Windows Network Services Proposal for IMI and Media Guru Group

Verified

Added on 2019/10/30

AI Summary

This document presents a comprehensive proposal for establishing secure Windows network services, focusing on the integration of two companies, IMI and Media Guru Group. It details the importance of network security, especially in data-intensive environments, and outlines key components of a robust network infrastructure. The proposal covers server configuration, including planning and setup, managing server settings, and configuring IP addresses. It emphasizes the installation and configuration of Active Directory, including assigning computers to the server, utilizing Active Directory Certificate Services, Federation Services, and Rights Management Services. The report also addresses antivirus installation, focusing on Windows Security Essentials and Microsoft Endpoint Protection. Furthermore, it explains firewall creation and the implementation of DHCP and DNS for network management. The proposal includes diagrams and considerations for disaster recovery, high availability, and security services, concluding with a detailed overview of the proposed network design and its benefits.

WINDOWS NETWORK SERVICES PROPOSAL

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

TABLE OF CONTENTS
SL.NO TITLE PG.NO
1 INTRODUCTION 3
2 ABOUT INTERNATIONAL MARKING, IN (IMI) 3
3 OBJECTIVE OF THE DOCUMENT 4
4 BACKGROUND OF THE DOCUMENT 4
5 SERVER-CONFIGURATION 4
6 ACTIVE DIRECTORY INSTALLATION 7
7 ANTIVIRUS INSTALLATION 9
8 FIREWALL CREATION 12
9 DHCP AND DNS 12
10 GENERAL INSTALLATION 13
11 SOFTWARE SUPPORT RESPONSIBILITY 14
12 APPLICATION LICENSES 14
13 APPLICATION TRAFFIC FLOW 14
14 EQUIPMENT INSTALLATION 15
15 OS SUPPORT 15
16 FILE AND STORAGE LOCATION 16
17 DISASTER RECOVERY 17
18 HIGH AVAILABILITY 18
19 SECURITY SERVICE AND SERVICE DETAILS 18
20 CONCLUSION 19
REFERENCES 21
1. INTRODUCTION

Generally, whenever restructuring or constructing a network for an organization, a different
always takes place. The main areas were these changes experienced in an organization, which
manages is data i.e. information systems. Right from the top hierarchy to the lower department of
the organization covers a data; all had their information that should be maintained. Any error in
the system will always cause an extreme disturbance to the events of the complete organization.
Combining two companies remotely need high security in order to avoid intrusions like a virus,
unwanted access, threat etc. Constructing a secure design module for remote network between
two companies needs a proper secure design, which helps both the companies from data loss,
avoid collision and minimize workload by providing separate access to each department. Each
department in an organization remain independent and private i.e. data from one department
cannot be accessed or viewed by another department. Some access policy has to set to access
data between employees. This paper outlines a proposal that will ensure that there are no errors
in the organization’s network system, particularly in the Active Directory Configuration. It also
provides a faultless structure of how links between IMI head office in Houston, TX which works
on windows server 2012 level, can be securely established with Media Guru Group based out of
Richmond, VA which works on windows server 2003 (Microsoft, 2018).
2. ABOUT INTERNATIONAL MARKING, IN (IMI)
IMI has two sites, one in Houston, TX and another one in Richmond VA. Executives can
manage and run their company. Account section performs market research work and account
maintenance. Media department handle advertising, HR perform HR and financial, etc. This
makes a necessary to safeguard compatibility on configuration structures by producing media,
which will ensure the variance on the configuration that does not cause any failure. There are
totally 110 employees in both Houston and Richmond sites. There is executives department to

manage and run the company, account and sales department for performing marketing research
and maintaining accounts, creative, media and production department for advertising, Human
Resources and finances department for performing HR duties, IT department is for managing the
IT for the company. There are separate Active directory domains for network equipment setup
and security mechanisms like firewall, intrusion detection system are used to handle some
vulnerable activities. But all the data cannot be protected by using the firewall and intrusion
detection system. Additional methods are required to protect the data. The aim of this is to build
an interface where communication takes place.
3. OBJECTIVE OF THE DOCUMENT
The objective of the document is to create a network design for the newly started
Company Richmond, VA and to protect the data from all the vulnerable activities. The document
contains the requirements that the design should follow windows server 2012.
4. BACKGROUND OF THE DOCUMENT
The background of the document contains Server installation –windows server 2012, how to
configure server, Active Directory installation, Assign employee system to the server, Antivirus
installation, firewall installation.
5. SERVER-CONFIGURATION
Server configuration ensures how to integrate with a newly joined company with the
existing factor. For increasing business growth and a number of employees that results in
expanding of the server to store data and run the application. Virtualization technology operates
the OS in same similar physical hardware (Microsoft, 2018).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

5.1 PLANNING INSTALLATION
In order to install a server operating system a proper plan has to ensure where a right
hardware to be placed. The processor has to check because windows server 2012 will run only
on a 64-bit processor. Two versions of the operating system are standard and datacenter. Both
are similar but the difference in maintenance of hardware and guest virtual machines (Techradar,
2013).
5.2 SET-UP
Initial set-up provides implanting disc into the computer and switch on the server.
Booting system will start to load the software by getting common details like language currency,
time and installation starts (Techradar, 2013).
The remote client can either from Houston, HX or Richmond, VA, user or employee
from both the company act as a remote client to one another. They communicate via the public
Remote client Internet
Remote Access
server
Infrastructure
server
Application server

internet using a server; both can access the server remotely using its userID and password. Server
consist of infrastructure server and application server where infrastructure server secure the
traffic on the network by monitoring virus and firewall whereas application server will used to
access application related events like database access, network access to communicate etc
(Techradar, 2013).
5.3 SERVER MANAGE AND CHANGING COMPUTER NAME
On installing server and windows operating system on a system, managing server a login
access has to be done which requires Admin password to access. Server manage tab has a server
event which changes from a UI to desktop mode and click Configure this local server on server
managing window. In addition, each server has its own name and renaming is possible, this can
be done at change server name. This allows restarting system (Techradar, 2013).
5.4 CONFIGURATION OF SERVER WITH IP ADDRESS
In order to connect with the network, this server has to set with IP address, default
gateway and DNS. Ethernet will allow configuring on the network and there on double clicking
on adaptor will -help to change address. Internet protocol version4 will allow adding all IP
address (Techradar, 2013)
5.5 MANAGE REMOTELY WITH REMOTE DESKTOP
By setting remote desktop one, can access manage the entire server from another system
i.e. inside or outside of the organization. Set remote desktop entry and select “remote connection
to this computer” to remotely manage the server. If users are expended then by adding a new
user can add to the existing server (Techradar, 2013).

5.6 SERVER UPDATE
Server Updating is simple and fast in windows and by keeps on updating will allow the
system to stay fast and managing easily. It gives an automatic update and manual update option
to which and where to install (Techradar, 2013).
5.7 STIMULATE SERVER
Last part of this work is to activate the server, server activation requires a product key and this
allows configuring the server and ready to use.
6. ACTIVE DIRECTORY INSTALLATION
This Active Directory Installation helps the server to assign the agent-managed computer to the
management group. To create Active Directory Domain Service (AD DS) some commands are
used and it contains operations on manager management group. MOMADAdmin.exe is
necessary to install manager management group (Microsoft, 2018).
ManagementGroupName
This has a name of the management group that create an active directory container.
MOMAdminSecurityGroup
This is a security group that has a domain format plays as an admin security role.
<path>\MOMADAdmin.exe
<ManagementGroupName><MOMAdminSecurityGroup><RunAsAccount><Domain>

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

RunAsAccount
This allows reading, writing and deleting objects in Active Directory that use domain
format/username.
Domain
It will create a name of the domain when a management group container is generated.
6.1. ASSIGN COMPUTER TO SERVER
Active Directory Domain service used to assign managing server i.e. primary management and
secondary management. This can be created before Agent Assignment and failover wizard. Any
agent cannot deploy both of this so computer agent called MOMAgent.msi can manually deploy
this (Techtarget, 2018).
6.2 ACTIVE DIRECTORY CERTIFICATE SERVICE
Usually, for secure access to network server used to provide public key infrastructure but on a
windows server, it provides Active Directory Certificates Service, which will generate PKI and
provide encryption, Digital signature and digital certificate. This AD CS will handle all the
security-related events in-house. AD CS on this network will use existing information on the
register to generate a certificate and it allows group policy among different departments to
choose which type of certificate to select. Once the system connects to online for the first time a
request sent to active directory to find certificate on which type it should be given to end user
from policy report. Thus, it will automatically renew, add and delete the request upon some
condition (Techtarget, 2018).

6.3 ACTIVE DIRECTORY FEDERATION SERVICE
Active Directory Federation Service (ADFS) provides the users on windows server a
single sign-on access. It allows the user to the first login, once it is sign-in user ID and password
is saved in the server, which will allow the user to access the computer on its boundaries.
Whenever a third party access occurs on a windows server, it will control the authentication by
checking its record in the federation register (Techtarget, 2018).
6.3 ACTIVE DIRECTORY RIGHT MANAGEMENT SERVICE
Active Directory Right Management Service (AD RMS) will allow the user to manage
the data by protecting using data access policy. Once the user accesses the data remotely using
windows server, RMS will act as a security tool to protect data from unwanted satiation
(Techtarget, 2018).
7. ANTIVIRUS INSTALLATION
Providing security for windows server is an essential part to maintain information on
server and data is being corrupt. Windows security essentials and windows endpoint protection
are used for security.
7.1 WINDOWS SECURITY ESSENTIAL
Configure windows essential on windows server 2012. Download a right .exe file from
the respected website. The right .exe file for security essential is mseinstall.exe. Install this and
once it gets install click compatibility mode in properties where the admin has to check the “Run
this program in compatibility mode for” which will open a command prompt as an admin.
Finally run reinstall from downloads.

7.2 MICROSOFT ENDPOINT PROTECTION 2012
This will help to manage client-server related work.
 Download and install from a respected site and extract from the zip file.
 Extract client “CLIENT” from .exe, which downloaded from website to any location.
 Client folder is browsed to run install “scepinstall.exe”.
 The installer will configure with security protection. Initially, it will scan system to find
threats by receiving new updates. Once fully updated then scan will perform to check
threats.
Overall, diagram active directory with DNS/DHCP
ISP Router
Windows server
2012 Employee system
Employee system

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

8. FIREWALL CREATION
Creating firewall rule is equally important as creating security rule. One can add, edit and
delete rule according to their needs, using configuration wizard we can create rules for a firewall
that allows the computer to send a traffic-free programs, service, users etc. Allow particular
connection, allow connection with IPsec or block the connection explicitly. For a secure
Router internet
Switch
System 1 Server 1 System 2 Fax machine
IP 196.168.25.145
SM 255.255.255.0
DG 196.168.25.254
DNS 193.168.25.100
DHCP enable
IP 196.168.25.200
SM 255.255.255.0
DG 196.168.25.254
DNS 196.168.25.100
Static IP
IP 196.168.25.150
SM 255.255.255.0
DG 196.168.25.254
DNS 196.168.25.1
DHCP enable
IP 196.168.25.145
SM 255.255.255.0
DG 196.168.25.163
DNS 196.168.25.1
Static IP

connection on firewall security rule along with firewall, rule with IPsec. However, security rule
alone will not allow the connection to travel through the firewall so firewall rule has to create.
By default windows, the firewall will turn on and manages to run on windows server 2012.
Firewall rules and setting can be managed on windows server manager window, where on tools
select windows firewall with advanced security.
9. DHCP AND DNS
Every user or connection has a domain name, implementing DNS and DHCP on the
server use a static IP address which we created on server configuration i.e. assign on IP to DNS
and DHCP. DHCP allows as assigning IP address to physical address, which can be used for
same time. DNS on network helps to rename the local server to run on the network.
A group of policy has been created so that when an admin is not present a particular
permission has given to company users to use the server. Thus, help the system and server to
achieve flexibility where a group of policy helps the users in the absence of administrator.
Syslog Configuration
General setting
Syslog facility
Enable
Local6

Syslog Server IP/Domain name port
Server 1
Server 2
Server 3
10. GENERAL INSTALLATION:
General hardware installation:
Host
name
Server type Telecom/
Vendor
Support
OS
Version
OS
Patch
Level
Manufacturer
S/N
GATEWAY
USERPC1 DATA
SERVER
AT&T Windows7 3.2 1258568 168.162.15.1
USERPC2 DOMAIN
SERVER
AT&T Windows7 3.2 1258956 168.162.15.1
USERPC2 DATA
SERVER
AT&T Windows7 3.1 23546895 168.162.15.1
11. SOFWARE SUPPORT RESPONSIBILITY:
Organisation responsible for providing support
Operating System Data Bases Application Backups
<168.2.156.1 >
192.168.25.136
192.168.25.140
0.0.0.0
145
145
145

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Windows Mysql ALLSTAR Offline backup
<168.2.156.0 >
linux Maria DB Server pic warm backup
12. APPLICATION LICENSES:
Application License Type Details of acquiring renewal of Temporary Licenses
<168.2.156.1 >
Windows os Microsoft license 3 years
<168.2.156.0 >
linux GPL FREEWARE
13. APPLICATION TRAFFIC FLOWS:
Source Destination 24x7 Comments
SERVER 1 SALES NO Only accessible for sales
SERVER 2 support YES Public
14. EQUIPMENT INSTALLATION:
Item 24x7 BUDGET/COST COMMENTS
60 computers YES 5000USD CLEANING OF THE DUST

ETHERNET
CABLES
YES 500USD
REPLACE OF THE CABLES IF
NEEDED
DHCP/DNS YES 300USD MONITORING OF DNS AND DHCP
FIREWALL YES 200USD CHECK THE THREAT LOGS
MAINTENANCE
NO 1000USD REGULAR CHECK UP
ISP YES 500USD MONTHS BILLS FOR ISP
TOTAL 7000USD
15. OS SUPPORT
Server name CPU type OS Installation type
Server 1 X86 32-bit server service
pack 2(SP2) 2012
Full
Server 2 X64 64-bit Windows server
service pack (SP2) 2012
Core server
Server 3 X64 64-bit windows server
2012
Full
16. FILES AND STORAGE LOCATIONS:
16.1 BRANCHCACHE:

In IMI, there are two different sites which require storage location. So it is necessary to
use branchcache for the storage solutions. Branchcace is a WAN (Wide Area Network)
technology which is used for bandwidth optimization in windows server and Windows operating
systems. When the user tries to access the content form the other branch using branchcache, it
helps to fetch the content from the main server and provide the content over the WAN
(Microsoft, 2018).
16.2 DYNAMIC ACCESS CONTROL BENEFITS:
It is one of the security measures on windows server 2012 which helps the administrator
to control the path of the data access from the file server. When the data is accessed via DAC,
the data classification methods are improved by enabling the file control and auditing
simultaneously. To prevent the files from the unauthorized access, access controls are used. File
security policies are used at the domain level to secure the files on the file server. Dynamic
access control adds the benefits by handling authentication and authorization using the active
directory. This can be achieved by
 Classifying the data
 Implementing access conditions
 Auditing and
 Encryption
This authentication and authorization can be accomplished by using Access control List, auditing
access policies and central access policies, Auditing and Central Access Policies and file
infrastructure (Vyapin, 2013).
16.3 STORAGE OPTIMIZATION:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Windows Server 2012 provides a secure way for storage of files but power shell
interaction is necessary to add the advanced features for the storage optimization. It can be
managed by creating a virtual Disk in the UI by using parameters like Virtual disk name, simple
or mirror settings, type of provisions, Disk size and storage name. In addition, when creating a
virtual disk via power shell it is necessary to consider other parameters like columns, data copies,
disk interleaving and physical disk required (Microsoft, 2009).
For example:
Friendly Name: Pool56, Disks: 1050GB disks, Pool Capacity: 4.68TB
17. DISASTER RECOVERY:
Windows back up can be taken by the administrator by the periodic backup and backup on
demand. Different technologies are used to backup the files based on the type of backup. It is
stored in the following path.
<BackupStorageLocation>WindowsImageBackup<ComputerName>
When the backup has started the data which is available in the source volumes is read and
then .vhd file is created on the storage location. Finally, the metadata is taken backup.
The organization uses volume shadow copies of data. After window server backup, it creates a
Volume Shadow Copy Service (VSS) it is a Microsoft technology which is used for maintaining
the backup data (Microsoft, 2012).
18. HIGH AVAILABILITY:
Implementation of Hyper-V adds the benefit to IMI because Microsoft Hyper-V
hypervisor is a platform which is used to create a step by step method similar to VMware. There

will be consistent use of Virtual Hard Disk. The data is converted to .vhd file after the backup of
data. So it is necessary to used Hyper-V for data backup (IproToday, 2008).
18.1 NETWORK LOAD BALANCING:
In windows server, network load balancing is used for managing one or more servers into
a single virtual cluster. It improves the availability and scalability of the server's applications
such as FTP, proxy, firewall, Virtual private network, etc (Argonsystems,2016).
18.2 FAILOVER CLUSTERING:
It is necessary to key track of all the applications which runs on the server. In IT
infrastructure it is very important to create a separate block for the improvement of failover
clustering. It is designed to protect the critical applications such as SQL server, Microsoft
exchange etc. by failover clustering is a part of Dynamic Datacenter and technologies like live
migration. In windows server 2012 it is expanded to enable frequent availability of file sharing
(Iprotoday, 2013).
19. SECURITY SERVICE AND SERVICE DETAILS
Providing security to the entire company might results in risk so providing security for
the needs of data may reduce the risk factor i.e. providing high security for a particular
department, allocating some events to perform on traffic, using a firewall, Antivirus may result
in minimizing providing security. The main reason to provide security is to avoid data loss, so in
order to secure data, a security design has to build which protect from intrusion. Though firewall
and antivirus stop unwanted access but it will not fully secure the system, so additional
mechanism has to implement to avoid unwanted access to auditing and checking System log.
Both the company in Houston, HX and Richmond VA has more than 100 computers and
each system is connected to the internet using a local router with single IPS. All the local

systems are connected using subnet mapping and remotely connected using switches and routers.
To avoid failure on network traffic connection are made separately and if the system is
centralized then the network should not be flip down (Microsoft, 2018).
20. CONCLUSION
The network design designed as IPsec on server 2012 and through single IPS it is connected
externally to the various systems in an organization. All the systems are named with a domain
name so if any new system adds to this then it will automatically create an IP address by
providing DHCP on TCP/IP connection. Even by subnet masking or subnet, connection on the
system is available for a domain name that creates DNS with the various virtual private network.
Remote access on the network between two companies results in sharing of data without data
loss due to active directory domain service which will provide domain name to each access
whenever a connection needed.
REFERENCES
Microsoft (2018), “How to: use the network service account on server resources” Available at
https://msdn.microsoft.com/en-us/library/ff647402.aspx [Accessed 7th may 2018]

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Microsoft (2018),” How to configure and use active directory integration with agent,
contributors of Microsoft”, Available at
https://docs.microsoft.com/en-us/system-center/scom/manage-ad-integration-agent-
assignment?view=sc-om-1801 [Accessed 7th may 2018]
Techradar (2013), “How to set up first server by It optimization”, Available at
https://www.techradar.com/news/computing/servers/how-to-set-up-your-first-server-
1166915/2 [Accessed 7th may 2018]
Rackspace (2017), “How to manage the windows server 2012”, Available at
https://support.rackspace.com/how-to/managing-the-windows-server-2012-firewall/
[Accessed 7th may 2018]
Microsoft (2018), “Active Directory Service”, Available at
https://msdn.microsoft.com/en-us/library/ff630887.aspx [Accessed 7th may 2018]
Techtarget (2018), “Active Directory Federation Services and AD Federation Services”
Available at https://searchmobilecomputing.techtarget.com/definition/Active-Directory-
Federation-Services-AD-Federation-Services [Accessed 7th may 2018]
Microsoft (2018), “Branchcache”, Available at https://docs.microsoft.com/en-us/windows-
server/networking/branchcache/branchcache [Accessed 7th may 2018]
Vyapin (2013), “Dynamic Access control in windows server 2012”, Available at
https://www.vyapin.com/whitepapers/dynamic-access-control-in-windows-server-2012
[Accessed 7th may 2018]