Which actions should you recommend performing for each customer?

HOTSPOT

###BeginCaseStudy###
Case Study: 3
Northwind Traders
Overview
Northwind Traders is an IT services and hosting provider.
Northwind Traders has two main data centers in North America. The data centers are located
in the same city. The data centers connect to each other by using high-bandwidth, low-latency
WAN links. Each data center connects directly to the Internet.
Northwind Traders also has a remote office in Asia that connects to both of the North
American data centers by using a WAN link. The Asian office has 30 multipurpose servers.
Each North American data center contains two separate network segments. One network
segment is used to host the internal servers of Northwind Traders. The other network segment
is used for the hosted customer environments.
Existing Environment
Active Directory
The network contains an Active Directory forest named northwindtraders.com. The forest
contains a single domain. All servers run Windows Server 2012 R2.
Server Environment
The network has the following technologies deployed:
• Service Provider Foundation
• Windows Azure Pack for Windows Server
• System Center 2012 R2 Virtual Machine Manager (VMM)
• An Active Directory Rights Management Services (AD RMS) cluster
• An Active Directory Certificate Services (AD CS) enterprise certification authority
(CA)
All newly deployed servers will include the following components:
• Dual 10-GbE Remote Direct Memory Access (RDMA)-capable network adapters
• Dual 1-GbE network adapters
• 128 GB of RAM
Requirements
Business Goals
Northwind Traders will provide hosting services to two customers named Custoner1 and
Customer2, network of each customer is configured as shown in the following table.

Planned Changes
Northwind Traders plans to implement the following changes:
• Deploy System Center 2012 R2 Operations Manager.
• Deploy Windows Server 2012 R2 iSCSI and SMB-based storage.
• Implement Hyper-V Recovery Manager to protect virtual machines.
• Deploy a certificate revocation list (CRL) distribution point (CDP) on the internal
network.
• For Customer 1, install server authentication certificates issued by the CA of
Northwind Traders on the virtual machine in the hosting networks.
General Requirements
Northwind Traders identifies the following requirements:
• Storage traffic must use dedicated adapters.
• All storage and network traffic must be load balanced.
• The amount of network traffic between the internal network and the hosting network
must be minimized.
• The publication of CRLs to CDPs must be automatic.
• Each customer must use dedicated Hyper-V hosts.
• Administrative effort must be minimized, whenever possible.
• All servers and networks must be monitored by using Operations Manager.
• Anonymous access to internal file shares from the hosting network must be
prohibited.
• All Hyper-V hosts must use Cluster Shared Volume (CSV) shared storage to host
virtual machines.
• All Hyper-V storage and network traffic must remain available if single network
adapter fails.
• The Hyper-V hosts connected to the SMB-based storage must be able to use of the
RDMA technology.
• The number of servers and ports in the hosting environment to which the customer
has access must be minimized.
Customer1 Requirements
Northwind Traders identifies the following requirements for Customer1:

• Customer1 must use SMB-based storage exclusively.
• Customer1 must use App Controller to manage hosted virtual machines.
• The virtual machines of Customer1 must be recoverable if a single data center fails.
• Customer1 must be able to delegate self-service roles in its hosted environment to its
users.
• Customer1 must be able to check for the revocation of certificates issued by the CA of
Northwind Traders.
• The users of Customer1 must be able to obtain use licenses for documents protected
by the AD RMS of Northwind Traders.
• Certificates issued to the virtual machines of Customer1 that reside on the hosted
networks must be renewed automatically.
Customer2 Requirements
Northwind Traders identifies the following requirements for Customer1:
• Customer1 must use iSCSI-based storage exclusively.
• All of the virtual machines of Customer2 must be migrated by using a SAN transfer.
• None of the metadata from the virtual machines of Customer1 must be stored in
Windows Azure.
• The network configuration of the Hyper-V hosts for Customer2 must be controlled by
using logical switches.
• The only VMM network port profiles and classifications allowed by Customer2 must
be low-bandwidth, medium-bandwidth, or high-bandwidth.
• The users at Northwind Traders must be able to obtain use licenses for documents
protected by the AD RMS cluster of Customer2. Customer2 plans to decommission
its AD RMS cluster during the next year.
###EndCaseStudy###

You need to recommend a solution that meets the AD RMS requirements of Customer1 and Customer2.
Which actions should you recommend performing for each customer? To answer, select the
appropriate customer for each action in the answer area.

HOTSPOT

###BeginCaseStudy###
Case Study: 3
Northwind Traders
Overview
Northwind Traders is an IT services and hosting provider.
Northwind Traders has two main data centers in North America. The data centers are located
in the same city. The data centers connect to each other by using high-bandwidth, low-latency
WAN links. Each data center connects directly to the Internet.
Northwind Traders also has a remote office in Asia that connects to both of the North
American data centers by using a WAN link. The Asian office has 30 multipurpose servers.
Each North American data center contains two separate network segments. One network
segment is used to host the internal servers of Northwind Traders. The other network segment
is used for the hosted customer environments.
Existing Environment
Active Directory
The network contains an Active Directory forest named northwindtraders.com. The forest
contains a single domain. All servers run Windows Server 2012 R2.
Server Environment
The network has the following technologies deployed:
• Service Provider Foundation
• Windows Azure Pack for Windows Server
• System Center 2012 R2 Virtual Machine Manager (VMM)
• An Active Directory Rights Management Services (AD RMS) cluster
• An Active Directory Certificate Services (AD CS) enterprise certification authority
(CA)
All newly deployed servers will include the following components:
• Dual 10-GbE Remote Direct Memory Access (RDMA)-capable network adapters
• Dual 1-GbE network adapters
• 128 GB of RAM
Requirements
Business Goals
Northwind Traders will provide hosting services to two customers named Custoner1 and
Customer2, network of each customer is configured as shown in the following table.

Planned Changes
Northwind Traders plans to implement the following changes:
• Deploy System Center 2012 R2 Operations Manager.
• Deploy Windows Server 2012 R2 iSCSI and SMB-based storage.
• Implement Hyper-V Recovery Manager to protect virtual machines.
• Deploy a certificate revocation list (CRL) distribution point (CDP) on the internal
network.
• For Customer 1, install server authentication certificates issued by the CA of
Northwind Traders on the virtual machine in the hosting networks.
General Requirements
Northwind Traders identifies the following requirements:
• Storage traffic must use dedicated adapters.
• All storage and network traffic must be load balanced.
• The amount of network traffic between the internal network and the hosting network
must be minimized.
• The publication of CRLs to CDPs must be automatic.
• Each customer must use dedicated Hyper-V hosts.
• Administrative effort must be minimized, whenever possible.
• All servers and networks must be monitored by using Operations Manager.
• Anonymous access to internal file shares from the hosting network must be
prohibited.
• All Hyper-V hosts must use Cluster Shared Volume (CSV) shared storage to host
virtual machines.
• All Hyper-V storage and network traffic must remain available if single network
adapter fails.
• The Hyper-V hosts connected to the SMB-based storage must be able to use of the
RDMA technology.
• The number of servers and ports in the hosting environment to which the customer
has access must be minimized.
Customer1 Requirements
Northwind Traders identifies the following requirements for Customer1:

• Customer1 must use SMB-based storage exclusively.
• Customer1 must use App Controller to manage hosted virtual machines.
• The virtual machines of Customer1 must be recoverable if a single data center fails.
• Customer1 must be able to delegate self-service roles in its hosted environment to its
users.
• Customer1 must be able to check for the revocation of certificates issued by the CA of
Northwind Traders.
• The users of Customer1 must be able to obtain use licenses for documents protected
by the AD RMS of Northwind Traders.
• Certificates issued to the virtual machines of Customer1 that reside on the hosted
networks must be renewed automatically.
Customer2 Requirements
Northwind Traders identifies the following requirements for Customer1:
• Customer1 must use iSCSI-based storage exclusively.
• All of the virtual machines of Customer2 must be migrated by using a SAN transfer.
• None of the metadata from the virtual machines of Customer1 must be stored in
Windows Azure.
• The network configuration of the Hyper-V hosts for Customer2 must be controlled by
using logical switches.
• The only VMM network port profiles and classifications allowed by Customer2 must
be low-bandwidth, medium-bandwidth, or high-bandwidth.
• The users at Northwind Traders must be able to obtain use licenses for documents
protected by the AD RMS cluster of Customer2. Customer2 plans to decommission
its AD RMS cluster during the next year.
###EndCaseStudy###

You need to recommend a solution that meets the AD RMS requirements of Customer1 and Customer2.
Which actions should you recommend performing for each customer? To answer, select the
appropriate customer for each action in the answer area.

Answer:

Explanation:



Leave a Reply 2

Your email address will not be published. Required fields are marked *


JamesL

JamesL

Answer seems correct

Reasoning in order of answers

https://technet.microsoft.com/en-us/library/dd996639(WS.10).aspx
One scenario where this solution is commonly used is when a company acquires another company that already has an AD RMS implementation in place and it must be deprovisioned

https://technet.microsoft.com/en-us/library/dd983944(WS.10).aspx
By default, Active Directory Rights Management Services does not service requests from users whose RACs were issued by a different AD RMS cluster. However, you can add AD RMS domains to a list of trusted user domains in an AD RMS cluster. This allows Active Directory Rights Management Services to process such requests.

https://technet.microsoft.com/en-us/library/dd772659(v=ws.10).aspx
Create a DNS alias (CNAME record) or DNS host record (A record) for the AD RMS cluster URL. In the event that the AD RMS servers are discontinued, lost due to a hardware failure, or the computer’s name is changed, a CNAME record or A record can be updated without having to publish all rights-protected files again

https://technet.microsoft.com/en-us/library/dd983944(WS.10).aspx
A trusted user domain, often referred as a TUD, is a trust between AD RMS clusters that instructs a licensing server to accept rights account certificates (the certificates identifying users) from another AD RMS server in a different Active Directory forest.

Understanding AD RMS Trust Policies
https://technet.microsoft.com/en-us/library/cc755156.aspx

FSM

FSM

It seems to be true.