Examining the Current Services Infrastructure

Download Report

Transcript Examining the Current Services Infrastructure 

Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Examining the Current File, Print,
and Application Servers
 When designing for an existing infrastructure, take
into account the configuration and functionality (or
lack thereof) of existing servers
 File servers
 Print servers
 Application servers
2.1
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Examining the Current File, Print,
and Application Servers (2)
 File servers
Often the most overlooked type of server
Disk subsystem performance and network
connectivity are of primary importance
2.2
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Examining the Current File, Print,
and Application Servers (3)
 File server disk subsystems
 Typically use some form of PCI bus
 Server motherboard determines which PCI
specification the system is capable of using
 Performance of disk subsystem
Cannot exceed bus performance
Because all subsystems share the same bus, the
maximum achievable transfer rate is usually slightly less
than half of the maximum theoretical rate for the bus
2.3
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Examining the Current File, Print,
and Application Servers (4)
 File server disk subsystems
 For redundancy and fault tolerance, must use some
form of RAID
RAID 5 with a hardware controller
RAID 0+1 (RAID 10)
RAID 0 provides exceptional speed, but no redundancy
2.4
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Examining the Current File, Print,
and Application Servers (8)
 Print servers
 Disk space and performance are of primary concern
 Network adapter also an area of major concern to
maximize performance
 RAM and processor needs, while not unimportant, are
not as a major concern in comparison to storage and
network connectivity needs
 Additional considerations include all integration and
software configuration concerns
2.5
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Examining the Current File, Print,
and Application Servers (9)
 Application servers
Needs vary greatly depending on specific
application
Best to use a pilot to determine needs of server, if
at all possible
If a pilot is not feasible, do extensive research on
the needs and limitations of the server (check for
vendor white papers)
2.6
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Figure 2-1 Important subsystems for file servers
2.7
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Figure 2-2 Examining different disk subsystem options
2.8
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Figure 2-3 Calculating
bandwidth needs
2.9
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Figure 2-4 Important subsystems for print servers
2.10
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure
 Domain Name System (DNS)
 The core name resolution service in Windows Server
2003
 Begin analysis of core network services by analyzing
DNS
 Must be designed and configured properly or Active
Directory performance may be severely impacted
2.11
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (2)
 Important factors in analyzing the current DNS
infrastructure
 Existing network operating system
 Versions of DNS server services in place and their
capabilities
 Hardware currently in place for DNS services
 Current level of redundancy
 Forwarding strategy for current DNS infrastructure
2.12
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (3)
 Important factors in analyzing the current DNS
infrastructure
 Current zone and domain configuration
 DNS replication topology
 Current level of integration with WINS, DHCP, and
Active Directory
 Current DNS client configuration
2.13
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (4)
 Existing network operating system
 Network operating systems used for DNS services
Unix/Linux
Windows NT
Windows 2000 Server
Windows Server 2003
2.14
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (5)
 Versions of DNS server services in place
 Unix and Linux DNS servers typically run a version of
Berkeley Internet Name Domain (BIND)
 BIND version 4.9.7 is minimum version capable of supporting
SRV records, so any earlier version cannot be used to host
DNS domains for Active Directory
 BIND version 8.1.2 and higher versions are recommended as
they include support for DNS dynamic updates
 BIND version 8.1.1 also supports DNS dynamic updates, but is
not recommended due to flaws
 BIND does not support Active Directory integrated zones
2.15
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (6)
 Versions of DNS server services in place
 Windows NT DNS servers
Do not support SRV records, dynamic updates, Active
Directory integrated zones, or secure updates
Should nearly always be upgraded or migrated to
Windows 2003 Server or Windows 2000 Server
2.16
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (13)
 Key areas of current zone and domain structure
 Use of private DNS names (such as .local)
 Raises same issues as use of unregistered public domain names
 Solutions
 Modify forwarding strategy
 Configure DNS servers in each subdomain to host a secondary
copy of the root zone file
 Disadvantage: may increase total zone replication traffic
 Advantages: provides less remote query traffic and higher
levels of availability for the domain root
2.17
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (14)
 Key areas of current zone and domain structure
 Placement of primary DNS servers for each zone
For security reasons, always locate primary name servers
behind a firewall
Ensure they are in a location that facilitates efficient zone
transfers
Ensure that adequate redundancy for each zone exists
Ensure at least two servers host a copy of each zone file
2.18
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (16)
 Level of integration between DNS and other network
services
 Integration with WINS, DHCP, and Active Directory (if already
present) are of primary concern
 If DNS is integrated with WINS, determine whether WINS should
remain in place in new design
 For dynamic DNS to function, DNS must be integrated with DHCP
 Determine if Active Directory integrated zones are currently being
used since they have different storage, security, operating system,
and replication needs
2.19
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Figure 2-6 Supported features of different DNS server platforms
2.20
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Figure 2-8 An example of
a forwarding structure
2.21
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Figure 2-9 An example
of an inefficient
forwarding strategy
2.22
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Figure 2-11 An example DNS hierarchy
2.23
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Figure 2-15 An example of when an unusual replication topology is in use
2.24
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 3)
Examining the Current
WINS Infrastructure
 Windows Internet Naming Service (WINS)
 An important service in most legacy networks
 Resolves NetBIOS names, used by down-level (preWindows 2000) operating systems, into IP addresses
 When examining existing NetBIOS name resolution
infrastructure, consider the need for NetBIOS name
resolution
2.25
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 3)
Examining the Current
WINS Infrastructure (2)
 Windows Internet Naming Service (WINS)
 Reasons for maintaining NetBIOS name resolution
Use of down-level client or server operating systems
Use of legacy applications that rely on NetBIOS name
resolution
Use of network services, such as Distributed file system
(Dfs), in Windows 2000 that rely on NetBIOS naming
2.26
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 3)
Figure 2-16 NetBIOS name resolution methods
2.27
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 4)
Examining the Current
Remote Access Infrastructure
 Primary methods of remote access
 Dial-in remote access
Requires enough POTS connections/modems or ISDN
connections/adapters to support the required number of
simultaneous users
 Virtual private network (VPN) remote access
Requires connectivity with enough bandwidth, ability to
encrypt and decrypt packets fast enough, and the ability
to support the required number of simultaneous users
May require router, firewall, and specialized network
adapters
2.28
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 4)
Examining the Current
Remote Access Infrastructure (2)
 Methods used to provide authentication, authorization,
and accounting (AAA) services
 Windows-based AAA
 RADIUS-based AAA
 Other considerations
 Private network connectivity required–typically high
 Performance and availability of current remote access
solution
 Client configuration
2.29
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 4)
Figure 2-17 An example VPN architecture
2.30
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 4)
Figure 2-18 Areas to check for Windows-based AAA services
2.31
© 2004 Pearson Education, Inc.