Network Proposal for Crete LLC

Crete LLC’s Windows Server 2012 Network Proposal

Crete LLC is a business organization that produces and distributes solar panel for the consumer market. In the past few years, the solar panel market has experienced tremendous growth because of the increased consumer demands for solar panels. Consequently, Crete LLC seeks to establish itself as a major industry player in order to meet the high demand for solar panels. Therefore, the company seeks to establish offices in three locations i.e. Los Angeles, Houston, and Dallas with the main staff situated at the Houston and Dallas offices. Crete LLC needs to adopt technology in order to enhance success and profitability in the market. Therefore, data security is a priority given that the organization is likely to experience issues relating to patent and trademarks. The sales personnel at firm’s Los Angeles office need secure remote access to the Houston office. This report provides a technology proposal for Crete LLC in light of its current implementation or concerns relating to technology adoption.
Windows Server 2012 Network
As previously indicated, technology adoption is an important factor toward enhancing the ability of Crete LLC to achieve its business objectives and goals. Since the company focuses on expanding to different offices in different locations in the future, a robust implementation of technology would help in enhancing the success of expansion initiatives and overall organizational success and profitability. Based on the company’s current implementation and concerns, a robust implementation of Windows Server 2012 is crucial towards success of expansion and profitability of the firm. Van Vugt (2014) states that Windows Server is increasingly vital in the changing information technology landscape. Windows Server 2012 is becoming more important in the modern business environment because of its significant features and improvements in line with the changing IT landscape. Therefore, robust implementation of Windows Server 2012 will help Crete LLC achieve its business and technical objectives. The robust implementation must ensure that security and general administration features of Windows Server 2012 are taken into consideration. For this company, Windows Server 2012 will cover various issues relating to security and general administration including Active Directory, Group Policy, DNS, File Services, Remote Services, and WSUS (Windows Server Update Services).
Active Directory
Van Vugt (2014) states that Active Directory is one of major features or points of Windows Server 2012. This is primarily because the feature offers Kerberos-based authentication services that can be utilized by office users and others. For Crete LLC, Active Directory will be utilized as a centralized platform for authentication and authorization. In this case, the company should implement regional domain model since it seeks to expand to different offices in the near future. Mathers et al. (2017) states that Microsoft recommends a regional domain model for a company or organization with a large main office centrally and dispersed branch offices across the country. Since Dallas and Houston offices will act as the central offices for Crete LLC, a regional domain model would help in interconnected of the three offices in the different locations in the country. The suitability of a regional domain model for this company is also evident in the role it will play in maintaining a stable environment over time.
Through this model, the company will have a forest root domain with one or more regional domains as shown in Figure 1 below. In essence, one of the company’s offices will be the forest root while the other offices will be designated as regional domain branches in the domain structure. In this case, the Houston office will act as the forest root whereas Los Angeles and Dallas offices will be the regional domain trees. Since a regional domain model will be utilized, the domain names will vary depending on the office. Houston office domain will be Houston.crete.com, Dallas will be Dallas.crete.com, and Los Angeles will be LA.crete.com. The domain controllers will be at the three locations or offices since this will help enhance productivity, lessen login process, and cost-savings. Given that the company seeks to have main staff at Dallas and Houston offices, Read-only Domain Controller (RODC) will be established at the Los Angeles office. According to Grillenmeier (2008), Read-only Domain Controller are suitable for branch locations or offices that need robust, rapid, and reliable authentication services. Los Angeles office will not have many users since its not considered as a main location, which makes it ideal for RODC.
Figure 1: Regional Domain Model for Crete LLCHouston.crete.com
Dallas.crete.com
LA.crete.com
Domain controllers must be assigned some specific roles for the network to function properly in an Active Directory environment (Tulloch, 2004). For Crete LLC, assigning specific Flexible Single Master Operations (FSMO) roles is essential towards the proper and effective functioning of it’s network. As the main offices, the company’s Dallas and Houston offices will be assigned PDC Emulator, which is an FSMO role that enforces account lockout, synchronizes time for all domain controllers in the root domain, and manages password changes. These offices will also be assigned Infrastructure Master role to help promote cross-domain object references. On the other hand, the Los Angeles office will be assigned RID Master role because its not one of the major offices at Crete LLC.
Windows Server Backup feature will be employed for backup and recovery of the organization’s Active Directory. The plan for Active Directory backup and recovery for Crete LLC will entail securing the backups on site either at an off-site location or in a safe. Additionally, the backups will be scheduled regularly to protect against any potential disaster that could occur. This would be part of a safe measure towards protecting the organization’s Active Directory.
Group Policy
Group Policy is a term that is utilized by Microsoft for its servers and emerges from the idea the use of these servers entails grouping together policy settings (Moskowitz, 2012). Therefore, Group Policy is a concept that is used to refer to rules that are applied and implemented at various levels of Active Directory. The policy settings that are group together under this concept are rules that must be complied with by users of the systems and its computers. As a result, Group Policy is essential towards enhancing power and efficiency during manipulation of client systems.
For Crete LLC, Group Policy is essential toward provide rules and guidelines that are applied to different Active Directory levels. Moreover, Group Policy will help to maintain the security of the network. Through applying the rules and guidelines at different levels, Crete LLC will maintain and enhance the security of it’s network. The need to maintain and enhance network security demonstrates the essence of Group Policy for this company.
One of the settings that might be considered via Group Policy is “Rename the Local Administrator Account”, which should not only be enabled but also utilized. This setting is essential toward enhancing the security of Crete LLC’s network because the default administrator setting can be easily used by attackers to gain unauthorized access to the network and system. Attackers can easily access the network and cause damages because the default setting makes it easy for them to know the username account, which is half the work. Secondly, “Disable the Guest Account” is a crucial setting that might be considered through Group Policy. Group Policy gives network administrators the ability to lockdown user passwords through determining complexity, minimum length, and attempts users can have when trying to access the company’s network.
DNS
According to publication by Tech-FAQ (2018), DNS is a hierarchically spread database, which creates tiered names that can be addressed to IP addresses. In Windows Server 2012, DNS is the basic name registration and resolution service. DNS comprises different components that help in performing various functions relating to name registration, service location, and name resolution. Some of these components include fully qualified domain name (FQDN), Alias, connection-specific DNS suffix, DNS server, and primary DNS suffix.
The robust implementation of Windows Server 2012 at Crete LLC requires executing a suitable namespace as well as identifying the required types of zones. Generally, the naming system, which acts as the framework for the tiered and logical tree structure for DNS, is referred to as domain namespace. However, organizations can also create their own domain namespaces through developing private networks that are not visible on the Internet.
Crete LLC should implement a contiguous namespace, which is considered to be less complex to administer, maintain and troubleshoot as compared to a disjoint namespace. A contiguous namespace is one in which the primary DNS suffix is similar to the domain name in the Active Directory. Since a regional domain model will be utilized in the organization, a contiguous namespace would help create network applications that are identical to the primary DNS suffix for all domain member computers in the Active Directory namespace. A contiguous namespace would support the creation of a different domain name for each of the company’s offices i.e. Houston.crete.com, Dallas.crete.com, and LA.crete.com. For example, http://www.Houston.crete.com and http://www.Dallas.crete.com create a contiguous namespace under the domain http://www.crete.com.
Given that a contiguous namespace should be implemented by the company, multiple zones with a contiguous namespace are required. This zone is suitable for the company because the three domain names are the main domains while http://www.crete.com is an external BIND DNS namespace rather than a domain. Since http://www.crete.com is a BIND DNS and not a domain, a single DNS zone is not suitable for the server. A multiple zone with a contiguous namespace supports the creation of the different domains for each of the company’s offices. While each of these three domains are different, they are part of a contiguous namespace since their FQDN contains crete.com, the name of the parent domain.
Multiple DNS zones with a contiguous namespace are typically used by organizations to distribute administrative responsibilities. For many companies like Crete LLC, there are operational and technical boundaries that must be effectively managed across the different locations or offices. Each of the firm’s offices will have its administrators, which necessitates the use of multiple DNS zones with contiguous namespace. Such a DNS zone is essential because it will permit several administrators at different locations to assume responsibility for individual pieces of the namespace (Watts et al., 2003). From a technical perspective, multiple zones with a contiguous namespace lessens the load on a DNS infrastructure and enhance efficiency.
File Services
Crete LLC’s network will incorporate a file server, which is a computer running software that basically promotes storage for and access to the storage by its users. Therefore, securing file shares is an essential aspect toward maintaining the network’s security. File share provide a centralized storage location for an individual user’s work-related data and files. The organization will utilize different methods for securing file shares between the different offices or departments. One of these measures is to keep the Windows file server off the Internet since most Windows file servers do not necessarily need to be connected to the Internet. This process would entail using firewall to limit access from external sources outside the LAN. Secondly, the Windows server will be fully patched and updated at all times. Windows Server Updated Services will be utilized to ensure the file server is kept up to date. The other measure for secure the shares is controlling file access through limiting it to specific authorized individual users and groups within and outside the organization.
Quotas will also be used to limit the amount of storage or disk space that can be utilized by a user on the central server. This is essential in securing file share and promoting the efficiency of the network since it ensures fair availability and utilization of computing resources as well as management of available disk/storage space. File Server Resource Manager (FSRM) will be installed and configured to help administrators block specific files types from being uploaded to the server. Distributed File System (DFS) will be implemented since it will enable Crete LLC’s System Administrators to develop a single namespace to offer a duplicated sharing infrastructure for users across the network.
Remote Services
Given the nature of Crete LLC’s operations, providing secure remote access for users is essential towards enhancing the success and profitability of the company. Remote access will be granted to the company’s employees since they play a critical role in organizational processes and activities. A business cannot be successful across its operations without granting its employees remove access. The failure to do so would contribute to loss of market share to competitors. Moreover, its important for the organization’s employees to have remote access because there are situations where some of the workers may need to urgently access their emails, a vulnerable organizational asset or connect to the firm’s intranet in order to perform their jobs.
The most suitable technology for Crete LLC to provide secure remote access for users is a Virtual Private Network (VPN). Through VPN, users i.e. employees can securely access network resources remotely using their own credentials. A Virtual Private Network provides a secure framework for users to remotely access organizational data and network resources when conducting their jobs. Additionally, this technology helps users to connect to an on-premises computer using a secure Remote Desktop session (Microsoft, 2014).
WSUS
Management of servers and clients requires the use of Windows Server Update Service (WSUS). WSUS comprise features that can be utilized in management and distribution of updates using a management console. Through WSUS, clients and servers will be updated using centralized update management and update management automation. Centralized update management is a framework with which servers and clients are updated centrally by a System Administrator while update management automation entails scheduling automatic updates (Plett & Poggemeyer, 2017). New servers will be deployed using typical processes i.e. installing the servers’ operating systems and applications, configuring network settings, patching the servers into the LAN switch, and configuring suitable firewall rules.
In conclusion, Crete LLC requires a suitable technology infrastructure to help achieve its business and technical goals. Given the nature of the company’s operations, an appropriate technology infrastructure would help enhance the success and profitability of the company in the solar panel markets amidst increasing consumer demand. The technology and network infrastructure should handle the various technical and business issues in the organization’s three locations i.e. Dallas, Houston and Los Angeles offices. As shown in the above discussion, the most suitable technology infrastructure for the company incorporates different elements including Active Directory, Group Policy, DNS, File Services, Remote Services, and WSUS.


References
Grillenmeier, G. (2008, February 26). Active Directory Enhancements in Windows Server 2008. Retrieved April 21, 2018, from http://www.itprotoday.com/windows-8/active-directory-enhancements-windows-server-2008
Mathers et al. (2017, May 31). Reviewing the Domain Models. Retrieved April 21, 2018, from https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/reviewing-the-domain-models
Microsoft. (2014, August 12). Secure Remote Access in Small and Midsize Businesses. Retrieved April 21, 2018, from https://technet.microsoft.com/en-us/library/dn629457(v=ws.11).aspx
Moskowitz, J. (2012). Group policy: Fundamentals, security, and the managed desktop. Hoboken, NJ: John Wiley & Sons.
Plett, M. & Poggemeyer, L. (2017, October 16). Windows Server Update Services (WSUS). Retrieved April 21, 2018, from https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus
Tech-FAQ. (2018). Planning and Implementing a DNS Namespace. Retrieved April 21, 2018, from http://www.tech-faq.com/planning-and-implementing-a-dns-namespace.html
Tulloch, M. (2004, June 15). Best Practices for Assigning FSMO Roles. Retrieved April 21, 2018, from http://www.windowsdevcenter.com/pub/a/windows/2004/06/15/fsmo.html
Van Vugt, S. (2014, October). The Significance of Windows Server in a Changing IT Landscape. Retrieved April 21, 2018, from https://searchwindowsserver.techtarget.com/opinion/The-significance-of-Windows-Server-in-a-changing-IT-landscape
Watts et al. (2003, April 11). Implementing and Administering DNS. Retrieved April 21, 2018, from http://www.pearsonitcertification.com/articles/article.aspx?p=31463&seqNum=4