###BeginCaseStudy###
Case Study: 4
Northwind Traders
Overview
Northwind Traders is a retail company.
The company has offices in Montreal and San Diego. The office in Montreal has 1,000 client
computers. The office in San Diego has 100 computers. The computers in the San Diego
office are often replaced. The offices connect to each other by using a slow WAN link. Each
office connects directly to the Internet.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named northwindtraders.com. The forest
contains two domains named northwindtraders.com and west.northwindtraders.com. All
servers run Windows Server 2012 R2.
All client computers run Windows 7.
Each office is configured as an Active Directory site. The site in the Montreal office is named
Site1. The site in the San Diego office is named Site2.
The forest contains four domain controllers. The domain controllers are configured as shown
in the following table.
DC1, DC2, and DC3 are writable domain controllers. R0DC1 is read-only domain controller
(RODC). All DNS zones are Active Directory-integrated. All zones replicate to all of the
domain controllers.
All of the computers in the San Diego office are configured to use RODC1 as their only DNS server.
The northwindtraders.com domain contains a Group Policy object (GPO) named GPO1.
GP01 is applied to all of the users in the Montreal office.
All of the user accounts for the Montreal users are in the northwindtraders.com domain. All
of the user accounts for the San Diego users are in the west.northwindtraders.com domain.
Network Environment
Site1 contains the member servers in the northwindtraders.com domain shown in the
following table.
Server1 connects to SAN storage that supports Offloaded Data Transfer (ODX). All virtual
hard disks (VHDs) are stored on the SAN.
A web application named App1 is installed on Servers.
Server3 has a shared folder that contains sales reports. The sales reports are read frequently
by the users in both offices. The reports are generated automatically once per week by an
enterprise resource planning (ERP) system.
A perimeter network in the Montreal office contains two standalone servers. The servers are
configured as shown in the following table.
The servers in the perimeter network are accessible from the Internet by using a domain name
suffix of public.northwindtraders.com.
Each administrator has a management computer that runs Windows 8.1.
Requirements
Planned Changes
Northwind Traders plans to implement the following changes:
On Server1, create four virtual machines that run Windows Server 2012 R2. The servers will
be configured as shown in the following table.
• Configure IP routing between Site1 and the network services that Northwind Traders
hosts in Windows Azure.
• Place a domain controller for the northwindtraders.com domain in Windows Azure.
• Upgrade all of the computers in the Montreal office to Windows 8.1.
• Purchase a subscription to Microsoft Office 365.
• Configure a web application proxy on Server6.
• Configure integration between VMM and IPAM.
• Apply GPO1 to all of the San Diego users.
• Connect Site1 to Windows Azure.
Technical Requirements
Northwind Traders must meet the following technical requirements:
• All virtual machines must use ODX.
• Users must be able to access App1 from the Internet.
• GPO1 must not be applied to computers that run Windows 8.1.
• All DNS zones must replicate only to DC1, DC2, and DC3.
• All computers must be able to resolve names by using a local DNS server.
• If a WAN link fails, users must be able to access all of the sales reports.
• The credentials for accessing Windows Azure must be permanently stored.
• The on-premises network must be connected to Windows Azure by using Server4.
• The administrators must be able to manage Windows Azure by using Windows
PowerShell.
• The number of servers and services deployed in the San Diego office must be
minimized.
• Active Directory queries for the objects in the forest must not generate WAN traffic,
whenever possible.
Security Requirements
Northwind Traders identifies the following security requirements:
• Ensure that all DNS zone data is encrypted when it is replicated.
• Minimize the number of permissions assigned to users and
administrators, whenever possible. Prevent an Active Directory Domain
Services (AD DS) attribute named SSNumber from replicating to Site2.
• Ensure that users can use their northwindtraders.com user account to
access the resources hosted in Office 365.
• Prevent administrators from being required to re-enter their credentials
when they manage Windows Azure from approved management computers.
###EndCaseStudy###
You need to recommend an Office 365 integration solution.
What should you include in the recommendation?
A.
Active Directory directory synchronization
B.
The Active Directory Migration Tool (ADMT)
C.
Windows Identity Foundation (WIF) 3.5
D.
The Sync Framework Toolkit