What should you recommend implementing in the new sales office?

###BeginCaseStudy###
Case Study: 9
Litware, Inc
Scenario
COMPANY OVERVIEW
Litware, Inc. is a manufacturing company that has a main office and two branch office. The
main office is located in Montreal. The branch offices are located in Seattle and New York.
The main office has 4,000 users. The branch offices each have 500 users.
PLANNED CHANGES
Litware plans to open a new sales office. The sales office will have a direct connection to the
Internet. The sales office will have a single server. The sales office requires a connection to
the Montreal office. The connection to the Montreal office must use either TCP port 80 or
TCP port 443. The network currently contains a Fibre Channel Storage Area Network (SAN).
A new iSCSI SAN will be implemented during the next month. The current SAN and the new
SAN are from different manufacturers. Both SANs use a virtual disk service (VDS) interface.
EXISTING ENVIRONMENT
All servers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise.
The main office has a single DHCP server. The IP addresses for all of the client computers
must be assigned from the DHCP server. All software is installed from a central software
distribution point in the main office. Software deployments for the branch offices frequently
fail due to bandwidth limitations.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named litwareinc.com. Each office
has two domain controllers.
Current Administration Model
Currently, all help desk users have full administrator rights to the servers. The help desk users
use Remote Desktop to log on to the servers and perform tasks such as managing Active
Directory user accounts and creating DHCP reservations.
TECHNICAL REQUIREMENTS
Windows Firewall must be managed by using the minimum amount of administrative effort.
Windows Firewall configurations must be duplicated easily between servers that have the
same server role. Litware must centralize the monitoring of critical system events. The
monitoring solution must use the existing infrastructure. Litware plans to prevent help desk
users from interactively logging on to servers. Help desk users must not have full
administrator rights to the servers.
The software deployment process must be updated to meet the following requirements:
• Application source files must be centrally managed.
• Software deployments to the offices in Seattle and New York must remain unaffected
if a WAN link fails.
The SANs must be administered by using a single tool.
###EndCaseStudy###

You need to recommend an IP addressing strategy for the client computers in the new sales office.
What should you recommend implementing in the new sales office?

###BeginCaseStudy###
Case Study: 9
Litware, Inc
Scenario
COMPANY OVERVIEW
Litware, Inc. is a manufacturing company that has a main office and two branch office. The
main office is located in Montreal. The branch offices are located in Seattle and New York.
The main office has 4,000 users. The branch offices each have 500 users.
PLANNED CHANGES
Litware plans to open a new sales office. The sales office will have a direct connection to the
Internet. The sales office will have a single server. The sales office requires a connection to
the Montreal office. The connection to the Montreal office must use either TCP port 80 or
TCP port 443. The network currently contains a Fibre Channel Storage Area Network (SAN).
A new iSCSI SAN will be implemented during the next month. The current SAN and the new
SAN are from different manufacturers. Both SANs use a virtual disk service (VDS) interface.
EXISTING ENVIRONMENT
All servers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise.
The main office has a single DHCP server. The IP addresses for all of the client computers
must be assigned from the DHCP server. All software is installed from a central software
distribution point in the main office. Software deployments for the branch offices frequently
fail due to bandwidth limitations.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named litwareinc.com. Each office
has two domain controllers.
Current Administration Model
Currently, all help desk users have full administrator rights to the servers. The help desk users
use Remote Desktop to log on to the servers and perform tasks such as managing Active
Directory user accounts and creating DHCP reservations.
TECHNICAL REQUIREMENTS
Windows Firewall must be managed by using the minimum amount of administrative effort.
Windows Firewall configurations must be duplicated easily between servers that have the
same server role. Litware must centralize the monitoring of critical system events. The
monitoring solution must use the existing infrastructure. Litware plans to prevent help desk
users from interactively logging on to servers. Help desk users must not have full
administrator rights to the servers.
The software deployment process must be updated to meet the following requirements:
• Application source files must be centrally managed.
• Software deployments to the offices in Seattle and New York must remain unaffected
if a WAN link fails.
The SANs must be administered by using a single tool.
###EndCaseStudy###

You need to recommend an IP addressing strategy for the client computers in the new sales office.
What should you recommend implementing in the new sales office?

A.
DHCP server roles

B.
the DirectAccess feature

C.
the Network Policy Server (NPS) role service

D.
the Remote Access Service role service

Explanation:

The Routing and Remote Access service in Windows Server® 2008 supports remote user or site-tosite connectivity by using virtual private network (VPN) or dial-up connections. Routing and Remote
Access consists of the following components:
Remote Access
The remote access feature provides VPN services so that users can access corporate networks over
the Internet as if they were directly connected. Remote access also enables remote or mobile
workers who use dial-up communication links to access corporate networks.
Routing
Routing and Remote Access is a full-featured software router and an open platform for routing and
networking.

It offers routing services to businesses in local area network (LAN) and wide area network (WAN)
environments or over the Internet by using secure VPN connections. Routing is used for
multiprotocol LAN-to-LAN, LAN-to-WAN, VPN, and network address translation (NAT) routing
services.
Routing
A router is a device that manages the flow of data between network segments, or subnets. A router
directs incoming and outgoing packets based on the information it holds about the state of its own
network interfaces and a list of possible sources and destinations for network traffic. By projecting
network traffic and routing needs based on the number and types of hardware devices and
applications used in your environment, you can better decide whether to use a dedicated hardware
router, a software-based router, or a combination of both. Generally, dedicated hardware routers
handle heavier routing demands best, and less expensive software-based routers are sufficient to
handle lighter routing loads.
A software-based routing solution, such as the Routing and Remote Access service in Windows
Server® 2008, can be ideal on a small, segmented network with relatively light traffic between
subnets. Conversely, enterprise network environments that have a large number of network
segments and a wide range of performance requirements might need a variety of hardware-based
routers to perform different roles throughout the network.
Remote access
By configuring Routing and Remote Access to act as a remote access server, you can connect remote
or mobile workers to your organization’s networks. Remote users can work as if their computers are
physically connected to the network.
All services typically available to a LAN-connected user (including file and print sharing, Web server
access, and messaging) are enabled by means of the remote access connection. For example, on a
server running Routing and Remote Access, clients can use Windows Explorer to make drive
connections and to connect to printers. Because drive letters and universal naming convention
(UNC) names are fully supported by remote access, most commercial and custom applications work
without modification.
A server running Routing and Remote Access provides two different types of remote access
connectivity:
Virtual private networking (VPN) VPN is the creation of secured, point-to-point connections across a
private network or a public network such as the Internet. A VPN client uses special TCP/IP-based
protocols called tunneling protocols to make a virtual call to a virtual port on a VPN server. The best
example of virtual private networking is that of a VPN client that makes a VPN connection to a
remote access server that is connected to the Internet. The remote access server answers the virtual
call, authenticates the caller, and transfers data between the VPN client and the corporate network.
In contrast to dial-up networking, VPN is always a logical, indirect connection between the VPN
client and the VPN server over a public network, such as the Internet. To ensure privacy, you must
encrypt data sent over the connection.
Dial-up networking In dial-up networking, a remote access client makes a nonpermanent, dial-up
connection to a physical port on a remote access server by using the service of a
telecommunications provider, such as analog phone or ISDN. The best example of dial-up
networking is that of a dial-up networking client that dials the phone number of one of the ports of a
remote access server.
Dial-up networking over an analog phone or ISDN is a direct physical connection between the dial-up
networking client and the dial-up networking server. You can encrypt data sent over the connection,
but it is not required.



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Rex

Rex

Why the question sound: You need to recommend an IP addressing strategy for the client computers and the answer is about VPN?
Very strange!
It must be like: You need to recommend a connection strategy …

Luca

Luca

@Rex: maybe I got that.

Firstly planned changes does not specify what kind of server will be implemented: either a member server or a domain controller (or neither of them), so we may assume it will not be a domain controller. So I guess the key point here is the connection type between main and branch offices. Considering is over the Internet, that link is pretty unsafe. So we need to access resources (in this case specifically: the DHCP service) safely. Therefore, we need VPN between the two sites: once the client authenticate to the HQ domain controller (presumably with DHCP role installed), it would be leased an IP address.

I think that is a good guess to answer this tricky question.