Chapter Scenario: Lucerne Publishing

Lucerne Publishing is deploying a Web site that will allow customers to order books on the Internet. The Web site will be hosted on an Internet Information Services (IIS) server located at the company's Tokyo office.

Active Directory Design for Lucerne Publishing

Lucerne Publishing is an international publisher of reference materials headquartered in Tokyo. To improve book sales on the Internet and to increase network manageability, they have implemented several Windows 2000 network services.

Lucerne Publishing's Active Directory

Lucerne Publishing has deployed Active Directory directory service using an empty forest root domain design. The forest root (lucernepublishing.tld) doesn't host any client computers. Only the domain controllers (DCs) that support the forest root domain and provide DNS services are located in the forest root domain. The forest has four additional domains based on geographic regions, as shown in Figure 9.1.

click to view at full size.

Figure 9.1 Lucerne Publishing forest design

Users and computers in each office are members of the domain that describes their geographic region.

DNS Services

Lucerne Publishing has deployed DNS to provide the necessary locator services for the internal network. In addition, Lucerne Publishing is hosting its DNS domain on the Internet (lucernepublishing.tld).

The DNS services for each domain in the forest are configured as shown in Table 9.1.

Table 9.1 DNS Services Deployment for Lucerne Publishing

Active Directory Domain DNS Service
lucernepublishing.tldActive Directory–integrated zone on all DCs in the lucernepublishing.tld domain.

This zone must also be available at each remote office.

americas.lucernepublishing.tldActive Directory–integrated zone on all DCs in the americas.lucernepublishing.tld domain.

This zone must be available only at the Denver and Caracas offices.

africa.lucernepublishing.tldActive Directory–integrated zone on all DCs in the africa.lucernepublishing.tld domain.

This zone must be available only at the Casablanca office.

eurasia.lucernepublishing.tldActive Directory–integrated zone on all DCs in the eurasia.lucernepublishing.tld domain.

This zone must be available only at the Moscow and Tokyo offices.

au.lucernepublishing.tldActive Directory–integrated zone on all DCs in the au.lucernepublishing.tld domain.

This zone must be available only at the Brisbane office.

DHCP Services

All client computers will be assigned IP addresses using local DHCP servers. The DHCP Service is installed on member servers at the Tokyo, Moscow, Denver, and Brisbane offices. Because the Caracas and Casablanca offices have a limited amount of server-class computers, DHCP is deployed on DCs at these offices.

Not all client computers are currently running Windows 2000. To allow the Host (A) and Pointer (PTR) DNS resource records to be registered using dynamic update, the DHCP server is configured to update DNS for DNS clients that don't support dynamic update. Lucerne Publishing wants to make sure that client computers can take over the registration of DNS resource records when they're upgraded to Windows 2000.

Remote Installation Services (RIS)

Lucerne Publishing wants to use RIS for the deployment of new client computers. Some of the existing client computers don't meet the minimum hardware specifications to run Windows 2000 Professional. Lucerne Publishing has decided to use RIS to deploy the new client workstations.

Lucerne Publishing wants to ensure that only approved computers are able to use RIS for operating system installation. Client computers should be installed to the domain at their geographic location. The network management team would like to have all computer accounts for RIS-installed computers stored in a separate OU.

Simple Network Management Protocol (SNMP)

Lucerne Publishing plans to use SNMP to manage their network infrastructure. By deploying SNMP agents on all network devices (routers, switches, and hubs) and on all servers and client computers, Lucerne Publishing believes they will be able to detect network failures more quickly.

Lucerne Publishing has purchased Unicenter TNG, manufactured by Computer Associates, for its SNMP management software. Each domain will manage its own SNMP environments to ensure prompt response to any network problems. Lucerne Publishing will use the SNMP software to detect network settings but not to reconfigure network devices.

Terminal Services

During the migration to Windows 2000, several desktop client computers will continue to use previous versions of Windows operating systems. However, some of the necessary software will run only in a Windows 2000 environment.

To allow these computers to use the newer software, Terminal Services is deployed at each office to allow clients to connect to the server by using the Terminal Services client software. Table 9.2 shows how the clients connect to the terminal servers on the network.

Table 9.2 Terminal Server Deployment for Lucerne Publishing

Office Terminal Server
DenverA Windows 2000 member server in the americas.lucernepublishing.tld domain
CaracasA Windows 2000 DC in the americas.lucernepublishing.tld domain
CasablancaA Windows 2000 DC in the africa.lucernepublishing.tld domain
MoscowA Windows 2000 DC in the eurasia.lucernepublishing.tld domain
TokyoA Windows 2000 DC in the eurasia.lucernepublishing.tld domain
BrisbaneA Windows 2000 DC in the au.lucernepublishing.tld domain

Lucerne Publishing wants to ensure that all information sent to the terminal servers is encrypted so that password information and account information aren't compromised on the network.

Microsoft Corporation - MCSE Training Kit (Exam 70-220. Designing Microsoft Windows 2000 Network Security)
MCSE Training Kit (Exam 70-220): Designing Microsoft Windows 2000 Network Security: Designing Microsoft(r) Windows(r) 2000 Network Security (IT-Training Kits)
ISBN: 0735611343
EAN: 2147483647
Year: 2001
Pages: 172 © 2008-2017.
If you may any questions please contact us: