###BeginCaseStudy###
Case Study: 9
Litware, Inc
Scenario
COMPANY OVERVIEW
Litware, Inc. is a manufacturing company that has a main office and two branch office. The
main office is located in Montreal. The branch offices are located in Seattle and New York.
The main office has 4,000 users. The branch offices each have 500 users.
PLANNED CHANGES
Litware plans to open a new sales office. The sales office will have a direct connection to the
Internet. The sales office will have a single server. The sales office requires a connection to
the Montreal office. The connection to the Montreal office must use either TCP port 80 or
TCP port 443. The network currently contains a Fibre Channel Storage Area Network (SAN).
A new iSCSI SAN will be implemented during the next month. The current SAN and the new
SAN are from different manufacturers. Both SANs use a virtual disk service (VDS) interface.
EXISTING ENVIRONMENT
All servers run Windows Server 2008 R2. All client computers run Windows 7 Enterprise.
The main office has a single DHCP server. The IP addresses for all of the client computers
must be assigned from the DHCP server. All software is installed from a central software
distribution point in the main office. Software deployments for the branch offices frequently
fail due to bandwidth limitations.
Existing Active Directory/Directory Services
The network contains a single Active Directory domain named litwareinc.com. Each office
has two domain controllers.
Current Administration Model
Currently, all help desk users have full administrator rights to the servers. The help desk users
use Remote Desktop to log on to the servers and perform tasks such as managing Active
Directory user accounts and creating DHCP reservations.
TECHNICAL REQUIREMENTS
Windows Firewall must be managed by using the minimum amount of administrative effort.
Windows Firewall configurations must be duplicated easily between servers that have the
same server role. Litware must centralize the monitoring of critical system events. The
monitoring solution must use the existing infrastructure. Litware plans to prevent help desk
users from interactively logging on to servers. Help desk users must not have full
administrator rights to the servers.
The software deployment process must be updated to meet the following requirements:
• Application source files must be centrally managed.
• Software deployments to the offices in Seattle and New York must remain unaffected
if a WAN link fails.
The SANs must be administered by using a single tool.
###EndCaseStudy###
You need to recommend a VPN solution for the new sales office. The solution must support the
company’s planned changes. What should you include in the recommendation?
A.
Internet Key Exchange version 2 (IKEv2)
B.
Layer 2 Tunneling Protocol (L2TP)
C.
PointtoPoint Tunneling Protocol (PPTP)
D.
Secure Socket Tunneling Protocol (SSTP)
Explanation:
http ://support.microsoft.com/kb/947032
SSTP is a new kind of Virtual Private Networking (VPN) tunnel that is available in the Routing and
Remote Access Server role in Windows Server 2008. SSTP allows for Point-to-Point Protocol (PPP)
packets to be encapsulated over HTTP. This allows for a VPN connection to be more easily
established through a firewall or through a Network Address Translation (NAT) device. Also, this
allows for a VPN connection to be established through an HTTP proxy device.
The information is this article is more likely to apply to a small-sized or medium-sized organization.
For these kinds of organizations, it is common to have one public IP address that is assigned to the
external interface of a NAT router or of a gateway device. This article describes the following
scenario:
You have a Windows Server 2008-based Secure Socket Tunneling Protocol (SSTP)-based VPN server.
The server is assigned a private IP address.
The server is located on an internal network behind a NAT device.