###BeginCaseStudy###
Case Study: 5
Contoso Ltd Case B
Background
Overview
Contoso, Ltd., is a software development company. The company has a main office in Seattle
and branch offices that are located in Los Angeles and New Delhi. Contoso’s sales staff are
all located in the Los Angeles office. Contoso’s software developers are all located in the
New Delhi office.
Current Environment
The network for the Seattle office contains:
• 2 domain controllers with integrated DNS
• 200 Windows workstations
• 14-node Hyper-V cluster
• 1 file server with multiple shares
• 1 Active Directory Rights Management Services (AD RMS) cluster
The network for the Los Angeles office contains:
• 2 domain controllers with integrated DNS
• 100 Windows workstations
• 1 file server with multiple shares
The network for the New Delhi office contains:
• 2 domain controllers with integrated DNS
• 300 Windows workstations
• 10 Hyper-V servers that host 100 development virtual machines (VMs)
• 50 production virtual machines that are hosted in Azure
All the Contoso offices connect to each other by using VPN links, and each office is
connected to the Internet.
Contoso has a single Active Directory Domain Services (AD DS) domain named
contoso.com. Contoso.com has a configured certification authority (CA). Contoso currently
leverages System Center Virtual Machine Manager 2012 R2 to manage its virtual
environment servers.
Contoso uses an application named HRApp1 for its human resources (HR) department. HR
users report that the application stops responding and must be restarted before they can
continue their work.
Fabrikam Inc
Contoso has recently acquired Fabrikam. Inc. Fabrikam has a single office that is located in
Seattle.
Fabrikam has a single AD DS domain named fabrikam.com.
• The network for Fabrikam contains:
• 2 domain controllers with Active Directory-integrated DNS
• 150 Windows workstations
• 5 Hyper-V servers
• 1 file server with multiple shares
A two-way trust exists between Contoso.com and Fabrikam.com.
Business Requirements
Consolidation
Contoso must complete the consolidation of the Contoso and Fabrikam networks. The
consolidation of the two networks must:
• Minimize all hardware and software costs.
• Minimize WAN traffic.
• Enable the users by providing self-service whenever possible.
Security
Contoso requires that all Windows client devices must be encrypted with BitLocker by using
the Trusted Platform
The CA for the domain contoso.com must be designated as the resource forest. The domain
fabrikam.com must leverage certificates that are issued by the domain contoso.com.
Other Information
HRApp1
Each time HRApp1 stops responding and is restarted, an incident must be created and
associated with the existing problem ticket.
Development environment
You have the following requirements:
• Developers must be able to manage their own VM checkpoints.
• You must implement a disaster recovery strategy for development
virtual machines.
Technical Requirements
Windows System Updates
You have the following system update requirements:
• Consolidate reporting of all software updates in all offices.
• Software updates must be applied to all Windows devices.
• Ensure the ability to report on update compliance.
Monitoring
You have the following monitoring requirements:
• Each time HRApp1 shows performance problems, ensure that a ticket
is created.
• When performance problems are resolved, ensure that the ticket closes
automatically.
Security
You have the following security requirements:
• Ensure that all documents are protected.
• Ensure that contoso.com domain users get use licenses for RMSprotected documents from the domain contoso.com.
• Ensure that fabrikam.com domain users get use licenses for RMSprotected documents from the domain contoso.com.
###EndCaseStudy###
You need to ensure that the developers can manage their own virtual machines.
Solution: You perform the following tasks:
In Virtual Machine Manager, you create a new user role named DevUsers that uses the Application
Administrator profile,
You add the virtual machines to the DevUsers role.
You grant Checkpoint permissions to the DevUsers role.
You install and configure App Controller.
You distribute the App Controller console URL to the developers.
Does this meet the goal?
A.
Yes
B.
No
It does not look to me that it meets the requirement.
Users should be added to a “User role” to grant them access to VMs. Adding virtual machines to user roles makes no sense.
Agreed OSA
You do not add VM’s to a user group. during the creation of your own usergroup, you select the scope for the usergroup which determines which machines they can self-service.
Step 5 –> technet.microsoft.com/en-us/library/gg610613.aspx
Agreed OSA
B: No
Site: https://www.youtube.com/watch?v=DaJUosASm7Q – Start at 2:00 marker to see adding the role and adding users and/or groups
We are using VMM manager in System Center 2012 R2. Self-Service Portal has been replaced by App Controller from SP1 onwards!!!
So any solution with self-service portal cannot actually be YES.
Also, for us to give the URL of the portal to the developers would be pointless even if we were using VMM SP1 because we have not yet installed and configured the Self-service portal OR App controller on a web server yet. How should the access what is not even there yet?
Here is a checklist for what to look for when you get a question like this:
Have we created the user role which for our developers? [yes]
Have we granted them checkpoint permissions? [yes]
Have we installed and configured self-service portal? [NO] (even though we cant do this because our version of VMM is newer than SP1 so self-service portal has been replaced by app controller.)
Have we distributed the console/portal URL [Yes]
No, this does not meet the goal, as you can see.
Sorry my answer was meant for another instance of this question whose solution implies that we use Self-Service Portal.
The answer to this question is YES (probably, ever know with MS)
Adding the VMs to the DevUsers role is essentially the question’s way of telling us we have scoped our DevUsers role so that it is set to manage those VMs.
So we made our user role, we gave them the required permissions for the required VMs, we installed App Controller AND we gave the developes the URL to connect to App Controller from their browser.
We have met the goal.
@ Puck – have to disagree with you on this one
Under members you would add users or groups containing users, to define who has permissions under this role (Don’t think adding VMs or groups containing VMs would be likely here)
Under Scope you define a Private Cloud. Which is where the boundary of the project lies and where the limitations are defined for what the users can do (Again no VMs added here)
So I agree with OSA, LB & Whoa. No does not meet the goal
The given answer is correct.
Under the Resources tab you define the resources (VMs, VMs template, hardware profiles ect) that the user will be able to work with.
Until last month the premium dump had this answer listed as Yes. 1 week ago it was updated and it now has this answer as No. The reason listed is:
Explanation:
In the section Development Environment states that the developer must have the opportunity to have their self-created snapshots of virtual machines (VMs) to manage. The steps described satisfy the request partially. Among other things, would have the role of developing the user accounts of the developer to be added
Before you can create User Roles, you need to have a Host Group and a Cloud to assign the User Role to. This is not mentioned here.
I would say NO