70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrast...
This presentation is the property of its rightful owner.
Sponsored Links
1 / 42

Chapter 7: Service Sizing and Placement PowerPoint PPT Presentation


  • 68 Views
  • Uploaded on
  • Presentation posted in: General

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure. Chapter 7: Service Sizing and Placement. Exam Objectives. 4.2 Design an Active Directory implementation plan 4.3 Specify the server specifications to meet system requirements

Download Presentation

Chapter 7: Service Sizing and Placement

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Chapter 7 service sizing and placement

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

Chapter 7:

Service Sizing and Placement


Exam objectives

Exam Objectives

  • 4.2 Design an Active Directory implementation plan

  • 4.3 Specify the server specifications to meet system requirements

  • 4.2.1 Design the placement of domain controllers and global catalog servers

  • 4.1 Design a DNS service placement

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Exam objectives continued

Exam Objectives (continued)

  • 4.2.3 Select the domain controller creation process

  • 4.2.2 Plan the placement of flexible operations master roles

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


The planning phase

The Planning Phase

  • Factors that contribute to the need for a service placement strategy:

    • Unreliable WAN links

    • Nonredundant WAN links

    • Expensive, overused WAN links

    • Physically insecure locations

    • IT hardware budgets

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Logon time

Logon Time

  • When designing service placement, time to start up is affected by:

    • Complexity of startup and logon scripts

    • Number of group policies processed for the computer and user

    • Network speed from client to DC, DNS server, and GC

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Active directory infrastructure required for self sufficiency

Active Directory Infrastructure Required for Self-Sufficiency

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Security

Security

  • Domain controllers (DCs)

    • House the Active Directory database

  • Active Directory database

    • Used to store sensitive information

  • Of paramount importance

    • Security of database and DCs housing it

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Location security points system

Location Security Points System

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Replication overhead

Replication Overhead

  • For every DC deployed

    • Associated replication traffic overhead exists

  • Important

    • The testing and measurement of additional network services

  • Decision to be made

    • Whether logon times should be optimized or replication traffic minimized

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Active directory aware applications

Active Directory-Aware Applications

  • Active Directory:

    • A database used to store objects that exist within the organization

    • Can also store data relating to applications

    • Access to stored data can dictate where DCs are located

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


User populations

User Populations

  • Role of designer of an Active Directory infrastructure deployment:

    • Document each location and the number of users at that location

    • Assess the type of users at each location

    • Determine if users require Active Directory authentication even in the event of a WAN failure

    • Create user population bandings

    • Deploy the appropriate Active Directory infrastructure components

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


The implementation plan

The Implementation Plan

  • Designing service placement should:

    • Introduce a degree of subjectivity

    • Remove ambiguity where possible

  • Develop an algorithm that:

    • Decides which locations should receive infrastructure components

    • Justifies the need for the infrastructure from budgetary, operational, and political points of view

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Weighted points assignment for user populations

Weighted Points Assignment for User Populations

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Weighted points assignment for location bandwidth

Weighted Points Assignment for Location Bandwidth

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Weighted points assignment for service levels

Weighted Points Assignment for Service Levels

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Weighted points assignment for spoke sites supported

Weighted Points Assignment for Spoke Sites Supported

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Sizing and availability

Sizing and Availability

  • Windows Server 2003 Active Directory supports four different partitions:

    • Schema

    • Configuration

    • Domain

    • Application Directory partitions

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Sizing domain partitions

Sizing Domain Partitions

  • Size of domain partition in GB = (number of users in domain / 1000) * 0.4

  • Above expression allows administrators and architects to estimate the size of the database before deployment

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Domain partition size versus number of users in the domain

Domain Partition Size versus Number of Users in the Domain

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Application directory partitions

Application Directory Partitions

  • Can be used to store data pertinent to a particular application

  • Stored data can be replicated to any subset of DCs in the forest deemed appropriate

  • Discrete partitions within the database

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Domain controller sizing and specification

Domain Controller Sizing and Specification

  • Recommendations for disk configuration and disk space requirements:

    • For DCs accessed by fewer than 1000 users, all four can be collocated on the same RAID 1 array

    • For DCs accessed by more than 1000 users, place logs and database on separate RAID arrays

    • Place SYSVOL and the database on the same RAID array

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Windows server 2003 minimum system requirements

Windows Server 2003 Minimum System Requirements

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Recommended domain controller disk configurations

Recommended Domain Controller Disk Configurations

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Disk space requirements

Disk Space Requirements

  • Database

    • Allow for 0.4Gb per 1000 users

  • Logs

    • Allow at least 500MB free space

  • SYSVOL

    • Allow at least 500MB free space

  • Operating System

    • Allow at least 1.5GB free space

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Recommended domain controller cpu and memory requirements

Recommended Domain Controller CPU and Memory Requirements

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Placement considerations

Placement Considerations

  • Windows Server 2003 Deployment Resource Kit

    • Covers DC, GC, FSMO, and DNS service placement and suggests algorithms for each

  • Figure 7.3

    • Focuses on remote administration, physical security, and WAN availability and performance

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Placement considerations continued

Placement Considerations (continued)

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Microsoft recommended number of domain controllers per site

Microsoft Recommended Number of Domain Controllers Per Site

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


The promotion strategy

The Promotion Strategy

  • Split into two stages:

    • First stage deals with a review of the server’s configuration

    • Second stage is the actual promotion

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Manual promotion

Manual Promotion

  • Most popular approach to promoting servers to become DCs

  • Offers the administrator complete control over the promotion phase

  • Involves the installation of a Windows Server 2003 member server

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Automated promotion

Automated Promotion

  • Promoting a member server to a DC

    • Can be automated using a dcpromo answer file

  • Dcpromo

    • Can be executed in the following way

      • dcpromo /answer

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Global catalog server sizing and specification

Global Catalog Server Sizing and Specification

  • Space requirements for GC servers

  • Active Directory-aware applications

    • Most important factor when choosing GC placement

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Global catalog server sizing and specification continued

Global Catalog Server Sizing and Specification (continued)

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Global catalog server sizing and specification continued1

Global Catalog Server Sizing and Specification (continued)

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Dns servers

DNS Servers

  • Flexible Single Master Operations Roles:

    • There are five FSMO roles in all

      • Two per forest and three per domain

    • In a forest with five domains

      • There will be 2 (forest) and 5 * 3 (domain) FSMO roles for a grand total of 17

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Domain naming master

Domain Naming Master

  • Active Directory forest:

    • May contain many domains

    • Each domain must have a unique fully qualified domain name (FQDN)

  • Role must be assigned to precisely one DC in the forest

  • Responsible for maintaining the authoritative list of domains in the forest

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Schema master

Schema Master

  • Schema:

    • Exists as a partition within Active Directory

    • Is replicated as a read-only partition to every DC in the forest

  • DC that houses Schema Master (SM) FSMO role

    • The only DC in forest that can have schema amendments made to its copy of the Schema partition

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Rid master

RID Master

  • When a new security principal is created

    • It is assigned a unique Security ID (SID)

  • SID is comprised of two parts:

    • A domain SID

    • A relative ID, or RID

  • RID Master FSMO role

    • Ensures that different DCs never allocate the same RID to different objects

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Failover and recovery

Failover and Recovery

  • Role Transfer

    • Preferred method of moving FSMO roles from one DC to another

  • Role Seizure

    • Role should be seized only if current holder cannot be contacted to transfer the role in a graceful manner

  • Standby Servers

    • Facilitates failover

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Fsmo role transfer and seizure best practices

FSMO Role Transfer and Seizure Best Practices

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Summary

Summary

  • Identify locations that require self-sufficiency

  • Identify Active Directory-aware applications and their requirements

  • Assess your organization’s user populations

  • Create an algorithm to assign service components

  • Create an implementation plan

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


Summary continued

Summary (continued)

  • Carefully forecast the size of the Active Directory database

  • Choose:

    • Appropriate hardware specification for DCs, GC servers, and DNS servers

    • Appropriate locations for FSMO roles and plan for FSMO role holder failures

  • Understand rules and ramifications of seizing and transferring FSMO roles

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure


  • Login