WINDOWS SERVER PROPOSAL

jiggaman404
Windowsserverdeploymentproposal.docx

1

Running head: WINDOWS SERVER DEPLOYMENT PROPOSAL

2

WINDOWS SERVER DEPLOYMENT PROPOSAL

Windows server deployment proposal

My Name

University of Maryland University College

WINDOWS SERVER / CMIT 369

December 8, 2019

Windows server deployment proposal

This proposal is a description of the implementation and configuration of the core IT services as a solution to "We Make Windows" Inc. This solution will supply the needs of the company for 2-3 years. As part of this proposal, six topics will be addressed in detail and both the business and technical reasoning for the choice of each of these topic will be provided. The 6 topics that will be addressed in this proposal include the new features of windows server 2016 that that the company can take advantage of, deployment and server editions, active directory domains, DNS and DHCP designs, deployment of application services, and last but not the least, printer and file sharing. That said, this proposal progresses as follows.

New features of windows server 2016 that WMW can take advantage

Nano server

One of the new features of windows server 2016 that WMW Inc can take advantage of is the nano server feature. At this point in time, it should be understood that the a "nano server is the server that is responsible for refactoring the core pieces of the windows server, turning them into their minimally functional state" (Ferrill, 2015). To expound further on the refactoring aspect, it should be know that refactoring is that process of analyzing a given code, in this case, the core pieces of the windows serve, the goal of which is to simplify it. Having described a nano server, it is time to address both the technical and business reasoning for this feature.

One of the technical reasoning for this new feature is that a nano server can run on a bare-metal operating system. In basic terms, a bare metal operating system is basically a hard disk which is the usual medium on which many computer operating systems are installed. So, the capacity of the nano server running on a bare metal operating system is advantageous in that the system will require fewer updates. At the same time, this means that fewer rebooting of the system when the updates are done will be necessary. From the business standpoint, fewer updates and reboots will ensure the business operations remain online and functional most of the time with little interruptions. In other words, there will be little down times. Since down times are costly to the business, this means that the element of cost due to down times will be addressed by the nano server.

Another technical reasoning for this feature is that nano servers are so small that they could be ported across physical sites, data centers as well as other servers. In fact, compared to other installation options, this feature posses a 92% smaller installation. This means that the installation can connected easily across physical sites, data centers, and even across other servers.

Another technical reasoning for this feature is that it reduces attack surface due to its small size. This is advantageous in that for the attack to happen, the attacker has to inject any server roles from outside the nano server. From the business reasoning, this is one of the best features because the business will experience less cyber attacks, most of which paralyze business operations due to exposure, loss or corruption of data.

Another technical reasoning for this feature is that nano servers host most of the common workloads window servers. Given that fewer updates and fewer reboots will be necessary, this means that most of those common workloads will not be disrupted most of the time. The business reasoning is that there will be minimal interruptions to business operations especially during the initial configuration because the nano server will be managed completely remotely.

Containers

Another of the best features of windows server 2016 that the company can take advantage of is the containers. In basic terms, containers are abstract data types with server instances that are collection of other objects. These containers store objects in an organized way following specific rules of access. Having said that, windows server 2016 offers both windows server container instance and hyper-V container instances.

The technical reasoning for this feature is that the company can run both super isolated containerized instance servers as well as shared containerized instance servers depending on the trustworthiness of workloads to be handles at a particular time. For instance, the company can run the hyper-V containerized instance servers for the human resources and finances department because these departments would want their data remaining private from other departments like the production department. For those departments like the production and sales departments that can share data, the company can use windows server container instance to run their workloads because this data type is intended for such low trust workloads because these department will not mind that container running and sharing common resources. The business reasoning for this feature is that the company can maintain the confidentiality of specific data by maintaining isolated servers on which such confidential data can be run.

Server deployment and server editions

In total, there will be 2 servers needed for the company. One of the servers will be super isolated containerized instance server while the other server will be a shared containerized windows server. The requirement for these two servers is based on the business reasoning that some departments would want their data kept private from other departments. For example, the human resources and the finances department would want its data remaining private from other departments like the Creative, Media, and Production department. On the basis of that reasoning, the executive department will be combined with other departments such the accounts department, the creative, media, and production department, and the IT department whose data will be run on the shared windows server while the Human Resources and Finances department will be remain private under the isolated hyper-V containerized instance servers.

In both of the two servers needed for this company, the datacenter edition of windows server 2016 will be used. This is because in both cases, the datacenter and cloud environments are highly virtualized.

At the same time, server core will be used on both serves because the company will be taking advantage of the new nano server feature of the windows server 2016. Besides, "the nano server will be ported across the datacenter edition of the windows server" (Dauti, 2017) that will be used in bother servers.

Regarding the location of the servers, it should be understood the each of the two servers will be located in Los Angeles. This is because most of the staff of the company, including those in the IT department will be located in LA. It therefore makes business sense to locate each of the two servers where most of the staff will be located.

Regarding the deployment of the servers, it should be understood that the servers will be deployed automatically. This is because the company will be taking advantage of the nano servers, which means that the installation can be ported easily across datacenters. Besides, the use of nano servers is the confirmation that the deployment will be managed remotely in its entirety.

Active directory domains

Regarding the number of active directory domains, it should be known that there will be 5 of those active directory domains in total. Each department will be represented in those directory domains.

There will be one Read-Only Domain Controller for the isolated containerized instance server and one Read-Only Domain Controller for the shared windows containerized instance server. Each of these Read-Only Domain Controllers will be responsible for responding to security authentication requests.

The second site will factor into domain controller placement in that it can be included in the Read-Only Domain Controllers. This is because the Read-Only Domain Controllers is designed to be deployed in areas with fewer users. Given the first site, Los Angeles will have most of the staff, the second site, New York will have relatively fewer users. And that is where the Read-Only Domain Controllers will come in handy. Considering that components in the Read-Only Domain Controllers cannot be changed, AD sites in this database that need to be changed must be changed on writable domain controller before they are replicated back into the Read-Only Domain Controllers.

The organization of the active directories will depend on the group policy that will be used. Users will therefore be organize based on the department they fall under.

DNS namespace design and DHCP design scope

Source: https://www.youtube.com/watch?v=-DkUuLTnKY4

Regarding the DHCP design scope, it should be understood that the design should allow as many scopes to the DHCP server as possible. This is to allow the wireless devices of the company and those of the staff to be assigned to the scope. In case the primary scope is low on IPs, the design should other scopes to be created to accommodate other wireless devices.

A single subnet can have just one DHCP scope with a single yet continuous range of IP addresses.

A form of DHCP tolerance should be implemented to ensure staff are connected lest the company operations stall and or fail altogether.

DHCP reservations will be used on the server to allow specific IP addresses are allocated to specific clients. This way, in case an attack on the server happens, the specific IP addresses used can be tracked to the client allocated.

Regarding the DNS namespace design, it should be known that the design will follow a "continuous namespace where the domains in the active directory will share a common namespace" (Microsoft support, 2018).

The DNS of the second site will be pointed to clients as secondary DNS.

Deployment of application services

The applications will be deployed using group policy. One of the methods of deploying application is to assign it to either a user or a computer. In the event that the application is assigned to a computer, the application will be installed when the computer reboots. so that it is available to users when they log in. However, the installation will be completed when the use runs the application for the first time.

In the event that the application is assigned to a user, the installation of the application will be completed when the user runs the program for the first time.

Printer and file sharing permissions

The shares that might be needed in this case are the file shares as well as printers. However, for this to be possible, two types of permissions must be enabled. This include shared files permissions and NTFS permissions. "The permissions for shared folders will control network access to either a disk volume or a folder" (Krause, 2016). On the other hand, the permissions on NTFS will apply to either remote access and local access.

References

Dauti, B. (2017). Windows Server 2016 Administration Fundamentals. Birmingham: Packt Publishing.

Krause, J. (2016). Mastering Windows Server 2016: A comprehensive and practical guide to Windows Server 2016.

Microsoft support, (2018, Apr 18). DNS namespace planning. Retrieved from https://support.microsoft.com/en-us/help/254680/dns-namespace-planning

Ferrill, P. (2015, Oct 29). The best new features of in windows server 2016. Retrieved from https://www.computerworld.com/article/2998888/the-best-new-features-in-windows-server-2016.html