###BeginCaseStudy###
Testlet 1
Overview
Existing Environment
Active Directory Environment
The network contains a single Active Directory production forest named woodgrovebank.com.
Currently, there is no trust relationship between the Active Directory forests of Woodgrove Bank and Contoso.
Network Environment
Woodgrove Bank has a perimeter network that hosts Internet-facing servers.
Woodgrove Bank uses Hyper-V Network Virtualization to isolate its production, development, and test
environments.
Woodgrove Bank has a Microsoft Azure subscription.
System Center Environment
Woodgrove Bank deploys infrastructure servers that host the following System Center 2012 R2 components.
Operations Manager
Data Protection Manager (DPM)
Virtual Machine Manager (VMM)
Woodgrove Bank plans to deploy Service Provider Foundation, System Center 2012 R2 Orchestrator, and
System Center 2012 R2 Service Manager.
All of the internal Hyper-V hosts and the file servers on the Woodgrove Bank network are registered with VMM.
VMM and Windows Server Update Services (WSUS) are integrated. Woodgrove Bank has three VMM logical
networks intended for clients, management, and storage. Each VMM logical network is configured to use a host
group of All Hosts.
The Operations Manager agent is deployed to each server.
On-premises Computing and Application Environment
The main office has the servers configured as shown in the following table.
Server5 and Server6 were added to VMM by using explicit user credentials.
A Windows update named Update1 is part of the baseline assigned to All Hosts.
Server3 is configured to have a 2-TB storage pool. Tapes are used for long term backup.
An application named App2 is installed on Server9. App2 requires complex installation and manual setup.
RequirementsPlanned Changes
Woodgrove Bank plans to implement the following changes:
Deploy Service Manager.
Integrate Orchestrator and Service Manager.
Deploy all of the components of Orchestrator.
Deploy Service Provider Foundation to Server2.
Replace the tape backups with Microsoft Azure Backup.
Use a domain account named WOODGROVEBANK\\vmmuser1 to view and modify the IP address space in
IPAM.
Provide additional SMB storage to Server7 from Server5.
Provide additional iSCSI storage to Server7 from Server5.
Connectivity Requirements
Woodgrove Bank identifies the following connectivity requirements:
Minimize the Internet bandwidth used by the backups.
Create a logical switch that will allow you to restrict host access to the logical networks of the clients only.
Provide external connectivity to the virtual machine networks that are isolated from the clients by using the
Network Virtualization using Generic Routing Encapsulation (NVGRE) gateway.
Application Requirements
Woodgrove Bank identifies the following application requirements:
Minimize the number of VMM service template versions used to deploy App1.
Create Server App-V packages while minimizing the impact on the existing environment.
Deploy five instances of a multi-tier application named App1 by using a VMM service template. Each
instance will have different deployment settings.
Compliance Requirements
Woodgrove Bank identifies the following compliance requirements:
Use the principle of least priviledge, whenever possible.
Leverage Azure-based services for assessing the on-premises environment.
Exclude Server7 from the installation of Update1. The missing patch must not affect the compliance status
of Server7 against the baseline assigned to All Hosts.
###EndCaseStudy###
You need to implement VMM IPAM to meet the manageability requirements.
To which two groups should you add WOODGROVEBANK\\vmmuser1?
A.
Remote Management Users on Server10
B.
IPAM ASM Administrators on Server10
C.
Remote Management Users on Server4
D.
IPAM MSM Administrators on Server10
E.
IPAM Administrators on Server10
Explanation:
Before you can add an IPAM server to your configuration in VMM, you must perform the following actions:
1. (this has already been done here) On a server running Windows Server 2012 R2, install the IPAM feature by
using Add Roles and Features (in Server Manager) or Windows PowerShell commands. Then configure the
IPAM server as described in the relevant IPAM documentation.
2. Create or identify a domain account and, to avoid issues with expiration of the password, ensure that theaccount is set to never expire. Then, on the IPAM server, ensure that the account has at least the minimum
necessary permissions by adding the account to the following two groups:
/ IPAM ASM Administrators: A local group that exists on all IPAM servers, and provides permissions for IP
address space management (ASM).
/ Remote Management Users: A built-in group that provides access to WMI resources through management
protocols, such as WS-Management through the Windows Remote Management service.
Scenario:
* Use a domain account named WOODGROVEBANK\\vmmuser1 to view and modify the IP address space in
IPAM.
* Server4 is a VMM running Windows Server 2012 R2
* Server10 is IP Address Management (IPAM)