO to add every workstations and users that are needed to deploy the application. Application assignment to clients will be based on the least privileges to provide access but maintain security. Lastly, update the GPO to complete the process.
Software applications provide plethora of options to boost the WMW productivity; however, it is recommended to start with applications that are a necessity and functionality of a new business. The applications recommended are: Norton Small Business 2018 for antivirus protection, QuickBooks Accountant Desktop Plus 2019 software for the accounting department and Microsoft Office 2016 Professional for documents, spread sheets and power points.
File and Printer Sharing
Each site will consist of its own file and printer servers that will be configured the sharing features for all four servers. This will optimize the reliability of backup two file and print servers to ensure redundancy is in place for fault tolerance. In addition, it provides the ability to configure all servers to assign only authorized users for use.
Server Message Block (SMB) Share Quick will be utilized to create sharing files for the following departments: Executives, Accounts and Sales Department, Creative, Media and Production Department, Human Resources and Finances and IT. Furthermore, NFTS permissions will be configured for file and printer sharing to allow certain departments to secure its files exclusively to its department. The least privilege is the IT industry standard for securing unauthorized access; therefore, users are allotted the required minimum access to complete their job tasking. Access-based enumeration will be enabled for all users except the IT administrators.
Distributed File System (DFS) will be used to organize the distributed shared resources on the network. This will allow both sites the capability to access shared folders. DFS namespace will be utilized to enable users access to shared folders on both locations without the need to know the physical location. In addition, Distributed File System Replication (DFS-R) will be utilized to maintain the contents of the share folders in sync, which allows a file to be accessed anywhere and will display the same content (Gerend, 2017).
File Server Resource Manager (FSRM) will be utilized to automatically classify files, perform tasks based on classifications, set quotas and create monitoring reports on all data stored on the file servers. Quotas management will be implemented to allow the minimum volume that is required based on the user’s job description. Hard and Soft quotas will be set based on each user’s job description. Quotas is an essential tool to manage storage space and prevent user abuse. Storage reports will be set to run once a week to identify trends in storage usage and monitor any attempts to save unauthorized files (Tobin, 2017). File Screening Management will also be utilized to control the type of files that are allowed to be saved in the storage disk.
Ge, S., & Poggemeyer, L. (2016, October 2). What’s New in Windows Server 2016 Essentials. Retrieved September 16, 2018, from https://docs.microsoft.com/en-us/windows-server-essentials/get-started/what-s-new
Microsoft. (2017, May 1). Windows System Image Manager Technical Reference. Retrieved September 18, 2018, from https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/wsim/windows-system-image-manager-technical-reference
Windows Networking Team. (2015, May 12). Split-Brain DNS Deployment Using Windows DNS Server Policies. Retrieved September 22, 2018, from https://blogs.technet.microsoft.com/networking/2015/05/12/split-brain-dns-deployment-using-windows-dns-server-policies/
Gerend, J. (2017, June 4). Replicate Folder Targets using DFS Replication. Retrieved October 1, 2018, from https://docs.microsoft.com/en-us/windows-server/storage/dfs-namespaces/replicate-folder-targets-using-dfs-replication
Tobin, J. (2017, June 6). Storage Reports Management. Retrieved October 3, 2018, from https://docs.microsoft.com/en-us/windows-server/storage/fsrm/storage-reports-management
Click following link to download this document
Windows Server Deployment Proposal.docx