###BeginCaseStudy###
Case Study: 6
Baldwin Museum of Science
Company Overview
The Baldwin Museum of Science is an international scientific organization.
Physical Locations
The Baldwin Museum of Science has campuses in India, China, and the United States.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the Baldwin Forest exhibit. (Click the Case Study Exhibits
button.)
The Active Directory environment contains the following servers and sites:
• An enterprise certification authority (CA) in usa.baldwinmuseumofscience.com.
• A separate Active Directory site in each country.
• A global catalog server in each site.
All domain controllers on the China campus run Windows Server 2003 R2 and have 32-bit hardware.
Network Infrastructure
Users access the network from desktop computers, portable computers, or thin clients. The users
are not assigned permanent client computers and log on to the network by using different client
computers.
All of the desktop computers and the portable computers run Windows 7. Microsoft System Center
Configuration Manager is used to manage updates on all of the client computers. The thin clients
connect to servers that have the Remote Desktop Session Host (RD Session Host) role service
installed.
All file servers in the forest run Windows Server 2008 R2. Shared folders and shared printers are
published in Active Directory.
The IP addresses for the campuses are assigned as shown in the following table.
The WAN links used to connect the campuses are highly saturated.
Problem Statements
Users from the campus in China frequently travel to the campus in India. These users report that it
takes a long time to log on to the domain when they work in India.
Requirements
Planned Changes
The Baldwin Museum of Science plans to open a subsidiary company in France. The network for the
subsidiary will be integrated into the existing Active Directory forest.
The site topology for the subsidiary will be configured as shown in the France Subsidiary exhibit.
(Click the Case Study Exhibits button.)
The Baldwin Museum of Science has the following requirements for the planned subsidiary:
• All replication connections for the domain controllers in the offices in France must be
configured manually.
• Users in all four offices in France must be able to search for printers and shares in the
baldwinmuseumofscience.com forest.
• The replication traffic over the WAN link that connects the Paris office and the campus in the
United States must be minimized.
• If the domain controller in a branch office fails, users from that office must not authenticate
to the domain controllers in the other branch offices.
China has a research department. The Baldwin Museum of Science plans to separate the research
department in China and establish the department as a new company named Trey Research.
Trey Research has the following requirements:
• Users at Trey Research must have a user principal name (UPN) suffix of treyresearch.com.
• Only the managers at Trey Research must have access to the resources in
china.baldwinmuseumofscience.com.
• Users from the baldwinmuseumofscience.com forest must be denied access to all of the
Trey Research resources.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Users must be able to access the resources on all of the file servers when they work
remotely.
• Administrators must be able to deploy updates to client computers when users are not
logged on.
The Baldwin Museum of Science must meet the following technical requirements regarding a line-ofbusiness application named App1:
• Deploy App1 to 300 users in the finance department.
• Ensure that no more than 100 instances of App1 run simultaneously.
• Ensure that App1 is available to users when they are disconnected from the corporate
network.
Security Requirements
The Baldwin Museum of Science must meet the following security requirements:
• Only the users’ personal documents that are stored on the file servers must be encrypted.
• Only the built-in Administrator account on each domain must be able to decrypt encrypted
files.
###EndCaseStudy###
You need to recommend a network access solution for the remote users that meets the museum’s
technical requirements.
What should you include in the recommendation?
A.
DirectAccess
B.
Microsoft Forefront Threat Management Gateway (TMG)
C.
network address translation (NAT)
D.
Remote Desktop Gateway (RD Gateway)