###BeginCaseStudy###
Case Study: 1
Humongous Insurance
Scenario:
COMPANY OVERVIEW
Humongous Insurance has a main office and 20 branch offices. The main office is located in
New York. The branch offices are located throughout North America. The main office has
8,000 users. Each branch office has 2 to 250 users.
PLANNED CHANGES
Humongous Insurance plans to implement Windows BitLocker Drive Encryption (BitLocker)
on all servers.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2003, Windows Server 2008, or
Windows Server 2008 R2. All client computers run either Windows 7 Enterprise or Windows
Vista Enterprise.
Business Goals
Humongous Insurance wants to minimize costs whenever possible.
Existing Active Directory/Directory Services
The network contains a single Active Directory forest named humongousinsurance.com. The
forest contains two child domains named north.humongousinsurance.com and
south.humongousinsurance.com. The functional level of the forest is Windows Server 2008
R2.
Existing Network Infrastructure
Each child domain contains a Web server that has Internet Information Services (IIS)
installed. The forest root domain contains three Web servers that have IIS installed. The Web
servers in the forest root domain are configured in a Network Load Balancing (NLB) cluster.
Currently, all of the Web servers use a single domain user account as a service account.
Windows Server Update Services (WSUS) is used for company-wide patch management. The
WSUS servers do not store updates locally. The network contains Remote Desktop servers
that run Windows Server 2008 R2. Users in the sales department access a line-of-business
Application by using Remote Desktop. Managers in the sales department use the Application
to generate reports. Generating the reports is CPU intensive. The sales managers report that
when many users are connected to the servers, the reports take a long time to process.
Humongous Insurance has the following standard server builds:
• Class 1 – Dual x64 CPUs, 4-GB RAM, Windows Web Server 2008 R2
• Class 2 – Dual x64 CPUs, 4-GB RAM, Windows Server 2008 R2 Standard
• Class 3 – Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Standard
• Class 4 – Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Enterprise
Current Administration Model
Humongous Insurance currently uses the following technologies to manage the network:
• Microsoft Desktop Optimization Pack
• Microsoft Forefront EndPoint Protection
• Microsoft System Center Operations Manager
• Microsoft System Center Configuration Manager
TECHNICAL REQUIREMENTS
Humongous Insurance must meet the following technical requirements:
• A certificate must be required to recover BitLocker-protected drives.
• Newly implemented technologies must minimize the impact on LAN traffic.
• Newly implemented technologies must minimize the storage requirements.
• The management of disk volumes and shared folders must be performed remotely
whenever possible.
• Newly implemented technologies must minimize the amount of bandwidth used on
Internet connections.
• All patches and updates must be tested in a non-production environment before they
are App1ied to production servers.
• Multiple versions of a Group Policy object (GPO) must be maintained in a central
archive to facilitate a rol required.
The management of passwords and service principal names (SPNs) for all service accounts
must be automated whenever possible.
###EndCaseStudy###
You are evaluating whether to use express installation files as an update distribution mechanism.
Which technical requirement is met by using the express installation files?
A.
Newly implemented technologies must minimize the impact on LAN traffic.
B.
Newly implemented technologies must minimize the storage requirements.
C.
Newly implemented technologies must minimize the amount of bandwidth used on Internet
connections.
D.
All patches and updates must be tested in a nonproduction environment before they are App1ied
to production servers.
Explanation:
http ://technet.microsoft.com/en-us/library/cc708456%28v=ws.10%29.aspx
The express installation files feature is an update distribution mechanism. You can use express
installation files to limit the bandwidth consumed on your local network, but at the cost of
bandwidth consumption on your Internet connection. By default, WSUS does not use express
installation files. To better understand the tradeoff, you first have to understand how WSUS updates
client computers.
Updates typically consist of new versions of files that already exist on the computer being updated.
On a binary level these existing files might not differ very much from updated versions. The express
installation files feature is a way of identifying the exact bytes that change between different
versions of files, creating and distributing updates that include just these differences, and then
merging the original file with the update on the client computer. Sometimes this is called delta
delivery because it downloads only the difference, or delta, between two versions of a file.
When you distribute updates by using this method, it requires an initial investment in bandwidth.
Express installation files are larger than the updates they are meant to distribute. This is because the
express installation file must contain all the possible variations of each file it is meant to update.
The upper part of the “Express Installation Files Feature” illustration depicts an update being
distributed by using the express installation files feature; the lower part of the illustration depictsthe same update being distributed without using the express installation files feature. Notice that
with express installation files enabled, you incur an initial download three times the size of the
update. However, this cost is mitigated by the reduced amount of bandwidth required to update
client computers on the corporate network. With express installation files disabled, your initial
download of updates is smaller, but whatever you download must then be distributed to each of the
clients on your corporate network.
Important
Although there are some variables with express installation files, there are also some things you can
count on.
For example, express installation files are always bigger in size than the updates they are meant to
distribute.
As far as bandwidth goes, it is always less expensive to distribute updates using express installation
files than to distribute updates without.
Not all updates are good candidates for distribution using express installation files. If you select this
option, you obtain express installation files for any updates being distributed this way. If you are not
storing updates locally, you cannot use the express installation files feature. By default, WSUS does
not use express installation files.
To enable this option see http ://technet.microsoft.com/enus/library/cc708460%28v=ws.10%29.aspx
Update Storage Options
Use the Update Files section to determine if updates will be stored on WSUS or if client computers
will connect to the Internet to get updates. There is a description of this feature in Determine Where
to Store Updates earlier in this guide.
To specify where updates are stored
On the WSUS console toolbar, click Options, and then click Synchronization Options.
Under Update Files and Languages, click Advanced, then read the warning and click OK.
If you want to store updates in WSUS, in the Advanced Synchronization Options dialog box, under
Update Files, click Store update files locally on this server. If you want clients to connect to the
Internet to get updates, then click Do not store updates locally; clients install updates from
Microsoft Update.
Deferred Downloads Options
Use the Update Files section to determine if updates should be downloaded during synchronization
or when the update is approved. Find a description of this feature in “Deferring the Download of
Updates,” in Determine Bandwidth Options to Use for Your Deployment earlier in this guide.
To specify whether updates are downloaded during synchronization or when the update is approved
On the WSUS console toolbar, click Options, and then click Synchronization Options.
Under Update Files and Languages, click Advanced, then read the warning and click OK.
If you want to download only metadata about the updates during synchronization, in the Advanced
Synchronization Options dialog box, under Update Files, select the Download updates to this server
only when updates are approved check box. If you want the update files and metadata during
synchronization, clear the check box.
Express Installation Files Options
Use the Update Files section to determine if express installation files should be downloaded during
synchronization. Find a description of this feature in “Using Express installation files,” in Determine
Bandwidth Options to Use for Your Deployment earlier in this paper.
To specify whether express installation files are downloaded during synchronization
On the WSUS console toolbar, click Options, and then click Synchronization Options.
Under Update Files and Languages, click Advanced, then read the warning and click OK.If you want to download express installation files, in the Advanced Synchronization Options dialog
box, under Update Files, select the Download express installation files check box. If you do not want
express installation files, clear the check box.
Filtering Updates Options
Use the Languages section to select the language of the updates to synchronize. There is a
description of this feature in “Filtering updates,” in Determine Bandwidth Options to Use for Your
Deployment earlier in this guide.
To specify language options
On the WSUS console toolbar, click Options, and then click Synchronization Options.
Under Update Files and Languages, click Advanced, then read the warning and click OK.
In the Advanced Synchronization Options dialog box, under Languages, select one of the following
language options, and then click OK.
Download only those updates that match the locale of this server (Locale) where Locale is the name
of the server locale. This means that only updates targeted to the locale of the server will be
downloaded during synchronization.
Download updates in all languages, including new languages This means that all languages will be
downloaded during synchronization. If a new language is added, it will be automatically
downloaded.
Download updates only in the selected languages This means that only updates targeted to the
languages you select will be downloaded during synchronization. If you choose this option, you must
also choose each language you want from the list of those available.