Title: When designing for an existing infrastructure, take into account the configuration and functionality (or lack thereof) of existing servers
1(Skill 1)
Examining the Current File, Print, and
Application Servers
- When designing for an existing infrastructure,
take into account the configuration and
functionality (or lack thereof) of existing
servers - File servers
- Print servers
- Application servers
2(Skill 1)
Examining the Current File, Print, and
Application Servers (2)
- File servers
- Often the most overlooked type of server
- Disk subsystem performance and network
connectivity are of primary importance
3(Skill 1)
Examining the Current File, Print, and
Application Servers (3)
- File server disk subsystems
- Typically use some form of PCI bus
- Server motherboard determines which PCI
specification the system is capable of using - Performance of disk subsystem
- Cannot exceed bus performance
- Because all subsystems share the same bus, the
maximum achievable transfer rate is usually
slightly less than half of the maximum
theoretical rate for the bus
4(Skill 1)
Examining the Current File, Print, and
Application Servers (4)
- File server disk subsystems
- For redundancy and fault tolerance, must use some
form of RAID - RAID 5 with a hardware controller
- RAID 01 (RAID 10)
- RAID 0 provides exceptional speed, but no
redundancy
5(Skill 1)
Examining the Current File, Print, and
Application Servers (8)
- Print servers
- Disk space and performance are of primary concern
- Network adapter also an area of major concern to
maximize performance - RAM and processor needs, while not unimportant,
are not as a major concern in comparison to
storage and network connectivity needs - Additional considerations include all integration
and software configuration concerns
6(Skill 1)
Examining the Current File, Print, and
Application Servers (9)
- Application servers
- Needs vary greatly depending on specific
application - Best to use a pilot to determine needs of server,
if at all possible - If a pilot is not feasible, do extensive research
on the needs and limitations of the server (check
for vendor white papers)
7(Skill 1)
Figure 2-1 Important subsystems for file servers
8(Skill 1)
Figure 2-2 Examining different disk subsystem
options
9(Skill 1)
Figure 2-3 Calculating bandwidth needs
10(Skill 1)
Figure 2-4 Important subsystems for print servers
11(Skill 2)
Examining the Current DNS Infrastructure
- Domain Name System (DNS)
- The core name resolution service in Windows
Server 2003 - Begin analysis of core network services by
analyzing DNS - Must be designed and configured properly or
Active Directory performance may be severely
impacted
12(Skill 2)
Examining the Current DNS Infrastructure (2)
- Important factors in analyzing the current DNS
infrastructure - Existing network operating system
- Versions of DNS server services in place and
their capabilities - Hardware currently in place for DNS services
- Current level of redundancy
- Forwarding strategy for current DNS infrastructure
13(Skill 2)
Examining the Current DNS Infrastructure (3)
- Important factors in analyzing the current DNS
infrastructure - Current zone and domain configuration
- DNS replication topology
- Current level of integration with WINS, DHCP, and
Active Directory - Current DNS client configuration
14(Skill 2)
Examining the Current DNS Infrastructure (4)
- Existing network operating system
- Network operating systems used for DNS services
- Unix/Linux
- Windows NT
- Windows 2000 Server
- Windows Server 2003
15(Skill 2)
Examining the Current DNS Infrastructure (5)
- Versions of DNS server services in place
- Unix and Linux DNS servers typically run a
version of Berkeley Internet Name Domain (BIND) - BIND version 4.9.7 is minimum version capable of
supporting SRV records, so any earlier version
cannot be used to host DNS domains for Active
Directory - BIND version 8.1.2 and higher versions are
recommended as they include support for DNS
dynamic updates - BIND version 8.1.1 also supports DNS dynamic
updates, but is not recommended due to flaws - BIND does not support Active Directory integrated
zones
16(Skill 2)
Examining the Current DNS Infrastructure (6)
- Versions of DNS server services in place
- Windows NT DNS servers
- Do not support SRV records, dynamic updates,
Active Directory integrated zones, or secure
updates - Should nearly always be upgraded or migrated to
Windows 2003 Server or Windows 2000 Server
17(Skill 2)
Examining the Current DNS Infrastructure (13)
- Key areas of current zone and domain structure
- Use of private DNS names (such as .local)
- Raises same issues as use of unregistered public
domain names - Solutions
- Modify forwarding strategy
- Configure DNS servers in each subdomain to host a
secondary copy of the root zone file - Disadvantage may increase total zone replication
traffic - Advantages provides less remote query traffic
and higher levels of availability for the domain
root
18(Skill 2)
Examining the Current DNS Infrastructure (14)
- Key areas of current zone and domain structure
- Placement of primary DNS servers for each zone
- For security reasons, always locate primary name
servers behind a firewall - Ensure they are in a location that facilitates
efficient zone transfers - Ensure that adequate redundancy for each zone
exists - Ensure at least two servers host a copy of each
zone file
19(Skill 2)
Examining the Current DNS Infrastructure (16)
- Level of integration between DNS and other
network services - Integration with WINS, DHCP, and Active Directory
(if already present) are of primary concern - If DNS is integrated with WINS, determine whether
WINS should remain in place in new design - For dynamic DNS to function, DNS must be
integrated with DHCP - Determine if Active Directory integrated zones
are currently being used since they have
different storage, security, operating system,
and replication needs
20(Skill 2)
Figure 2-6 Supported features of different DNS
server platforms
21(Skill 2)
Figure 2-8 An example of a forwarding structure
22(Skill 2)
Figure 2-9 An example of an inefficient
forwarding strategy
23(Skill 2)
Figure 2-11 An example DNS hierarchy
24(Skill 2)
Figure 2-15 An example of when an unusual
replication topology is in use
25(Skill 3)
Examining the Current WINS Infrastructure
- Windows Internet Naming Service (WINS)
- An important service in most legacy networks
- Resolves NetBIOS names, used by down-level
(pre-Windows 2000) operating systems, into IP
addresses - When examining existing NetBIOS name resolution
infrastructure, consider the need for NetBIOS
name resolution
26(Skill 3)
Examining the Current WINS Infrastructure (2)
- Windows Internet Naming Service (WINS)
- Reasons for maintaining NetBIOS name resolution
- Use of down-level client or server operating
systems - Use of legacy applications that rely on NetBIOS
name resolution - Use of network services, such as Distributed file
system (Dfs), in Windows 2000 that rely on
NetBIOS naming
27(Skill 3)
Figure 2-16 NetBIOS name resolution methods
28(Skill 4)
Examining the Current Remote Access
Infrastructure
- Primary methods of remote access
- Dial-in remote access
- Requires enough POTS connections/modems or ISDN
connections/adapters to support the required
number of simultaneous users - Virtual private network (VPN) remote access
- Requires connectivity with enough bandwidth,
ability to encrypt and decrypt packets fast
enough, and the ability to support the required
number of simultaneous users - May require router, firewall, and specialized
network adapters
29(Skill 4)
Examining the Current Remote Access
Infrastructure (2)
- Methods used to provide authentication,
authorization, and accounting (AAA) services - Windows-based AAA
- RADIUS-based AAA
- Other considerations
- Private network connectivity requiredtypically
high - Performance and availability of current remote
access solution - Client configuration
30(Skill 4)
Figure 2-17 An example VPN architecture
31(Skill 4)
Figure 2-18 Areas to check for Windows-based AAA
services