New Features of Windows Server 2012

Windows Server 2012 has several new features and improvements over the previous versions of Windows Server that will greatly enhance GAI’s networking ability. Some of these new features and improvements include enhancements to Active Directory, updated Group Policy, improved File and Storage Services, enhanced DNS and DHCP server functionality, as well as improvements to the Hyper-V functionality. These improvements will provide GAI the ability to better maintain the security of their network by controlling user accounts, as well as user and computer access. They will also provide more streamlined DNS and DHCP processes and allow the organization to create and manage an improved virtualized environment. Active Directory is a centralized database that provides services to manage and control user accounts and computers, control access and provide authentication, as well as implement and enforce security policies.

These services are Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), Active Directory Federation Services (AD FS), Active Directory Lightweight Directory Services (AD LDS), and Active Directory Rights Management Services (AD RMS). AD DS, provides the means to create scalable, secure, and manageable infrastructures for user and resource management (AD DS Overview, 2013). AD CS provides services for issuing and managing digital certificates for encrypting digitally signing documents (AD CS Overview, 2013). AD FS provides clients with a means to securely access internal sites and resources AD FS Overview, 2013). AD LDS provides data storage and access for directory-enabled applications (AD LDS Overview, 2012).

AD RMS uses tools such as certificates, encryption and authentication, to provide the ability for the organization to create information security solutions (AD RMS Overview, 2012). Group Policy is used to set up configuration settings that can be applied to objects such as users or computers (What’s New in Group Policy in Windows Server, 2014). There are many different policies you can apply with Group Policy, some common ones are Account Policies, Local Policies, File System Policies, as well as Software Restriction Policies. With Account Policies, you can set the parameters that must be met for account password length, complexity requirements, the maximum and minimum amount of time a password can be used, and lockout durations for incorrect password. With Local Policies, you can control what ability a user has on a computer, such as accessing the network, backing up files, or shutting down the computer.

You can also use Local polices audit events such as log on and off events. With File System Policies you can configure file and folder access permissions on multiple computers. You would use Software Restriction Polices to identify allowed and denied software, as well as restrict software usage to particular users or groups. File and Storage Services provide the tools need to manage shared file servers. The File and Storage Services feature Work Folders allows users to access work files stored on the file servers from their personal devices (File and Storage Services Overview, 2013). You can use the Storage Spaces feature to deploy high availability storage that is resilient and scalable by using industry-standard disks. Another useful feature is the Server Manager feature, which allows administrators the ability to manage multiple file servers from one interface. The File and Storages role Distributed File System (DFS) Replication provides the means to replicated file and folder data across multiple sites and file servers.

The overall functionalities of both DNS and DHCP servers were greatly improved with Windows Server 2012 over the previous versions of Windows Server. DNS Security Extensions (DNSSEC) support in Windows Server 2012 now supports the updated DNSSEC standards, it supports Active Directory-integrated DNS scenarios such as dynamic updates in DNSSEC zones, and trust anchor distribution through Active Directory is now automatic, as well as easier deployment and management of DNS servers through PowerShell (What’s New in DNS Server in Windows Server, 2014). One improvement to DHCP servers include DHCP failover, which provides the ability to share IP addresses and configurations between two DHCP servers so they both can provide IPs from the same scope. This will provide continuous availability in case one of the servers fail (What’s New in DHCP Server in Windows Server, 2014). Another improving to DHCP server functionality is now the server can evaluate DHCP requests against polices that have been previously defined. The defined policies can include what vendor type, user class, and MAC addresses.

Hyper-V allows you to create and manage a virtualized machines. Some of the features that are new or were updated with Windows Server 2012 are client hosted Hyper-V, improved dynamic memory and storage migration. With client Hyper-V, you can run Hyper-V in a desktop operating system, which means you no longer have to install a server OS to run host Hyper-V. The dynamic memory improvements include the ability to configure the minimum memory settings. This will improve hardware allocation when hosting multiple virtual machines on one computer. With the new storage migration ability, you can now move virtual hard disks from one physical location to another while the virtual machine is running. This allows for easier management of the physical storage locations regardless of the state of the virtual machine (What’s New in Hyper-V for Windows Server, 2012). Deployment and Server Editions

There will be a total of 11 servers needed for the network. There will be 7 servers in the LA region and 4 servers in the New York region. LA Region: There will be a domain controller (LADC) with the AD DS, DNS, File and Storage services, Print and Documents Services roles installed. This server will provide the Active Directory domain controller function to manage the network users and devices in the LA region. It will also provide the DNS role which will provide name resolution, meaning it will map IP addresses to hostnames or vice versa. There will be a file server (LAFileServer) with the File and Storage services, Print and Documents Services roles installed. This will be he shared file server for LA region. There will be a DHCP server (LADHCP1) with the DHCP server role installed. This server will provide the DHCP services for the LA region. The DHCP server will automatically provide IP addresses to the clients that connect to the network. There will also be a second DHCP server (LADHCP2) with the DHCP server role installed.

This server will provide fault tolerance in the event the first DHCP server is unavailable. There will be a Web server (LAWeb) with the Web Server (IIS), AD CS, Print and Document Services roles installed. This server will host the organization’s website. It will also provide certificate authentication for users who access the site. There will be a Windows deployment server (LAWDS) with the Windows Deployment Services (WDS) Role installed. This server will be used to deploy Windows Operating Systems to newly add devices. There will be a Windows update server (LAWSUS) with the Windows Server Update Services (WSUS) role installed. This server will be used to install required updates on network devices. New York Branch:

Due to the limited IT staff at the New York branch, there will be a read only domain controller (NYDC) with the read only AD DS, read only DNS, File and Storage services, Print and Documents Services roles installed. The domain controller LADC will replicate the domain database to this server and this server will keep a read only copy, meaning this server cannot write to Active Directory. Another benefit of adding a read only domain controller is that users in New York will have quicker logon times thanks to credential caching. There will be a file server (NYFileServer) with the File and Storage services, Print and Documents Services roles installed. This will be he shared file server for New York branch. Due to security concerns with broadcasting DHCP packets over the WAN, there will be a DHCP server (NYDHCP1) with the DHCP server role installed. This server will provide the DHCP services for the New York branch. To provide fault tolerance for the New York branch a second DHCP server (NYDHCP2) will also be installed. What edition of Windows will be used for each server?

Both Windows Server 2012 Standard and Datacenter support up to 64 CPU sockets and 4 TB of RAM, server clustering and Server Core installation. Both support unlimited LAN connections, unlimited simultaneous Routing and Remote Access (RRAS) connections, and unlimited simultaneous Remote Desktop (RD) connections. The difference between the two is the Standard only hosts two virtualized machines on one license with Hyper-V and with Datacenter you can host unlimited virtual machines. Another consideration is to keep in mind is that Datacenter is significantly more expensive than Standard. With that said, unless the company plans to host many virtual machines, the Standard edition will be adequate. Will Server Core be used on any servers?

With Server Core there is no GUI, no management tools, just the command line. It is designed to be used on servers that do not hosts server applications or servers with relatively little activity other than their primary role. It is used to provide better stability, simpler management and maintenance, and can provide a more secured installation over a Full installation. Server Core will be used on the file servers, the DHCP servers, and the read only domain controller. Active Directory

In this network, there is one root domain (LA) and a child domain (New York). To better manage the company’s resources, the company will be divided into five Organizational Units (OUs) based on the departments in the organization, Executive (Executives), Acct-Sales (Accounting and Sales Department), Creative-Media (Creative, Media and Production department), HR-Finance (Human Resources and Finance), and IT (IT staff). Security groups will be used to allow users access to department files and restrict other users who do not require access. Group Policies will be implemented based on the duties performed and the amount of access required by each department. DNS and DHCP

Assuming the company will be using private IP addressing, the subnet for the LA region will be 192.168.0.0 /24. The DCHP scope range will be from 192.168.0.1 to 192.168.0.254. An exclusion will be set up for IPs 192.168.0.1 to 192.168.0.39 so that these IPs can be statically assigned to servers and printers in the network. The subnet for the New York region will be 192.168.1.0 /25 and the DHCO scope range will be 192.168.1.1 to 192.168.1.126 with an exclusion in place for the IPs 192.168.1.1 to 192.168.1.9 so those IPs can be statically assigned to servers and printers. For fault tolerance, DHCP failover will be implemented at both sites, using both DHCP servers at each site. GIACorp.com will be used as the root domain name for the LA region and NewYork.GIACorp.com will be used as the New York branch domain name (Figure 1). On the LA DNS server, an Active Directory-integrated DNS zone will be used and the New York DNS server will be used set up as a secondary DNS server. This way the LA DNS server will replicate zone data down to the New York DNS server. Application Services

Software deployment will be done through Group Policy. To set up software deployment, we must first obtain the software installation package and place it in a distribution point that is accessible to the computers throughout the network. Once that is complete, we then must set up a Software Installation Policy and choose to either Assign, which will install the software automatically, or Publish, which will make the software available in the Add/Remove Programs tab on the computer and the user can install the software if needed. Once the policy is set up, you can then assign it users or computers in the OU that requires it. Given the nature of the company, software such as Microsoft Office, Adobe, and photo editing software may be needed and can be distributed this way. File and Printer Sharing

FSRM quotas will be used on the file servers to manage the space limits for the different departments. Soft quotas will be used as the company is starting up to monitor the amount of data being stored on the servers. This way the IT staff can receive notifications when a department goes over the assigned limit and can make adjustments to the size allotted. Given that there will be at least one user from each of the departments at both sites, shared folders for each of the departments will be used for the users to share files. DFS will be used to create a domain-based namespace. NTFS file permissions for users and groups will be used, but to address the concerns of some departments wanting their data to remain private from other departments, access-based enumeration (ABE) will also be used to restrict user access to files they do not have access to.

References
Active Directory Domain Services Overview (August 7, 2013). Retrieved July 29, 2014 from http://technet.microsoft.com/en-us/library/hh831484.aspx Active Directory Certificate Services Overview (June 24, 2013). Retrieved 29 July, 2014 from http://technet.microsoft.com/en-us/library/hh831740.aspx Active Directory Federation Services Overview (November 1, 2013). Retrieved July 29, 2014 from http://technet.microsoft.com/en-us/library/hh831502.aspx Active Directory Lightweight Directory Services Overview (February 29, 2012). Retrieved July 30, 2014 from http://technet.microsoft.com/en-us/library/hh831593.aspx Active Directory Rights Management Services Overview (February 8, 2012). Retrieved July 30 from http://technet.microsoft.com/en-us/library/hh831364.aspx What’s New in Group Policy in Windows Server (July 3, 2014). Retrieved July 30, 2014 from http://technet.microsoft.com/en-us/library/dn265973.aspx#BKMK_GP2012 File and Storage Services Overview (September 9 2013). Retrieved July 30, from
http://technet.microsoft.com/en-us/library/4cb00829-8d05-4499-8adc-7506e159f857#BKMK_NEW What’s New in DNS Server in Windows Server (July 3, 2014). Retrieved 30 July, 2014 from http://technet.microsoft.com/en-us/library/dn305898.aspx#BKMK_DNS2012

What’s New in DHCP in Windows Server (July 3, 2014). Retrieved July 30, 2014 from http://technet.microsoft.com/en-us/library/dn305900.aspx#BKMK_DHCP2012 What’s New in Hyper-V for Windows Server 2012 (June 6, 2012). Retrieved July 30, 2014 from http://technet.microsoft.com/en-us/library/hh831410.aspx#BKMK_storagemigration