###BeginCaseStudy###
Case Study: 5
Contoso Ltd Case B
Background
Overview
Contoso, Ltd., is a software development company. The company has a main office in Seattle
and branch offices that are located in Los Angeles and New Delhi. Contoso’s sales staff are
all located in the Los Angeles office. Contoso’s software developers are all located in the
New Delhi office.
Current Environment
The network for the Seattle office contains:
• 2 domain controllers with integrated DNS
• 200 Windows workstations
• 14-node Hyper-V cluster
• 1 file server with multiple shares
• 1 Active Directory Rights Management Services (AD RMS) cluster
The network for the Los Angeles office contains:
• 2 domain controllers with integrated DNS
• 100 Windows workstations
• 1 file server with multiple shares
The network for the New Delhi office contains:
• 2 domain controllers with integrated DNS
• 300 Windows workstations
• 10 Hyper-V servers that host 100 development virtual machines (VMs)
• 50 production virtual machines that are hosted in Azure
All the Contoso offices connect to each other by using VPN links, and each office is
connected to the Internet.
Contoso has a single Active Directory Domain Services (AD DS) domain named
contoso.com. Contoso.com has a configured certification authority (CA). Contoso currently
leverages System Center Virtual Machine Manager 2012 R2 to manage its virtual
environment servers.
Contoso uses an application named HRApp1 for its human resources (HR) department. HR
users report that the application stops responding and must be restarted before they can
continue their work.
Fabrikam Inc
Contoso has recently acquired Fabrikam. Inc. Fabrikam has a single office that is located in
Seattle.
Fabrikam has a single AD DS domain named fabrikam.com.
• The network for Fabrikam contains:
• 2 domain controllers with Active Directory-integrated DNS
• 150 Windows workstations
• 5 Hyper-V servers
• 1 file server with multiple shares
A two-way trust exists between Contoso.com and Fabrikam.com.
Business Requirements
Consolidation
Contoso must complete the consolidation of the Contoso and Fabrikam networks. The
consolidation of the two networks must:
• Minimize all hardware and software costs.
• Minimize WAN traffic.
• Enable the users by providing self-service whenever possible.
Security
Contoso requires that all Windows client devices must be encrypted with BitLocker by using
the Trusted Platform
The CA for the domain contoso.com must be designated as the resource forest. The domain
fabrikam.com must leverage certificates that are issued by the domain contoso.com.
Other Information
HRApp1
Each time HRApp1 stops responding and is restarted, an incident must be created and
associated with the existing problem ticket.
Development environment
You have the following requirements:
• Developers must be able to manage their own VM checkpoints.
• You must implement a disaster recovery strategy for development
virtual machines.
Technical Requirements
Windows System Updates
You have the following system update requirements:
• Consolidate reporting of all software updates in all offices.
• Software updates must be applied to all Windows devices.
• Ensure the ability to report on update compliance.
Monitoring
You have the following monitoring requirements:
• Each time HRApp1 shows performance problems, ensure that a ticket
is created.
• When performance problems are resolved, ensure that the ticket closes
automatically.
Security
You have the following security requirements:
• Ensure that all documents are protected.
• Ensure that contoso.com domain users get use licenses for RMSprotected documents from the domain contoso.com.
• Ensure that fabrikam.com domain users get use licenses for RMSprotected documents from the domain contoso.com.
###EndCaseStudy###
This question consists of two statements: One is named Assertion and the other is named Reason.
Both of these statements may be true; both may be false; or one may be true, while the other may
be false.
To answer this question, you must first evaluate whether each statement is true on its own. If both
statements are true, then you must evaluate whether the Reason (the second statement) correctly
explains the Assertion (the first statement). You will then select the answer from the list of answer
choices that matches your evaluation of the two statements.
Assertion:
You must implement a Windows Server Gateway in the Seattle office.
Reason:
A Windows Server Gateway will prevent users from saving documents outside of the Seattle
location.
Evaluate the Assertion and Reason statements and choose the correct answer option.
A.
Both the Assertion and Reason are true, and the Reason is the correct explanation for the
Assertion.
B.
Both the Assertion and Reason are true, but the Reason is not the correct explanation for the
Assertion.
C.
The Assertion is true, but the Reason is false.
D.
The Assertion is false, but the Reason is true.
E.
Both the Assertion and the Reason are false.
Is there any reason for Windows server gateway in Seattle?
If no then E should be the answer.
YG I think the answer is Yes, for the reasons below
and this makes me think the correct answer is C
As the company has SC VMM in place and uses it to manage its Hyper-V VM servers which they have in Seattle and 50 production VMs in Azure and as Seattle is the main office it would seem likely that they require a Windows Server Gateway in the Seattle Office to manage the Azure servers as well as consolidate the newly acquired Fabrikam office (Don’t think we need to take into account the 100 development VMs in the ND office as they are more than likely manageable over the VPN).
The branch offices only have development and Sales staff so are we to assume all management is done from the main Seattle office.
I think that the VPN connections between each Contoso office will not suffice for the Azure and Fabrikam requirements so again suggests a need for a Gateway
Anyone else with any comments suggestions to back up / refute my thinking
I did a bit more research on this and now Im not 100% sure of my original reply and ask the same question as YG, although I still believe the answer is C for the reasons below
https://technet.microsoft.com/en-GB/library/dn313101.aspx
Windows Server Gateway might interest you under one or more of the following circumstances:
•You are using or plan on using System Center 2012 R2, which is required when you deploy Windows Server Gateway.
•You want to provide your organization’s customers with access to their virtual networks over the Internet.
If your virtual networks exist in the cloud, your CSP can deploy a Windows Server Gateway so that you can create a virtual private network (VPN) site-to-site connection between your VPN server and the CSP’s Windows Server Gateway; when this link is established you can connect to your virtual resources in the cloud over the VPN connection.
Current Environment – All the Contoso offices connect to each other by using VPN links
Business Requirements – Contoso must complete the consolidation of the Contoso and Fabrikam networks
After much consideration I think the requirement for a WSG to connect to Azure now doesnt seem necessary but I think the current environment would still require a WSG to allow Fabrikam to use Contoso VMs over the internet and if all VMs in Fabrikam are moved to Contoso as part of the consolidation there would still be a need for a WSG as Fabrikam users will still require access to all VMs now on the Contoso network
I am not at this level in my career and have no first hand experience of System Center/VMM/WSG/Azure/Company Mergers etc etc and its not easy to set up in a home lab !!! Its all a bit of a mind bender 🙂
Please contribute comments if you have a greater understanding of this so that we can all learn more. Thanks
Yeah I’m also not exactly too clued up on this, but WSG connects cloud/virtual networks.
Just because our offices have Hyper-V and host servers doesn’t mean they’re using Virtual Networks.
I don;t see anywhere where it says we are using Virtual Networks, or a cloud hosting service provider.
Virtual Networks are completely separate from your physical network in terms of communicate, hence the need for WSG.
Virtual Networks can be hosted locally by creating clouds in VMM i think, but I don’t see anywhere that says they’ve done that.
@ Puck – you said .. “I don;t see anywhere where it says we are using Virtual Networks, or a cloud hosting service provider”.
The network for the New Delhi office contains:
• 50 production virtual machines that are hosted in Azure
(That’s your cloud hosting service provider)
But Azure would provide a WSG in the Azure Datacanter and a VPN connection would be established to that so no need for a WSG in house so that rules out a WSG for that scenario
And your statement regarding no mention of Virtual Networks also makes sense so again no need for a WSG in that scenario either
So maybe YG is right.
If no need for WSG anywhere then answer is E
Why don’t any MS MVPs or PFEs contribute in here (apologies if any of the regular contributors are) After all we are trying hard to get these certifications to allow us to advance our knowledge and careers and sometimes a qualified/experienced mentor is needed when it is not possible to emulate these scenarios in a lab at home.
Come on Microsoft, help us out a little with some of this stuff!! Assign a couple of Senior Engineers to monitor these pages.