430 likes | 558 Views
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure. Chapter 7: Service Sizing and Placement. Exam Objectives. 4.2 Design an Active Directory implementation plan 4.3 Specify the server specifications to meet system requirements
E N D
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 7: Service Sizing and Placement
Exam Objectives • 4.2 Design an Active Directory implementation plan • 4.3 Specify the server specifications to meet system requirements • 4.2.1 Design the placement of domain controllers and global catalog servers • 4.1 Design a DNS service placement 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Exam Objectives (continued) • 4.2.3 Select the domain controller creation process • 4.2.2 Plan the placement of flexible operations master roles 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
The Planning Phase • Factors that contribute to the need for a service placement strategy: • Unreliable WAN links • Nonredundant WAN links • Expensive, overused WAN links • Physically insecure locations • IT hardware budgets 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Logon Time • When designing service placement, time to start up is affected by: • Complexity of startup and logon scripts • Number of group policies processed for the computer and user • Network speed from client to DC, DNS server, and GC 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Active Directory Infrastructure Required for Self-Sufficiency 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Security • Domain controllers (DCs) • House the Active Directory database • Active Directory database • Used to store sensitive information • Of paramount importance • Security of database and DCs housing it 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Location Security Points System 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Replication Overhead • For every DC deployed • Associated replication traffic overhead exists • Important • The testing and measurement of additional network services • Decision to be made • Whether logon times should be optimized or replication traffic minimized 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Active Directory-Aware Applications • Active Directory: • A database used to store objects that exist within the organization • Can also store data relating to applications • Access to stored data can dictate where DCs are located 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
User Populations • Role of designer of an Active Directory infrastructure deployment: • Document each location and the number of users at that location • Assess the type of users at each location • Determine if users require Active Directory authentication even in the event of a WAN failure • Create user population bandings • Deploy the appropriate Active Directory infrastructure components 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
The Implementation Plan • Designing service placement should: • Introduce a degree of subjectivity • Remove ambiguity where possible • Develop an algorithm that: • Decides which locations should receive infrastructure components • Justifies the need for the infrastructure from budgetary, operational, and political points of view 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Weighted Points Assignment for User Populations 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Weighted Points Assignment for Location Bandwidth 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Weighted Points Assignment for Service Levels 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Weighted Points Assignment for Spoke Sites Supported 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Sizing and Availability • Windows Server 2003 Active Directory supports four different partitions: • Schema • Configuration • Domain • Application Directory partitions 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Sizing Domain Partitions • Size of domain partition in GB = (number of users in domain / 1000) * 0.4 • Above expression allows administrators and architects to estimate the size of the database before deployment 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Domain Partition Size versus Number of Users in the Domain 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Application Directory Partitions • Can be used to store data pertinent to a particular application • Stored data can be replicated to any subset of DCs in the forest deemed appropriate • Discrete partitions within the database 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Domain Controller Sizing and Specification • Recommendations for disk configuration and disk space requirements: • For DCs accessed by fewer than 1000 users, all four can be collocated on the same RAID 1 array • For DCs accessed by more than 1000 users, place logs and database on separate RAID arrays • Place SYSVOL and the database on the same RAID array 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Windows Server 2003 Minimum System Requirements 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Recommended Domain Controller Disk Configurations 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Disk Space Requirements • Database • Allow for 0.4Gb per 1000 users • Logs • Allow at least 500MB free space • SYSVOL • Allow at least 500MB free space • Operating System • Allow at least 1.5GB free space 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Recommended Domain Controller CPU and Memory Requirements 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Placement Considerations • Windows Server 2003 Deployment Resource Kit • Covers DC, GC, FSMO, and DNS service placement and suggests algorithms for each • Figure 7.3 • Focuses on remote administration, physical security, and WAN availability and performance 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Placement Considerations (continued) 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Microsoft Recommended Number of Domain Controllers Per Site 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
The Promotion Strategy • Split into two stages: • First stage deals with a review of the server’s configuration • Second stage is the actual promotion 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Manual Promotion • Most popular approach to promoting servers to become DCs • Offers the administrator complete control over the promotion phase • Involves the installation of a Windows Server 2003 member server 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Automated Promotion • Promoting a member server to a DC • Can be automated using a dcpromo answer file • Dcpromo • Can be executed in the following way • dcpromo /answer 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Global Catalog Server Sizing and Specification • Space requirements for GC servers • Active Directory-aware applications • Most important factor when choosing GC placement 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Global Catalog Server Sizing and Specification (continued) 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Global Catalog Server Sizing and Specification (continued) 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
DNS Servers • Flexible Single Master Operations Roles: • There are five FSMO roles in all • Two per forest and three per domain • In a forest with five domains • There will be 2 (forest) and 5 * 3 (domain) FSMO roles for a grand total of 17 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Domain Naming Master • Active Directory forest: • May contain many domains • Each domain must have a unique fully qualified domain name (FQDN) • Role must be assigned to precisely one DC in the forest • Responsible for maintaining the authoritative list of domains in the forest 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Schema Master • Schema: • Exists as a partition within Active Directory • Is replicated as a read-only partition to every DC in the forest • DC that houses Schema Master (SM) FSMO role • The only DC in forest that can have schema amendments made to its copy of the Schema partition 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
RID Master • When a new security principal is created • It is assigned a unique Security ID (SID) • SID is comprised of two parts: • A domain SID • A relative ID, or RID • RID Master FSMO role • Ensures that different DCs never allocate the same RID to different objects 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Failover and Recovery • Role Transfer • Preferred method of moving FSMO roles from one DC to another • Role Seizure • Role should be seized only if current holder cannot be contacted to transfer the role in a graceful manner • Standby Servers • Facilitates failover 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
FSMO Role Transfer and Seizure Best Practices 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Summary • Identify locations that require self-sufficiency • Identify Active Directory-aware applications and their requirements • Assess your organization’s user populations • Create an algorithm to assign service components • Create an implementation plan 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
Summary (continued) • Carefully forecast the size of the Active Directory database • Choose: • Appropriate hardware specification for DCs, GC servers, and DNS servers • Appropriate locations for FSMO roles and plan for FSMO role holder failures • Understand rules and ramifications of seizing and transferring FSMO roles 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure