Introduction
Fixing Windows LLC is taking steps towards having a technology solution capable of effectively supporting its growing operations. Windows Server 2016 is only succeeded by one generation of the server releases, placing it as a modern solution for organizations that choose to embrace it, and provides solutions that meet the needs of the company. Fixing Windows LLC doesn’t have to worry about implementing different solutions for its different offices, with this solution capable of being effectively deployed to serve these multiple locations.
Active Directory
At both the Dallas and Houston offices will be an active directory forest, and each of them will contain the domain, application, and group policy and configuration data and will operate independently of each other as users will not be capable of accessing the other forest. Each of the active directory forests will consist of domain controllers that will be constantly exchanging files among each other. To determine the extensibility of the system, tasks like data replication will happen within these active directory forests. There will be around six or so domain controllers in an active directory forest and these will be responsible for supporting administrative activities for Fixing Windows LLC. Comment by Serhiy Kuzhanov: This is against every Microsoft best practice Comment by Serhiy Kuzhanov: What files do domain controllers need to exchange and why?
The main domain controller of the company will be located at the Houston offices, with Dallas also being capable of hosting the controller. However, for redundancy purposes, there will also be a read-only domain controller that will be installed at the Los Angeles offices, with backup solutions. As a read-only setup, the Los Angeles domain controller will not be likely to threaten the security of the man controller in Houston. The Los Angeles office will be a sales office, with a small staff and as such will need minimal technical support compared to the Dallas and Houston offices. These offices, given their relatively large sizes in terms of personnel and operations, will be from where the active directory will be managed. With different departments and the employees conducting different roles and responsibilities within the organization, organizational units will be established, with each unit for each of the various departments, and each of them operating independently. User profiles along with their permissions, system privileges and access controls will be managed within these organizational units, ensuring that each of the units is responsible for setting up the credentials for users under them and that the access controls granted to the user are within the limits of the user’s duties. For tracking and auditing purposes, there will be the flexible single master on (FSMO) roles that will be installed on a small number of stations, with the roles ending up on domain controllers from where other stations will access to get a given role (Palmer, 2017). Comment by Serhiy Kuzhanov: If you have two forests, how can you have one mail domain controller? You will at least have two main domain controllers – one for each forest. And how can you say that Dallas is capable of hosting a domain controller if you already said that you will deploy an independent forest at that site, so it MUST include a domain controller
Group Policy
The system administrators of Fixing Windows LLC will use Group Policy to establish user and machine configurations, with settings like determining the limit of user’s failed login attempts before they are locked out of the system, to the deployment of applications. The Group Policy settings are applicable to all levels within the active directory, including the domain, organizational unit, to a site computer. The policy settings can be edited and managed through the Microsoft Management Console or through the PowerShell. The Group Policy Object Editor is responsible for managing the various group policies and is located under the management console and the administrator has the option of browsing the various policies and subsequently making a selection. PowerShell could also be used to make edits to group policies, with a module dedicated solely to the management of group policies, which will however only be available at the Houston office which has been configured as the domain controller (Palmer, 2017).
Group Policy allows for application deployment either through publishing or assigning. Deployment through assigning happens when the particular application can be accessed by users and other workstations. From any of the company’s workstation, the employees of Fixing Windows LLC will be capable of accessing any application that had been deployed by way of assigning. It is a cheap way of deploying applications and will ensure that employees have easy access to basic and essential applications they require to complete their responsibilities. When an application has been deployed via publishing, then the application will only be available to the users, where instead of it being installed within the computer, will be tied to a particular user. Whenever a user needs to access the application, they will log onto any computer and will then be prompted to install the application, which will then be uninstalled when they log off. It is a useful solution when there is a need to restrict the access to certain applications to specific users within the organization. Publishing will then become a part of the company’s data security efforts as it will place restrictions on access to sensitive applications and the data that come with them. The company has a number of trade secrets that it would prefer to be restricted to a few authorized individuals within the organization. Providing access to these applications via assigning would expose them to the risk of being accessed by unauthorized individuals, making publishing the most appropriate solution to maintain confidentiality (Krause, 2016).
Information security is important for any organization, and Fixing Windows LLC has been provided with Windows Firewall with Advanced Security, which is deployable under Group Policy settings. It is a capable tool that can be utilized to screen all traffic moving in and out of the system for potential threats. From the group policy settings, the administrator can also undertake user access control and determine the privileges that various users will be granted within the system. It should prevent unauthorized attempts to access or manipulate data in the system without the express authorization to do so, with any user that seeks such access needing to have been granted the right credentials (Krause, 2016).
DNS
DNS will be used to provide name resolution through the provision of temporary IP addresses to the TCP/IP and to DHCP for the provision of temporary IP addresses to client computers. The activities of DNS will be supported by three servers, with other backup servers that will be deployed to act as failover options in the event that the primary servers are down. The servers will be housed at both the Houston and Dallas offices with a DNS server at each of the offices. The servers will be installed and configured at these offices manually, ensuring there is a direct interaction between the technical team and the server for purposes of making any identification of potential issues with the servers and addressing them as soon as possible. The main server will be responsible for managing the addresses, hosting most of them, with any other addresses being hosted within the backup server. The main server will be the location from which clients will be provided with their IP addresses, with this continuing until such a point that the backup server will need to take over should the primary server experience failure. The backup server has been envisioned as the principal backup solution for the main server, containing similar data and capabilities and could hence easily take over for the main server in the event of failure (Thomas, 2017). Comment by Serhiy Kuzhanov: That is a function of DHCP
As the company seeks or more ways to remain up to date with emerging technology, it will be taking steps towards the use of mobile devices within the organization, which should mobility and allow for employees to access company technology resources even when away from the office. With mobile devices, it can happen much more efficiently, with the devices being highly portable while at the same time possessing capabilities for sophisticated functionalities. These devices will make use of two virtual servers deployed to utilize split DNS, with a much more simplified approach for the DNS namespace design (Palmer, 2017).
File Services
A file system will be installed within its own independent server and will be assigned a unique IP address. Users, on the other hand, will be provided with virtual drives they will use for individual tasks with shared drives deployed for hosting network files. The file server resource manager (FSRM) will be used to administer both the user and the shared drives, with a number of actions taken to ensure the efficient use of the available resources. Individual users will be allocated a limited space size within the drives assigned to them while the different departments given their varying needs will be allocated the space on a case by case basis to ensure each department to have the optimal space allocation for its operations. The same way, should any user or department require additional space, they will place requests for the same and further allocations will also happen on a case by case basis. However, the quota system will be strictly maintained, with an additional request for space needing to be done only at the utmost necessity, with users being more careful with the way they use up the space allocated to them. The administrator will, therefore, be responsible for both setting up and enforcing rules on effective space management within the system, making extensive use of the capabilities provided by the file server resource manager (FSRM). The File Classification Infrastructure (FCI) is a tool within the FSRM that can classify various file formats and subsequently used to restrict certain formats from being stored within the various allocated spaces, whether within individual user drives or the shared drives. As such, users will be prevented from storing certain files types within their drives to ensure they do not use up their allotted space for non-essential storage. The administrator will be alerted whenever a given user or department is close to depleting their allotted space. It should give the administrator to decide on how to handle the situation, which could include analyzing the user space for potential optimization leading to more space being freed up or seeking ways to provide the additional space. FCI could also be used to place encryption on certain files to restrict access to them as well as place expiry dates on other files and ensure they are deleted within a certain period of time. The latter could be a response to dealing with certain file types that are no longer of use to the organization and their effective disposal will lead to the availability of more space to be allocated to users and departments (Thomas, 2017).
With Distributed File Services (DFS) are DFS Replication and DFS Namespaces, providing the availability of a common directory to users. With DFS Replication, there is the capability to conduct folder replication across multiple sites and multiple servers, and do with efficiency. To make effective use of the available space, file compression algorithms are used on files, leaving more space available for further utilization in future. An effective compression method used will be the remote differential compression which instead of making replications of an entire file, will instead seek out the modification that was made to it and retain those modifications. Such an approach should avoid unnecessary redundancies and lead to appropriate use of space. DFS Namespaces provide an administrator with a virtual view of shared folders that have hosted within different servers and consists of a single root that has multiple other targets and links. Multiple root targets can be mapped from a single root, and users are able to view a namespace as a single folder containing multiple subfolders within it. It is a quite effective solution for when data is spread out across multiple servers, making tedious for users to access the different servers individually to access the data. Instead, users get a streamlined solution where all these servers can be viewed as a single folder known as the namespace and allowing for easier conducting of tasks by viewing multiple folders from different servers from a single location (Palmer, 2017).
Remote Services
The remote server access role can be implemented with three role services namely Direct Access, Web Application Proxy and Routing and Remote Access. Remote access provides centralized administration and the monitoring and tracking of Direct Access and Routing and Remote Access Service, which can be deployed on one Edge server. The management of these technologies can be conducted via both Remote Access Microsoft Management Console as well as on the Windows PowerShell. Direct Access provides users with remote access capabilities to applications as well as other shared resources that are located within a restricted internal network, providing such access without the user having to resort to a virtual private network (VPN). Direct Access will launch a connection with another within the network that has been enabled for Direct Access and establishes a two-way connection via the internet, doing away with the need of the remote users to first access the company’s internal network. The system administrator will have their capabilities and reach expanded as they will be able to conduct remote administration tasks without necessarily having to use a virtual private network to achieve that (Krause, 2016).
With an office located thousands of miles away in Los Angeles from the Texas offices, the employees in Los Angeles should easily access the resources within the Houston and even the Dallas offices. This will, however, require that there be a reliable WAN internet connect since the Direct Access remote capabilities will require reliable internet service to successful establish remote access. The system administrators will also benefit, allow for seamless connection to all of the company’ technology resources via an efficient solution (Thomas, 2017).
Windows Server Update Service (WSUS)
The Windows Server Update Service (WSUS) streamlines the capabilities of the administrators to conduct management and distribution of updates to the system via the central management console. Known as an update source, the server responsible will be connected to Microsoft Update, from where it will be getting regular information on available and upcoming updates. The administrator will have the choice of making further additions to the servers in a bid to improve their capabilities. With Windows Server Update Service, Fixing Windows LLC will have streamlined the update management tasks for the whole system by having them done from a centralized console, allowing for a comprehensive view of the system. An automated solution will ensure updates still happen even if the administrators forget to make themselves. The Windows PowerShell enhanced capabilities will extend to the management of The Windows Server Update Service (WSUS) (Krause, 2016).
Summary
The Windows Server 2016 was released with many more features, some new and some Justas they were in the previous iteration as well as many improvements. Fixing Windows LLC has thus being provided with the requisite tools and capabilities that will allow it to continue growing its operations with the right technological tools.
Appendix
Direct Access communication between two sites
C:\Users\Bones\Documents\Mark\Phone\msc\DirectAccess_Wide_Area_Deployment.png
References
Krause, J. (2016). Mastering Windows Server 2016. Packt Publishing Ltd.
Palmer, M. (2017). Hands-On Microsoft Windows Server 2016. Cengage Learning.
Thomas, O. (2017). Windows Server 2016 Inside Out (includes Current Book Service). Microsoft Press.