NETW/COMM Final Assignment Hierarchical Access LTD Business Plan

Authors: Daniel Arathoon, Brandon Cohen and Shawn Johnston Professors: Julie Walker & Danny Anaig

2|Page Executive Summary HAL Summary Over the course of a few months Paul Alexander has found there to be many small issues within the company. We have been put in charge of fixing these issues as well as creating a network setup. For the proposed network setup we added many roles and features that include: DNS, DHCP, User Groups and Remote Desktop. We found that there were eleven issues within the company and gave our opinions on how to fix them. Some of the issues that were addressed included restoring backups, configuring remote desktop, upgrading network devices and setting up domains and domain controllers.

3|Page

Contents
Introduction ........................................................................................................................................... 4 Issue #1 ................................................................................................................................................. 5 Issue #2 ................................................................................................................................................. 5 Issue #3 ................................................................................................................................................. 6 Issue #4 ................................................................................................................................................. 6 Issue #5 ................................................................................................................................................. 7 Issue #6 ................................................................................................................................................. 7 Issue #7 ................................................................................................................................................. 7 Issue #8 ................................................................................................................................................. 8 Issue #9 ................................................................................................................................................. 8 Issue #10 ............................................................................................................................................... 9 Issue #11................................................................................................................................................ 9 Network Configuration ....................................................................................................................... 10

4|Page

Introduction
Hierarchical Access LTD is a privately owned company that is managed by its founder and CEO, Alan Hake. HAL provides internet access and web registration for small companies. Recently Paul Alexander has been manager of information security and has noted that there are many issues that have not been resolved within the company. Paul has approached us and asked that we use our extensive knowledge to help solve the issues.

5|Page

Issue #1
HAL is planning to open a second office in another city, and you are part of the team that is designing the new network. The employees in the new office will be performing a wide variety of tasks, and they need a large number of applications installed on their computers. William, Systems Manager, is having trouble meeting his budget for the new network, due to the high cost of the applications, processor, memory, and disk space resources the workstations will need to run the applications. He is also concerned about supporting and maintaining the workstations because there will be no full-time IT personnel at the new site. You suggest using Terminal Services to host the applications. William, however, knows nothing about Terminal Services. Explain how using Terminal Services can resolve all of the network design problems William is experiencing. To solve this issue William should install the Remote Desktop Service role. With Remote Desktop Connection, you can access a computer running Windows from another computer running Windows that's connected to the same network or to the Internet. For example, you can use all of your work computer's programs, files, and network resources from your home computer, and it's just like you're sitting in front of your computer at work (Microsoft, 2013). This role needs to be installed and configured on the main server as well as the workstation computers. With this role installed he will be able to access and install the required applications to each workstation from the main server. This will cut down on costs by reducing the number of licenses required. There will be little support required for the workstations because the only requirement is that the workstation being used is running the remote desktop and is connected to the main server.

Issue #2
Harold is a freelance networking consultant who has designed a network for a small company with a single location. The owner of the company wants to use an Active Directory domain, so Harold installs a Windows Server 2008 domain controller with the Active Directory Domain Services and DNS Server roles. Harold also uses DHCP to configure all of the workstations on the network to use the DNS services provided by the domain controller. Soon after the installation, however, Amanda, the CIO notices extremely slow Internet performance. After examining the traffic passing over the Internet connection, you determine that it is being flooded with DNS traffic. What can you do to reduce the amount of DNS traffic passing over the internet connection? To increase the performance of the internet access Harold should place the DNS and DHCP roles on separate servers. DNS is used whenever an individual wants to access a website, as it takes the URL entered and finds out what IP address is assigned to it. If you were to increase the size of the DNS cache then the site would have an index of what IP is assigned to what URL and would greatly reduce the load of looking up that information. If the DNS and DHCP are on separate servers all the DNS traffic will be forwarded to the DNS server so that the DHCP does not get buckled down. You do not want the DHCP to be negatively affected because DHCP provides an automated way to distribute and update IP addresses and other configuration information on a network. A DHCP server provides this information to a DHCP client through the exchange of a series of messages, known as the DHCP conversation or the DHCP transaction (Microsoft, 2013). It is an extremely important role and you want to make sure that it is functioning correctly without being slowed down.

6|Page

Issue #3
After deploying a large number of wireless laptop computers on the network, Jonathan, the IT senior systems administrator director at HAL decides to use DHCP to enable the laptop users to move from one subnet to another without having to manually reconfigure their IP addresses. Soon after the DHCP deployment, however, Jonathan notices that some of the IP address scopes are being depleted, resulting in some computers being unable to connect to a new subnet. What can Jonathan do to resolve this problem without altering the networks subnetting? To solve this issue Jonathan should check the DHCP lease time. The lease time holds the IP address for the time that has been allocated. Once the time is up the IP is released back into the scope. If there isnt a lease time Jonathon should set one. A lease time of one hour should be sufficient. Having a long lease time keeps IP's that have been used previously out of the scope for an extended period of time and this leads to an insufficient amount of IP addresses making it impossible for users to connect, however having too short of a lease time can stress the DHCP server.

Issue #4
Edward Michaels is designing a new Active Directory infrastructure for his department, which is based in New York and two additional offices in London and Tokyo. The London office consists only of sales and marketing staff; they do not have their own IT department. The Tokyo office is larger, with representatives from all of the company departments, including a full IT staff. The Tokyo office is connected to the headquarters using a 64 Kbps demand-dial link, while the London office has a 512 Kbps frame relay connection. The company has registered the litware.com domain name, and Robert has created a subdomain called inside.litware.com for use by Active Directory. Based on this information, help Edward design an Active Directory infrastructure for his department. which is as economical as possible, specifying how many domains to create, what to name them, how many domain controllers to install, and where. Explain each of your decisions. To solve this issue Edward needs to configure three domains that are going to be hosted off two domain controllers. The three domains would be nyork.inside.litware.com, london.inside.litware.com and tokyo.inside.litware.com. Each office needs its own domain for organizational purposes. The reason Edward should have two domain controllers is because London is a small office with only two departments and no IT staff. By default, a domain controller stores one domain directory partition consisting of information about the domain in which it is located, plus the schema and configuration directory partitions for the entire forest (Microsoft, 2013). Since London and New York will have similar configurations it makes sense to have them on the same domain controller. Tokyo would have its own domain controller because they have a full IT staff and their connection is sub-par.

7|Page

Issue #5
Susan has installed the File Server Resource Manager role service on her Windows Server 2008 file servers and created a number of quotas to limit the server disk space each user can consume. In each quota, she has configured FSRM to send email messages to the user and to the administrator if any user exceeds a quota. She has also configured FSRM to create a Quota Usage report each Friday. The next week, on examining the report, she discovers that several users have exceeded their quotas, but she has received no emails to that effect. What is the most likely reason that Kathleen did not receive the FSRM emails and what can she do about it? Kathleen may not be properly configured as the administrator of the server; she should make sure that she has the sufficient rights first and foremost. She should then make sure that the FSRM was properly configured to email the administrator when a user exceeds the quota of allocated server disk space. She should then make sure that her email is not filtering out the email from the FSRM into her junk folder.

Issue #6
Amanda Wilson has recently decided to deploy all office productivity applications to its internal users with terminal servers. William, a member of the IT staff, has been given the responsibility for installing and configuring a server farm on the company network that consists of 12 new terminal servers running Windows Server 2008. William installs the Terminal Services role, with the Terminal Server role service, on all 12 computers. He also installs the TS Session Broker role service on one of the computers. After adding each of the 12 terminal servers to a TS Session Broker farm and installing the office applications on the server, William begins a test deployment, adding groups of users to gradually increase the terminal server traffic load. Later, when examining the traffic statistics, William notices that one of the servers is experiencing much higher traffic levels than the others and it is not the server running TS Session Broker. What could be the problem and how should William resolve it? To solve this issue Amanda should configure an NLB cluster. This will reduce the load on the main terminal server by sharing the workload across all computers in the cluster.

Issue #7
Libby, a new hire in the IT department, approaches you, her supervisor, Paul Alexander ashenfaced. A few minutes earlier, the president of the company, Alan Hake called the help desk and asked Libby to give his new assistant (Jamie Roma) the permissions needed to access his personal budget spreadsheet. As she was attempting to assign the permissions, she accidentally deleted the BUDGET_USERS group from the spreadsheets access control list. Libby is terrified because that group was the only entry in the files ACL. Now, no one can access the spreadsheet file, not even the president or the Administrator account. Is there any way to gain access to the file, and if so, how? To solve this issue Libby first needs check and see if there have been any backups made. If there are backups she should then restore the backup which would restore the deleted budget_users group. If Libby is unsuccessful in finding backups she then must remake the budget_users group. After the group has been remade Libby needs to configure it and re add the users to the group. Once this has been completed Libby can complete her original task by moving Jamie Roma to the budget_users group from whatever group he was in.

8|Page

Issue #8
HALs IT department is in the process of deploying a new Web-based application that they have developed in-house, and the IT director is concerned about providing users in the branch offices with secured access to the application. The director has instructed you to install a certification authority (CA) on one of your Windows Server 2008 servers. The CA must enable Active Directory clients in the branch offices to manually submit enrollment requests for certificates using a Web-based interface. The CA should be able to generate the certificates using a custom template based on settings supplied by the application developers. The director also wants all certificate enrollment requests to be manually approved by an administrator before the CA issues the certificates. Create a list of the tasks you must perform to install and configure the CA the director has requested, along with a reason for performing each task. To install certificate authority you must first have the IIS role installed. Next go to the server manager and add the active directory certificate service role. If it is the first certificate authority on the network it has to be configured as the root. Once the role is installed go to the Microsoft management console and add the certificate snap in.

Issue #9
Lewis is a new hire in the IT department under Paul Alexander. He wants to be able to access all of the Windows Server 2008 servers on the company network from his workstation using Remote Desktop. Lewis logs on to his workstation using his personal account, which currently has only domain user privileges. To give his user account the proper access, he logs onto the companys Active Directory domain with the Administrator account and uses the Active Directory Users and Computers console to create a group called Remote Desktop Users. Then, he adds his domain user account to the group. However, when he logs on to the domain with his user account, the Remote Desktop Connection client is unable to connect to any of the remote servers. What must Robert do to correct the problem? To solve this issue Lewis must first properly configure the remote desktop users group from the active directory domain. Once this has been completed Lewis must then add the users to the remote desktop users group. He then must remove himself from the active directory domain and move into the remote desktop users group. If he is not in the group he will not have the rights to use it.

9|Page

Issue #10
Amanda Wilson has asked your team to help her server administrator who has been given the task of determining why a particular Windows Server 2008 server on a local area network is performing poorly. You must also implement a remedy for the problem. The computer is functioning as a file and print server for a small department of eight graphic designers. After monitoring the computers performance using the Performance Monitor tool, you have determined that the network itself is the bottleneck preventing peak performance. The graphic designers routinely work with very large files, saturating the network with traffic. Give two possible solutions that will remedy the problem and increase the performance level of the computer in question. To solve this issue Amanda should look into upgrading the network where ever possible. She could invest in new routers, and she could have gigabit interfaces hardwired into all the workstations that are connected to one main switch.

Issue #11
Sy Truman is a server administrator for HAL that uses the Grandfather-Father-Son media rotation method to back up its network. On arriving at the office on Friday morning, Sy discovers that the hard disk on one of his servers has failed, causing all of its data to be lost. The first thing he does is to install a new hard disk drive into the server and install the operating system. Then, checking the backup logs, he sees that the last grandfather job was a full backup performed three weeks ago, on the first day of the month. The most recent father job was a full backup performed the previous Sunday. The son jobs are incremental backups that are performed every weeknight. All of the incrementals for that week completed successfully, except for Tuesday nights job, because Sy failed to insert the appropriate tape into the backup drive. Describe the procedure Sy must perform to restore all of the lost data on the failed disk, by specifying the tapes he must use and the order in which he must restore them. Sy should restore the most recent father backup first. Once that has been done Sy should restore the son backups from Monday, Wednesday and Thursday. This will restore the lost data.

10 | P a g e

Network Configuration
To configure our network we had to set up all the necessary roles as well as create users and user groups. The following screen shots show the installation progress.

DHCP

Here we are installing DHCP on the server. The above screen shot shows the configuration. DNS

Here we are installing DNS. The above screen shot shows the domain and the DNS ipv4 address.

11 | P a g e Remote server manager DFS 10 Users.

Here we have created 10 users and added them to the remote server group. Remote Server Manager

Here we are installing the remote Desktop server manager and the required roles.

12 | P a g e

Backup

Here we have created a backup, the above screen shot shows the configuration, Shared folder

Here we have created the shared folder. The above screen shot shows the configuration.

13 | P a g e Reference List "Connect to another computer using Remote Desktop Connection - Microsoft Windows Help." windows.microsoft.com. Microsoft , n.d. Web. 1 Dec. 2013. <http://windows.microsoft.com/enca/windows/connect-using-remote-desktop-connection#connect-using-remote-desktopconnection=windows-7>. "Domain Controller Roles." : Active Directory. Microsoft, 3 June 2010. Web. 1 Dec. 2013. <http://technet.microsoft.com/en-us/library/cc786438(v=ws.10).aspx>. "How DHCP Works." How DHCP Works. Microsoft, n.d. Web. 1 Dec. 2013. <http://technet.microsoft.com/library/dd183692(v=ws.10).aspx>.