Examining the Current Services Infrastructure
Download
Report
Transcript Examining the Current Services Infrastructure
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Examining the Current File, Print,
and Application Servers
When designing for an existing infrastructure, take
into account the configuration and functionality (or
lack thereof) of existing servers
File servers
Print servers
Application servers
2.1
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Examining the Current File, Print,
and Application Servers (2)
File servers
Often the most overlooked type of server
Disk subsystem performance and network
connectivity are of primary importance
2.2
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Examining the Current File, Print,
and Application Servers (3)
File server disk subsystems
Typically use some form of PCI bus
Server motherboard determines which PCI
specification the system is capable of using
Performance of disk subsystem
Cannot exceed bus performance
Because all subsystems share the same bus, the
maximum achievable transfer rate is usually slightly less
than half of the maximum theoretical rate for the bus
2.3
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Examining the Current File, Print,
and Application Servers (4)
File server disk subsystems
For redundancy and fault tolerance, must use some
form of RAID
RAID 5 with a hardware controller
RAID 0+1 (RAID 10)
RAID 0 provides exceptional speed, but no redundancy
2.4
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Examining the Current File, Print,
and Application Servers (8)
Print servers
Disk space and performance are of primary concern
Network adapter also an area of major concern to
maximize performance
RAM and processor needs, while not unimportant, are
not as a major concern in comparison to storage and
network connectivity needs
Additional considerations include all integration and
software configuration concerns
2.5
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Examining the Current File, Print,
and Application Servers (9)
Application servers
Needs vary greatly depending on specific
application
Best to use a pilot to determine needs of server, if
at all possible
If a pilot is not feasible, do extensive research on
the needs and limitations of the server (check for
vendor white papers)
2.6
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Figure 2-1 Important subsystems for file servers
2.7
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Figure 2-2 Examining different disk subsystem options
2.8
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Figure 2-3 Calculating
bandwidth needs
2.9
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 1)
Figure 2-4 Important subsystems for print servers
2.10
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure
Domain Name System (DNS)
The core name resolution service in Windows Server
2003
Begin analysis of core network services by analyzing
DNS
Must be designed and configured properly or Active
Directory performance may be severely impacted
2.11
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (2)
Important factors in analyzing the current DNS
infrastructure
Existing network operating system
Versions of DNS server services in place and their
capabilities
Hardware currently in place for DNS services
Current level of redundancy
Forwarding strategy for current DNS infrastructure
2.12
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (3)
Important factors in analyzing the current DNS
infrastructure
Current zone and domain configuration
DNS replication topology
Current level of integration with WINS, DHCP, and
Active Directory
Current DNS client configuration
2.13
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (4)
Existing network operating system
Network operating systems used for DNS services
Unix/Linux
Windows NT
Windows 2000 Server
Windows Server 2003
2.14
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (5)
Versions of DNS server services in place
Unix and Linux DNS servers typically run a version of
Berkeley Internet Name Domain (BIND)
BIND version 4.9.7 is minimum version capable of supporting
SRV records, so any earlier version cannot be used to host
DNS domains for Active Directory
BIND version 8.1.2 and higher versions are recommended as
they include support for DNS dynamic updates
BIND version 8.1.1 also supports DNS dynamic updates, but is
not recommended due to flaws
BIND does not support Active Directory integrated zones
2.15
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (6)
Versions of DNS server services in place
Windows NT DNS servers
Do not support SRV records, dynamic updates, Active
Directory integrated zones, or secure updates
Should nearly always be upgraded or migrated to
Windows 2003 Server or Windows 2000 Server
2.16
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (13)
Key areas of current zone and domain structure
Use of private DNS names (such as .local)
Raises same issues as use of unregistered public domain names
Solutions
Modify forwarding strategy
Configure DNS servers in each subdomain to host a secondary
copy of the root zone file
Disadvantage: may increase total zone replication traffic
Advantages: provides less remote query traffic and higher
levels of availability for the domain root
2.17
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (14)
Key areas of current zone and domain structure
Placement of primary DNS servers for each zone
For security reasons, always locate primary name servers
behind a firewall
Ensure they are in a location that facilitates efficient zone
transfers
Ensure that adequate redundancy for each zone exists
Ensure at least two servers host a copy of each zone file
2.18
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Examining the Current
DNS Infrastructure (16)
Level of integration between DNS and other network
services
Integration with WINS, DHCP, and Active Directory (if already
present) are of primary concern
If DNS is integrated with WINS, determine whether WINS should
remain in place in new design
For dynamic DNS to function, DNS must be integrated with DHCP
Determine if Active Directory integrated zones are currently being
used since they have different storage, security, operating system,
and replication needs
2.19
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Figure 2-6 Supported features of different DNS server platforms
2.20
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Figure 2-8 An example of
a forwarding structure
2.21
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Figure 2-9 An example
of an inefficient
forwarding strategy
2.22
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Figure 2-11 An example DNS hierarchy
2.23
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 2)
Figure 2-15 An example of when an unusual replication topology is in use
2.24
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 3)
Examining the Current
WINS Infrastructure
Windows Internet Naming Service (WINS)
An important service in most legacy networks
Resolves NetBIOS names, used by down-level (preWindows 2000) operating systems, into IP addresses
When examining existing NetBIOS name resolution
infrastructure, consider the need for NetBIOS name
resolution
2.25
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 3)
Examining the Current
WINS Infrastructure (2)
Windows Internet Naming Service (WINS)
Reasons for maintaining NetBIOS name resolution
Use of down-level client or server operating systems
Use of legacy applications that rely on NetBIOS name
resolution
Use of network services, such as Distributed file system
(Dfs), in Windows 2000 that rely on NetBIOS naming
2.26
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 3)
Figure 2-16 NetBIOS name resolution methods
2.27
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 4)
Examining the Current
Remote Access Infrastructure
Primary methods of remote access
Dial-in remote access
Requires enough POTS connections/modems or ISDN
connections/adapters to support the required number of
simultaneous users
Virtual private network (VPN) remote access
Requires connectivity with enough bandwidth, ability to
encrypt and decrypt packets fast enough, and the ability
to support the required number of simultaneous users
May require router, firewall, and specialized network
adapters
2.28
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 4)
Examining the Current
Remote Access Infrastructure (2)
Methods used to provide authentication, authorization,
and accounting (AAA) services
Windows-based AAA
RADIUS-based AAA
Other considerations
Private network connectivity required–typically high
Performance and availability of current remote access
solution
Client configuration
2.29
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 4)
Figure 2-17 An example VPN architecture
2.30
© 2004 Pearson Education, Inc.
Exam 70-297 Designing a Microsoft® Windows® Server 2003
Active Directory and Network Infrastructure
Lesson 2: Examining the Current Services Infrastructure
(Skill 4)
Figure 2-18 Areas to check for Windows-based AAA services
2.31
© 2004 Pearson Education, Inc.