###BeginCaseStudy###
Topic 2: Proseware Inc
No. of Questions: 9
Overview
Proseware Inc., is a manufacturing company that has 4,000 employees.
Proseware works with a trading partner named Fabrikam, Inc.
Existing Enviornmnet
Physical Location:
Proseware has a main office and two branch offices.
The main office is located in London. The branch offices are located in Madrid and Berlin.
Proseware has a sales department based in the London office and a research department based in the Berlin office.
The offices connect to each other by using a WAN link. Each office connects directly to the Internet.
Proseware rents space at a hosting company. All offices have a dedicated WAN link to the hosting company.
Web servers that are accessible from the Internet are located at the hosting company.
Active Directory:
The Proseware network contains an Active Directory forest named proseware.com.
The forest contains a single domain. The forest functional level is Windows Server 2012.
Each office contains three domain controllers. An Active Directory site is configured for each office.
System state backups are performed every day on the domain controllers by using System Center 2012 R2 Data Protection Manager (DPM).
Virtulization:
Proseware has Hyper-V hosts that run Windows Server 2012 R2.
Each Hyper-V host manages eight to ten virtual machines.
The Hyper-V hosts are configured as shown in the following table.
All of the Hyper-V hosts store virtual machines on direct-attached storage (DAS).
Servers:
All servers run Windows Server 2012 R2.
All of the servers are virtualized, except for the Hyper- V hosts.
VDI1 and VDI2 use locally attached storage to host virtual hard disk (VHD) files.
The VHDs use the .vhd format.
A line-of-business application named SalesApp is used by the sales department and runs on a server named APP1. APP1 is hosted on HyperV2.
A server named CA1 has the Active Directory Certificate Services server role installed and is configured as an enterprise root certification authority (CA) named
ProsewareCA.
Ten load-balanced web servers hosted on HyperV7 and HyperV8 run the Internet-facing web site that takes orders from Internet customers.
System Center 2012 R2 Operations Manager is used to monitor the health of the servers on the network.
All of the servers are members of the proseware.com domain, except for the servers located in the perimeter network.
Client Computers:
All client computers run either Windows 8.1 or Windows 7. Some of the users in the London office connect to pooled virtual desktops hosted on VDI1 and VDI2.
Problem Statements:
Proseware identifies the following issues on the network:
Virtualization administrators report that the load on the Hyper-V hosts is inconsistent.
The virtualization administrators also report that administrators fail to account for host utilization when creating new virtual machines.
Users in the sales department report that they experience issues when they attempt to access SalesApp from any other network than the one in the London office.
Sometimes, configuration changes are not duplicated properly across the web servers, resulting in customer ordering issues. Web servers are regularly changed.
Demand for virtual desktops is increasing. Administrators report that storage space is becoming an issue as they want to add more virtual machines.
In the past, some personally identifiable information (PII) was exposed when paper shredding procedures were not followed.
Requirements
Planned Changes:
Proseware plans to implement the following changes on the network:
Implement a backup solution for Active Directory.
Relocate the sales department to the Madrid office.
Implement System Center 2012 R2 components, as required.
Protect email attachments sent to Fabrikam that contain PII data so that the attachments cannot be printed.
Implement System Center 2012 R2 Virtual Machine Manager (VMM) to manage the virtual machine infrastructure. Proseware does not plan to use private clouds
in the near future.
Deploy a new Hyper-V host named RESEARCH1 to the Berlin office. RESEARCH1 will be financed by the research department. All of the virtual machines
deployed to RESEARCH1 will use VMM templates.
Technical Requirenments:
Proseware identifies the following virtualization requirements:
The increased demand for virtual desktops must be met.
Once System Center is deployed, all of the Hyper-V hosts must be managed by using VMM.
If any of the Hyper-V hosts exceeds a set number of virtual machines, an administrator must be notified by email.
Network administrators in each location must be responsible for managing the Hyper-V hosts in their respective location. The management of the hosts must be
performed by using VMM.
The network technicians in each office must be able to create virtual machines in their respective office.
The network technicians must be prevented from modifying the host server settings.
New virtual machines must be deployed to RESEARCH1 only if the virtual machine template used to create the machine has a value specified for a custom
property named CostCenter’ that matches Research’.
The web site configurations must be identical on all web servers.
Security Requirenments:
Proseware identifies the following security requirements:
All email messages sent to and from Fabrikam must be encrypted by using digital certificates issued to users by the respective CA of their company. No other
certificates must be trusted between the organizations.
Microsoft Word documents attached to email messages sent from Proseware to Fabrikam must be protected.
Privileges must be minimized, whenever possible.
###EndCaseStudy###
You need to recommend changes to the existing environment to meet the email requirement.
What should you recommend?
A.
Implement a two-way forest trust that has selective authentication.
B.
Implement qualified subordination.
C.
Deploy the FabrikamCA root certificate to all of the client computers.
D.
Deploy a user certificate from FabrikamCA to all of the users.
Explanation:
In the section safety requirements states that all e-mail messages that are sent to the Fabrikam or received by the Fabrikam must be encrypted with a digital
certificate that users issued by a certification body of their respective companies. Other certificates can not be relied upon in relation to the e-mail encryption
between the two companies. Using qualified subordination, you can for subordinate CAs place restrictions on the issue of the certificate and specify use restrictions
issued by those CAs certificates.
With qualified subordination, you can align subordinate CAs to specific certification requirements and the Public Key Infrastructure Public Key Infrastructure (PKI)
more efficiently manage. You can also use qualified subordination establish trust between CAs in separate trust hierarchies. This type of trust relationship is also
called cross-certification. With this trust relationship, qualified subordination is not limited to subordinate CAs. Trusts between hierarchies may be established in
another hierarchy by using a subordinate CA in one hierarchy and the root certification authority.