###BeginCaseStudy###
Case Study 5: Contoso Ltd Case B
Contoso, Ltd., is a software development company. The company has a main office in Seattle and branch offices that are located in Los Angeles and New Delhi.
Contoso’s sales staff are all located in the Los Angeles office. Contoso’s software developers are all located in the New Delhi office.
Current Environment
The network for the Seattle office contains:
– 2 domain controllers with integrated DNS
– 200 Windows workstations
– 14-node Hyper-V cluster
– 1 file server with multiple shares
– 1 Active Directory Rights Management Services (AD RMS) cluster
The network for the Los Angeles office contains:
– 2 domain controllers with integrated DNS
– 100 Windows workstations
– 1 file server with multiple shares
The network for the New Delhi office contains:
– 2 domain controllers with integrated DNS
– 300 Windows workstations
– 10 Hyper-V servers that host 100 development virtual machines (VMs)
– 50 production virtual machines that are hosted in Azure
All the Contoso offices connect to each other by using VPN links, and each office is connected to the Internet.
Contoso has a single Active Directory Domain Services (AD DS) domain named contoso.com. Contoso.com has a configured certification authority (CA). Contoso
currently leverages System Center Virtual Machine Manager 2012 R2 to manage its virtual environment servers.
Contoso uses an application named HRApp1 for its human resources (HR) department. HR users report that the application stops responding and must be
restarted before they can continue their work.
Fabrikam Inc
Contoso has recently acquired Fabrikam. Inc. Fabrikam has a single office that is located in Seattle.
Fabrikam has a single AD DS domain named fabrikam.com.
The network for Fabrikam contains:
– 2 domain controllers with Active Directory-integrated DNS
– 150 Windows workstations
– 5 Hyper-V servers
– 1 file server with multiple shares
A two-way trust exists between Contoso.com and Fabrikam.com.
Business Requirements
Consolidation
Contoso must complete the consolidation of the Contoso and Fabrikam networks.
The consolidation of the two networks must:
– Minimize all hardware and software costs.
– Minimize WAN traffic.
– Enable the users by providing self-service whenever possible.
Security
Contoso requires that all Windows client devices must be encrypted with BitLocker by using the Trusted Platform
The CA for the domain contoso.com must be designated as the resource forest. The domain fabrikam.com must leverage certificates that are issued by the
domain contoso.com.
Other Information
HRApp1
Each time HRApp1 stops responding and is restarted, an incident must be created and associated with the existing problem ticket.
Development environment
You have the following requirements:
– Developers must be able to manage their own VM checkpoints.
– You must implement a disaster recovery strategy for development virtual machines.
Technical Requirements
Windows System Updates
You have the following system update requirements:
– Consolidate reporting of all software updates in all offices.
– Software updates must be applied to all Windows devices.
– Ensure the ability to report on update compliance.
Monitoring
You have the following monitoring requirements:
– Each time HRApp1 shows performance problems, ensure that a ticket is created.
– When performance problems are resolved, ensure that the ticket closes automatically.
Security
You have the following security requirements:
– Ensure that all documents are protected.
– Ensure that contoso.com domain users get use licenses for RMS-protected documents from the domain contoso.com.
– Ensure that fabrikam.com domain users get use licenses for RMS-protected documents from the domain contoso.com.
###EndCaseStudy###
Drag and Drop Question
You need to implement the network Unlock feature to meet the BitLocker requirements.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Answer: 
Explanation:
Certbase notes:
Updated: October 17, 2014
Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8
This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it.
Network Unlock was introduced in Windows 8 and Windows Server 2012 as a BitLocker protector option for operating system volumes. Network Unlock enables
easier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system
reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware.
Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be entered when a computer reboots or resumes from
hibernation (for example, by Wake on LAN). This can make it difficult to enterprises to roll out software patches to unattended desktops and remotely administered
servers.
Network Unlock allows BitLocker-enabled systems with TPM+PIN and that meet the hardware requirements to boot into Windows without user intervention. Network
Unlock works in a similar fashion to the TPM+StartupKey at boot. Rather than needing to read the StartupKey from USB media, however, the key for Network
Unlock is composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure session.
This topic contains:
https://technet.microsoft.com/en-gb/library/jj574173.aspx
