1 / 42

Chapter 7: Service Sizing and Placement

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure. Chapter 7: Service Sizing and Placement. Exam Objectives. 4.2 Design an Active Directory implementation plan 4.3 Specify the server specifications to meet system requirements

hastin
Download Presentation

Chapter 7: Service Sizing and Placement

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 7: Service Sizing and Placement

  2. Exam Objectives • 4.2 Design an Active Directory implementation plan • 4.3 Specify the server specifications to meet system requirements • 4.2.1 Design the placement of domain controllers and global catalog servers • 4.1 Design a DNS service placement 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  3. Exam Objectives (continued) • 4.2.3 Select the domain controller creation process • 4.2.2 Plan the placement of flexible operations master roles 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  4. The Planning Phase • Factors that contribute to the need for a service placement strategy: • Unreliable WAN links • Nonredundant WAN links • Expensive, overused WAN links • Physically insecure locations • IT hardware budgets 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  5. Logon Time • When designing service placement, time to start up is affected by: • Complexity of startup and logon scripts • Number of group policies processed for the computer and user • Network speed from client to DC, DNS server, and GC 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  6. Active Directory Infrastructure Required for Self-Sufficiency 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  7. Security • Domain controllers (DCs) • House the Active Directory database • Active Directory database • Used to store sensitive information • Of paramount importance • Security of database and DCs housing it 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  8. Location Security Points System 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  9. Replication Overhead • For every DC deployed • Associated replication traffic overhead exists • Important • The testing and measurement of additional network services • Decision to be made • Whether logon times should be optimized or replication traffic minimized 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  10. Active Directory-Aware Applications • Active Directory: • A database used to store objects that exist within the organization • Can also store data relating to applications • Access to stored data can dictate where DCs are located 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  11. User Populations • Role of designer of an Active Directory infrastructure deployment: • Document each location and the number of users at that location • Assess the type of users at each location • Determine if users require Active Directory authentication even in the event of a WAN failure • Create user population bandings • Deploy the appropriate Active Directory infrastructure components 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  12. The Implementation Plan • Designing service placement should: • Introduce a degree of subjectivity • Remove ambiguity where possible • Develop an algorithm that: • Decides which locations should receive infrastructure components • Justifies the need for the infrastructure from budgetary, operational, and political points of view 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  13. Weighted Points Assignment for User Populations 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  14. Weighted Points Assignment for Location Bandwidth 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  15. Weighted Points Assignment for Service Levels 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  16. Weighted Points Assignment for Spoke Sites Supported 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  17. Sizing and Availability • Windows Server 2003 Active Directory supports four different partitions: • Schema • Configuration • Domain • Application Directory partitions 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  18. Sizing Domain Partitions • Size of domain partition in GB = (number of users in domain / 1000) * 0.4 • Above expression allows administrators and architects to estimate the size of the database before deployment 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  19. Domain Partition Size versus Number of Users in the Domain 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  20. Application Directory Partitions • Can be used to store data pertinent to a particular application • Stored data can be replicated to any subset of DCs in the forest deemed appropriate • Discrete partitions within the database 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  21. Domain Controller Sizing and Specification • Recommendations for disk configuration and disk space requirements: • For DCs accessed by fewer than 1000 users, all four can be collocated on the same RAID 1 array • For DCs accessed by more than 1000 users, place logs and database on separate RAID arrays • Place SYSVOL and the database on the same RAID array 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  22. Windows Server 2003 Minimum System Requirements 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  23. Recommended Domain Controller Disk Configurations 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  24. Disk Space Requirements • Database • Allow for 0.4Gb per 1000 users • Logs • Allow at least 500MB free space • SYSVOL • Allow at least 500MB free space • Operating System • Allow at least 1.5GB free space 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  25. Recommended Domain Controller CPU and Memory Requirements 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  26. Placement Considerations • Windows Server 2003 Deployment Resource Kit • Covers DC, GC, FSMO, and DNS service placement and suggests algorithms for each • Figure 7.3 • Focuses on remote administration, physical security, and WAN availability and performance 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  27. Placement Considerations (continued) 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  28. Microsoft Recommended Number of Domain Controllers Per Site 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  29. The Promotion Strategy • Split into two stages: • First stage deals with a review of the server’s configuration • Second stage is the actual promotion 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  30. Manual Promotion • Most popular approach to promoting servers to become DCs • Offers the administrator complete control over the promotion phase • Involves the installation of a Windows Server 2003 member server 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  31. Automated Promotion • Promoting a member server to a DC • Can be automated using a dcpromo answer file • Dcpromo • Can be executed in the following way • dcpromo /answer 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  32. Global Catalog Server Sizing and Specification • Space requirements for GC servers • Active Directory-aware applications • Most important factor when choosing GC placement 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  33. Global Catalog Server Sizing and Specification (continued) 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  34. Global Catalog Server Sizing and Specification (continued) 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  35. DNS Servers • Flexible Single Master Operations Roles: • There are five FSMO roles in all • Two per forest and three per domain • In a forest with five domains • There will be 2 (forest) and 5 * 3 (domain) FSMO roles for a grand total of 17 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  36. Domain Naming Master • Active Directory forest: • May contain many domains • Each domain must have a unique fully qualified domain name (FQDN) • Role must be assigned to precisely one DC in the forest • Responsible for maintaining the authoritative list of domains in the forest 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  37. Schema Master • Schema: • Exists as a partition within Active Directory • Is replicated as a read-only partition to every DC in the forest • DC that houses Schema Master (SM) FSMO role • The only DC in forest that can have schema amendments made to its copy of the Schema partition 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  38. RID Master • When a new security principal is created • It is assigned a unique Security ID (SID) • SID is comprised of two parts: • A domain SID • A relative ID, or RID • RID Master FSMO role • Ensures that different DCs never allocate the same RID to different objects 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  39. Failover and Recovery • Role Transfer • Preferred method of moving FSMO roles from one DC to another • Role Seizure • Role should be seized only if current holder cannot be contacted to transfer the role in a graceful manner • Standby Servers • Facilitates failover 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  40. FSMO Role Transfer and Seizure Best Practices 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  41. Summary • Identify locations that require self-sufficiency • Identify Active Directory-aware applications and their requirements • Assess your organization’s user populations • Create an algorithm to assign service components • Create an implementation plan 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

  42. Summary (continued) • Carefully forecast the size of the Active Directory database • Choose: • Appropriate hardware specification for DCs, GC servers, and DNS servers • Appropriate locations for FSMO roles and plan for FSMO role holder failures • Understand rules and ramifications of seizing and transferring FSMO roles 70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

More Related