Opening Windows: IT Consultancy for Windows Network Services Infrastructure - Essay Sample

Introduction

Opening Windows (OW), a new advertising firm, has an open hire, IT consultancy for the configuration of their Windows network services infrastructure. The firm has two branches located in different places, having the main office based in Houston, TX. Its staff exists in five different job rankings in both departments. Throughout its establishment, the company has been employing the window server 16 domain, which runs on a windows server 2016 domain that operates a windows server 2016 at a functional level. The company is also said to have acquired a new group, Media Guru group in VA, Richmond, which has a single domain forest running window server 2012 domain controllers (DC) and windows server 2012 functional level.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

The company, as a result of this, requires a profound solution that stands at addressing the integration and configuration of Active Directory updates within its branches. Among the intended solutions is the adoption of a dependable solution that addresses their acquisition of a new company and its active directory forest, which initially comprises of a single forest domain.

Despite catering for comprehensive user managements within a domain, windows server 16 is exceedingly complex, and as newer versions existing to ease the setup process, establishing a server is very difficult and time-consuming. It requires an IT fill in to ensure the company runs at a top-notch within its industry. The complexity also makes it challenging to troubleshoot systems if any problems arise, specifically in tracking down an issue and resolving it (Klause 2016).

With the recent acquisition of Media Guru, the company still demands an acclivity as far as IT solutions are concerned. A single domain forest execution does not necessarily include test environments. As there is only a single forest, the company would need to hugely plan and control necessary changes made to the central forest. Consequently, any changes made within the forest bears an effect on all the domains in the environment. One also has to control enterprise components shared over the entire fields within the company strictly.

Active Directory Infrastructure

By employing third-party AD management software, IT administrators are in a vital position to tap into further added capabilities that make it easier to for a company to administer services. Looking at the general layout of Opening Windows, it is crucial to employ Windows server 16 with Access Rights Management (ARM), an IT management solution. One of the most cardinal integral components of the windows server is group policy. Group policy is a comprehensive and vast tool for driving out settings to company domain users and computers. In this instance, Settings can be anything that ranges from removing or adding mapped network drives, removing or adding printers, turning on, and turning off exceptional Windows settings. This feature in Windows 16 will allow OW to integrate the newly acquired company’s domain into their existing forest.

Access Rights Manager (ARM) stands the right AD tool for the company if they want to work out on Active Directory monitoring and management. An ARM can monitor group policy and Active Directory, track changes on access management and acquire profile into user access supposedly for better security.

Figure 1 Access Rights manager in group membership

According to Solar winds, cited in (Brant, 2013), ARM is projected to assist IT administration in efficiently and quickly provisioning, de-provisioning, auditing and managing user access rights into data, files and systems, so they can in protecting companies from the possible risks of breaches and data loss as far as group policy is concerned. ARM is vital for OW, particularly its 110 employee pool in Houston and Richmond sites, respectively. By analyzing access permissions and user authorizations, you get a visual perception of the person who has admittance to what, and when access was done. With a few courses of action, tailored reports can be rendered to demonstrate confirmation with many regulative requirements.

Figure 2Active Directory Configuration

With Forest Functional Levels, Windows server 16 employs privilege access management (PAM). Privileged access management helps lessen security concerns for AD environments caused by certification theft techniques, including spear phishing, pass-the-hash, and other types of attacks. PAM provides a new access solution that is set up by using MIM (Microsoft Identity Manager). According to Nickel (2019), privilege access management introduces, "A new bastion Active Directory forest, which is provisioned by MIM. The bastion forest has a special PAM trust with an existing forest. It provides a new Active Directory environment known to be free of any malicious activity, and isolation from an existing forest for the use of privileged accounts."

Cross-forest trusts will be implemented through a one-way trust. The domain worthy of trust or confidence contains users, whereas the trusting domain permits access to resources. This kind of trust solely flows in one direction where users can access resources from the trusting domain, but users cannot access resources within the trusted domain. Consequently, Active Directory replication will be handled through a hub and spoke topology. It is a network conception where a nuclear device called "the hub" is connected to other devices commonly referred to as "spokes." It is a cost-effective solution as it requires minimal supervision and oversight.

Active Directory Core Design

The number of users within the company primarily translates to the type of Forest/Domain model used. Operating Windows demands more than a single domain. It enables the IT team partition data, giving more prompt over replication traffic amounts that will pass in a network connection at a particular time. This prevalence makes it capable of controlling where information is replicated, reducing the load created by replication traffic prior caused by slow links within the network.

From that fact, the company ought to employ a regional domain model to cut down on replication traffic through WAN links. Regional domains that are based geographically can be organized in agreement with the network WAN connectivity. The regional domain model renders the company capable of maintaining a stable environment to work with overtime. However, it is essential to base those areas used to determine domains in a model on static elements, including regional boundaries. Active Domains established on other factors, i.e., groups within the company, can often change, requiring a restructuring of the environment, a feature that makes it adaptable.

Regional domain model comprises of a "forest root domain," the first domain to install and one other domain. Establishing a regional domain design involves distinguishing the kind of domain in the forest root domain as well as determining the additional domain/domains required to meet replication requirements. The company includes Houston and Richmond groups that require service isolation and data isolation from other groups within the company. In this case, creating a separate forest for these groups is demanded.

In the regional domain model, planning to place "regional domain controllers" in each domain represented in each single hub location is essential. Following the placement of "regional domain controllers" across all areas is also needed to evaluate the placing of "regional domain controllers" at satellite locations. Taking out unnecessary "regional domain controllers" from satellite locations cuts down the support costs of maintaining a remote server substructure.

Furthermore, it is of greater importance to ensure the security of "domain controllers" in both satellite and hub locations so that those not endowed with authority cannot access them. An individual who has practical access to a domain controller can breach the system by:

• Accessing physical disks through launching an alternating operating system within a domain controller.
• Replacing physical drives within a domain controller.
• Finding and manipulating copies of a "domain controller system" state backup.
• To avoid security threats, the company is required to add regional domain controllers to locations to ensure their physical security.

In addition, RODC (a read-only domain controller) solution should be considered, especially with inadequate physical security concerns. Except for account passwords, RODC holds the entire Active Directory attributes and objects that a domain controller holds. Despite anything, on the contrary, changes cannot be made to the database laid on the RODC. Essential changes ought to be made on a domain controller then replicated to the RODC. Among the crucial FSMO roles is the domain naming master. The function makes sure that one cannot create a secondary domain within the same forest that bears the same name as another. FSMO gives the company confidence that its domain will be in a position to perform the primary function of authenticating permissions and users without interruption. Consequently, the backup operator's group in this system is used to give members the power to back up and restore files.

Active Directory Certificate Services

Active directory certificate services (AD CS) will be used in both sites to raise security by binding user identity, service, or device to a matching private key. AD CS caters for an efficient, secure, and cost-effective way of managing the use of and distribution of certificates. Applications sustained by AD CS include secure wireless networks, S/MIME (Secure/Multipurpose Internet Mail Extensions), VPN (a virtual private network), IPsec (Internet Protocol security), EFS (Encrypting File System), SSL/TLS (Secure Socket Layer/Transport Layer Security), smart card logon and digital signatures.

Figure 3 AD CS Configuration

The AD CS role service is mainly designed for trusted administrators and secured networks. It is of this design that the enrolment can apply a single password to request several certificates. Moreover, there is no certification for the SAN supplied. Nevertheless, Windows Server supports a policy component for the NDES (Network Device Enrolment Service), which provides extra authentication, making it pragmatic to run this function service in a margin network.

Active Directory Rights Management Services

Active Directory Rights Management Services (AD RMS) can be implemented in protecting intellectual property by integrating several features. In addition to direct integration with AD DS, AD RMS can rely on both AD CS (Active Directory Certificate Services) and AD FS (Active Directory Federation Services). AD RMS works with a specific client to mainly protect sensitive information. AD protection is offered via an AD RMS role, designed to provide licensing and certificate management, not to mention configuration, logging, and information prevalent in a database. For example, the company can rely on WID (Windows Internal Database) included in Windows Server. Still, in production, it can rely on a database engine, i.e., Microsoft SQL Server 2008 or Microsoft SQL Server 2005 running on a server. The prevalence will provide an ability to balance AD RMS through multiple server installations.

Active Directory Federation Services

Active directory federation services will be implemented with regard to permission requirements. However, the administrator performing the initial configuration a...