Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Marubeni Europe plc Windows 10 Migration Project Ed Briscoe - Infrastructure Technician ST0125 82 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Table of Contents Introduction............................................................................................................................... 2 Evidence .................................................................................................................................... 3 2.1. Knowledge Module 1: Networking and Architecture ........................................................ 3 2.1.1. Working knowledge of: a range of cabling and connectivity, the various types of antennas and wireless systems and IT test equipment ........................................................ 4 2.1.2. Understands maintenance processes and applies them in working practices ........... 8 2.1.3. Understands and applies the basic elements and architecture of computer systems and business IT architecture ............................................................................................... 13 2.1.4. Understands where to apply the relevant numerical skills e.g Binary...................... 16 2.1.5. Understands the relevant networking skills necessary to maintain a secure network ............................................................................................................................................. 17 2.2. Knowledge Module 2: Mobile and Operating Systems.................................................... 30 2.2.1. Understands the similarities, differences and benefits of the current Operating Systems available ................................................................................................................ 30 2.2.2. Understands how to operate remotely and how to deploy and securely integrate mobile devices..................................................................................................................... 30 2.3. Knowledge Module 3: Cloud Services .............................................................................. 31 2.3.1. Understanding and working knowledge of Cloud and Cloud Services ..................... 31 2.4. Knowledge Module 4: Coding and Logic .......................................................................... 31 2.4.1. Understands the similarities and differences between a range of coding and logic 31 2.5. Knowledge Module 5: Business Processes ....................................................................... 32 2.5.1. Understands and complies with business processes ................................................ 32 2.5.2. Working knowledge of business IT skills relevant to the organisation ..................... 32 1 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Introduction Marubeni Europe London office is the headquarters for the EMEA (Europe, the Middle East and Africa) region. This means that I support over 700 computers across 58 difference offices (comprising of Marubeni Europe branch offices, liaison offices, and subsidiaries). Our parent company is Marubeni Corporation and the global HQ is based in Tokyo, Japan. This is important because Marubeni Europe’s IT strategy and projects are directed by Tokyo headquarters. Furthermore, core IT services and infrastructure are partly administered by HQ, so we need to communicate and work with them on a daily basis. In June 2019, Microsoft announced that they will terminate support of Windows 7 in January 2020. Therefore, I received the project from head office to ensure that all 700+ computers across our region were migrated to Windows 10 before December 2019. The actual deployment and workflows to upgrade a machine from Windows 7 to Windows 10 was left up to myself to work out which would be the most time and cost efficient. In addition to migration from Windows 7 to Windows 10, I was also given to the task to make sure that all computers were compliant under Marubeni’s IT Governance and Security (M-IGS) rules which would be enforced by Microsoft’s Azure Active Directory (AAD) or Marubeni’s EMEA domain depending on the geographical location of the office. The geographical location is significant because all our 58 sites are not all connected on the same WAN (Wide Area Network). As London office contains the largest number of users (over 150) and all machines can connect together on the same LAN (LAN), I decided that a network deployment which be the most efficient use of resources to complete the task for this site. I had to then research the tools needed to do this and ultimately settled on Microsoft Deployment Toolkit (MDT). Albeit our mainland branch offices are connected via the WAN, they do not contain many staff (5-20), so it would not be necessary to replicate this server deployment infrastructure. Instead, I opted to burn this network deployment to a USB bootable version so we could physically visit the site and migrate from Windows 7 to Windows 10 manually. For offices further afield in such as Africa and Middle East, I needed to visit the site and with the USB sticks I performed the migration. 2 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Evidence 2.1. Knowledge Module 1: Networking and Architecture Below is a table summarising the standards met for Knowledge Module 1 in this document. The Knowledge Standards Definition of the Minimum Requirements • Working knowledge of: a range of cabling and connectivity, the various types of antennas and wireless systems and IT test equipment • • Understands maintenance processes and applies them in working practices • • • • • • Understands and applies the basic elements and architecture of computer systems and business IT architecture Understands where to apply the relevant numerical skills e.g Binary • • • • • • • • • Understands the relevant networking skills necessary to maintain a secure network • • • • • Understand and identify Ethernet, Coaxial, Fibre optic and RJ 45 connector Understand and identify a range of Cat 1-6 cables Understand and identify Directional, Omni directional, point to point, point to multi point, mobile antennas Understand the types of wireless systems Understand the relevant test equipment associated with each element of the above Understand maintenance tools Understand, configure and manage updates Understand how to manage local storage Understand how to monitor system performance Understand the basic architecture of “computer systems” Understand business IT architecture, taking into account the full range of devices: OS, applications, databases, servers, networking, security and services Understanding of Internet Protocol addresses and how they work Understand how computers see IP addresses Understand and be able to use binary arithmetic and create large numbers from groups of binary units or bits Understanding of Platforms and Data Communications Understanding of the requirements to configure IP settings Understanding how to deploy and configure DNS service Understanding of how to create and configure virtual networks Understanding how to configure/ support networking settings and connectivity Understanding how to configure/ support and maintain network security Understanding how to configure/ support remote management systems Understand why and how to install domain controllers Understand the need for creating and managing Active Directory users and computers Understand how to create and manage Active Directory groups and organizational units (OUs) 3 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe 2.1.1. Working knowledge of: a range of cabling and connectivity, the various types of antennas and wireless systems and IT test equipment Understand and identify Ethernet, Coaxial, Fibre optic and RJ 45 connector I learnt via Microsoft’s that Microsoft Deployment Toolkit did not support a wireless connection so we were going to need to use a cable environment. Having established this, I then needed to understand the different types of cabling how it all connected together. I was able to gain knowledge in this area from my MTA Network Fundamentals exam and then physically observe what was used in our server rooms and office. I concluded that Ethernet is the industry standard technology in connecting devices in a wired local area network (LAN) or wide area network (WAN). However, Ethernet describes how network devices can transmit data so other devices on the same network but an Ethernet cable is the physical, encased wiring over which the data travels. These are very common place in an office environment and see them being used to connect devices to network data points in the floor and also from the patch panel to the switch. Coaxial cable is a type of copper cable specially built with a metal shield to block signal interference over long distances. An important distinction between ethernet and coax is that coax can carry analogue and digital signals. Nowadays coaxial cabling is used more for providing internet, television or telephone services but is being slowly replaced now by optical fibre. Albeit not common place in a business environment, I was able to identify coaxial cable used in our office because we have a satellite tv subscription. Optical fibre is the medium and technology associated with the transmission of data using light pulses. This is traditionally used in long distance and very high-performance networks. Because of this, it is common place to find fibre optic in telecommunication services such as internet, television and telephones. The advantage over using light rather than copper as a medium is that a much higher bandwidth and transmit speed can be accomplished. A disadvantage of optical fibre is the cost of the cabling and associated hardware needed to use it. Due to the increasing amount of data that is transmitted even within a single building office environment, fibre optic can be used to interconnect switches. I have been able to observe fibre optic used in our server room as it connects to our data centre via fibre optic in order to access the internet and our WAN. RJ45 refers to the connector type which is commonly used for ethernet network. It looks similar to a DSL cable but is slightly bigger. Each RJ45 has connector has eight wires, four are solid and four a striped. These eight wires need to be arranged in either 1 of 2 specification in order for data to be transmitted successfully. The most common arrangement is commonly known as ‘crossover’ and the other is ‘straight through’. When you connect two devices of the same type you use a ‘straight through’ cable for example a computer to a switch. When you connect 2 devices of the same type you need to use a ‘crossover cable’ for example 2 computers together. For this project I used straight through cables as I was connecting computers to a switch in order to access server resources. Below is a table containing graphical representations of what each cable and connector type mentioned above looks like. 4 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Image Description Ethernet cable Coaxial cable Fibre Optic RJ 45 Connector Understand and identify a range of Cat 1-6 cables As technology as developed there have been improvements to ethernet cabling speeds and functionality. Each improvement was classified a different ‘category’ or more commonly referred to as ‘Cat’. It can be difficult to distinguish which cat the cables are from visual observation. Therefore, to gather information about cable specifications about cabling I consulted Microsoft’s literature on Networking Fundamentals. I also inspected ethernet cables and found that by reading the printed information along the sheath of the cable it is possible to determined what category the cable belong to. Below is a table summarising the information gathered on Cat cabling: Category Shielding Max Transmission Speed (at 100 Max meters) Bandwidth Cat 3 Unshielded 10 Mbps 16 MHz Cat 5 Unshielded 10/100 Mbps 100 MHz Cat 5e Unshielded 1,000 Mbps / 1 Gbps 100 MHz 5 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Cat 6 Shielded Unshielded Cat 6a Shielded or 1,000 Mbps / 1 Gbps 250 MHz 10,000 Mbps / 10 Gbps 500 MHz Cat 3 and 5 cables are now obsolete, this is simply because they are slow. The ‘e’ in Cat 5e stands for enhanced meaning that these cables are built under more stringent testing standards to eliminate unwanted signal noise (cross talk). Cat 5e is currently the most commonly used cable, mainly due to its low production cost and support for speeds faster than Cat 5 cables. Cat 5e is currently the most commonly used cable, mainly due to its low production cost and support for speeds faster than Cat 5 cables. I therefore opted to use Cat 5 cabling in this project. Cat 6 cables support higher bandwidth and can actually transmit up to 10 Gbps but only up to 55 meters. I did not use these in the project because these cables are more expensive than Cat 5 cables and the transmission speed that Cat 5 offers are sufficient for the use case. Cat 6a goes a step further by being ‘augmented’. This means they can support twice the maximum bandwidth and able to maintain a higher speed over distance. These are always shielded which means there is foil wrapped around each of the four pairs of copper cables to prevent electromagnetic interference. Understand and identify Directional, Omni directional, point to point, point to multi point, mobile antennas As previously mentioned, this project did not involve the use of wireless networks due to poor performance however through my own study and research, I understood that there were different antennas which could have been used in order to try and improve performance. Directional: A directional antenna sends out a signal in a focused way which means the length of the signal can be increased and output gain is high. These are used when you need to specifically connect 2 nodes point to point such as a dish to a satellite or to two buildings together. Omni: These antennas send the signal in all directions around it. Therefore, this type of coverage is most suited to multi point environments such as office or home WiFi where broad coverage would allow clients to move around without losing signal. Understand the types of wireless systems As previously mentioned, Microsoft Deployment Toolkit does not officially support connection via a wireless adapter but after doing some research on various online forums, it is possible to get this working. However, as speed was paramount, I logged onto our Radius authentication server and saw that the wireless access points installed in our office are Wi-Fi 802.11n which can only offer a theoretical maximum file transfer speed of 450 Mbps (using MIMO) compared to 6 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe the ethernet’s 1000 Mbps. It would also not be not cost efficient to purchase and configure new access points adhering to the newer faster 802.11ac albeit the specification states it can reach 1.3Gbps. This speed is also only theoretical not real world unless there is perfect alignment between the access point antenna and device. However, on the device end, I also opened up the laptop to verify the model of the network cards which had been installed. This was done to verify whether the laptops could even benefit from the higher speeds that the 802.11ac specification would offer. It turns out after obtaining pricing from an IT reseller for new access points and network cards, it confirmed that this was not a reasonable option as well as the additional time to manually fit the modems into each host. To finally rule out wireless and to test the theory I learnt, I setup a basic large file transfer (a 4GB ISO file) test between a computer and a file server which resulted in the cabled device completing the transfer considerably quicker. I chose a large file to replicate what would be deployed in the actual migration but also a large file allows for a more accurate file transfer speed to be reached. These technologies utilise radio frequencies (RF) to transmit data wirelessly. RFs are used in wireless communication because of their ability to penetrate through objects and travel long distance. Every day Wi-Fi in homes and businesses use radio waves in the 2.4ghz or 5ghz ranges. However, there are many types of other wireless technologies used in other ranges and the use a different type of electromagnetic radiation which I have summarised below: Technology Infrared Bluetooth Cellular NFC (near field communication) and RFID (Radio-frequency identification) GPS (Global positioning system) Medium Infrared light Use case TV remotes or thermal imaging. Radio waves between 2.402 Short distance data GHz - 2.480GHz communication for headsets and mobile tethering Radio waves 800MHz – Used for 2G – 5G 3400MHz connectivity and communication for mobile phones. Radio waves at 13.56Mhz Used for communication between devices that are 5cm apart or less. Examples are door security reader and wireless payment systems. Microwaves in frequency Global navigation used in between 300MHz to 300Ghz mobiles and wearable technology to provide location, velocity and time synchronisation. Understand the relevant test equipment associated with each element of the above In order to connect the computers to the server I needed to plug them into a floor port in the office which in turn connected them to the same switch that the server was plugged into. The 7 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe computers in this project did not have a network card capable of 10 Gbps so using Cat5e cabling was suitable for this. I was able to obtain all various lengths of Cat5 cabling from our IT supplier but I also made some of my own Cat5 cabling because some computers were far from the nearest data point and needed a bespoke length. To learn this, I was able to able to view from video tutorials found on Youtube. To test that my cabling worked, I used a pair of cable testers which verified the cables were operating on a basic level. To double check they worked before being installed, I used the cable to connect a laptop directly into a switch and checked that the status light turned green on the switch port. I used the same ethernet cable for a power of ethernet Cisco phone to double check that power and data was being successfully transmitted. 2.1.2. Understands maintenance processes and applies them in working practices Understand maintenance tools In order to maintain a computers performance and stability there are several tools which can be used inside of Windows to ensure that there is no hard drive corruption or errors. I acquired this knowledge whilst studying for my MTA Operating Systems certification. These can be used on any system running the Windows Operating Systems. During my deployment I occasionally ran these commands on my server to ensure was operating normally: Screenshot Step Run Command Prompt as administrator in order for changes to the system files can be made. Execute the command chkdsk C: /r Usually the PC needs to be rebooted for it to be initiated. This will check the C: and repair any logical errors and bad sectors. 8 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe After rebooting the PC will go through with the scan. Another command I ran was sfc /scannow. This checks for any corrupted Windows files and can be replaced with a cached copy found on the disk drive. Historically hard drives used a mechanical disk platter type of technology but this has now been superseeded by the much faster solidstate drive. By using the disk defragmenter utility it’s possible to keep old mechanical drives optimally. 9 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Disk clean-up I also used from time to time to remove any unwanted temporary files on the server to free up disk space. Setting up Windows Updates also fetched the latest patches and driver updates to ensure the Operating System was running secure. Every few weeks I use compressed air to blow out dust and debris out of the server that was sucked in by the fans. This was to ensure components did not overheat and fail. Understand how to manage local storage When installing any version of Windows to a hard disk it is possible to partition the drive into logical drives. When I installed Windows on the server, I created 2 partitions. The reason for this was because it was advised from research online to use a secondary partition to hold all the drivers for all models of laptops and ISOs of Windows version. This ensured if there was a problem with the system drive, I would not need to re download all the data again. It is also a cleaner way to organise and manage separate from the Windows OS files. I was able to create the secondary partition by using disk management: 10 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Screenshot Step I opened disk management and right clicked on the available free disk space and crated a ‘new simple volume’. I set the size of the partition to 30GB I assigned the new partition letter E: I chose to format using the NTFS file format as it now the de factor standard. 11 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Now a new E: has been created. Understand how to monitor system performance Ensuring the deployment server performed efficiently was critical. Through my studying of Network Fundamentals, I learnt of the performance monitor tool which I used to monitor such things as systems memory usage, network usage and disk usage. By analysing the graphs when the server was under peak load (so deploying Windows 10 to machines) I was able to see if there were any performance bottlenecks. As there were no issues then it would okay to leave the server in its current configuration, however if there were performance problems, I would have upgraded the spec for example increasing the RAM or installing a faster network interface card. Resource monitor running on server. The above tool is useful to gather a quick snapshot of the current resource availability but also from the server manager dashboard it’s possible to create an alert if certain thresholds are met. Throughout my own exploration of settings on the server I setup a performance alert if the CPU usage got above 85% and memory less than 400MB. This can be seen below. 12 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Performance Alert Thresholds. 2.1.3. Understands and applies the basic elements and architecture of computer systems and business IT architecture Understand the basic architecture of “computer systems” From experience gathered through purchasing hardware for the IT department as well as repairing and upgrading physical systems I have come to understand basic architecture of computer systems. I used this knowledge in particular when purchasing the server that would ultimately run the deployment server so the minimum specification was met for the operating system and its applications. Also, in order to repair or laptop physically I needed to be able to identify components. The below diagram shows an abstract illustration of computer system architecture: CPU Hard Disk RAM Input / Output Basic architecture of a computer system Each computer is comprised of a CPU, RAM, a Hard Disk and some form of input/out. CPU stands for Central Processing Unit. A CPU is responsible for processing and executing instructions, it is considered the ‘brains’ of a computer system. 13 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Random Access Memory (RAM) is where the data the computer is working on is stored while the computer is running. Hard Disk is a device which can store data and ensure that this data still resides even when the power is turned off and then turned on again. RAM does not survive computer restarts. Inputs connect the external environment with the internal computer system. Commonly used input devices are keyboard and mouse. Outputs connect the internal system of a computer to the external environment. Some examples of an output device are printers and monitors. Understand business IT architecture, taking into account the full range of devices: OS, applications, databases, servers, networking, security and services The office I am based in contains 230 machines and I undertook the migration on my own. Therefore, I needed to find the most time efficient method and easiest way to deploy Windows 10 to all computers. I initially had a discussion with the IT infrastructure manager for his expert opinion on what would be the most optimum solution to do this. I established that the design of this system would need to be based on business IT architecture. As many companies still needed to upgrade from Windows 7 to Windows 10, I further researched on the tech forums what other system administrators had done to roll out Windows 10. An operating system manages the computer’s memory and processes as well of its all its software and hardware. It usually provides a graphical interface so humans can operate the computer without needing to know low level computing language. The 2 operating systems I used in this project were Windows Server and Windows 10. I installed Windows Server 2012 which provided the base interface for the server and on top of this I was able to install and configure Deployment Workbench. However, in a business environment it can be expected to find many Operating Systems ranging from mobile (Android, iOS) to Mac and Linux. Windows Services are a core component of the Windows operating system and enable the creation and management of long-running processes. Normally software is launched by the end user and only runs when the user is logged on. Services run in the background and initiate when the computer is booted up. These are crucial because they will manage functions like network connections, sound, data backups and other visual settings. For example, on my server I have the SQL service running the background to ensure access to my driver database is always up and running: 14 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe SQL services running on server. In its most basic definition, a server is a computer used in a network to provide services to a client. Normally servers have more processing powder, memory and storage than a client computer. In this instance I used a server to deploy operating systems to hosts connected to the same network however a server can have many roles such as DNS, DHCP, host webpages and Active Directory. A server has a wide range of uses in a business environment and can also be used to install applications, host web sites, store files and manage telephone systems. Databases are any collection of data or information that is organised for rapid search and retrieval by a computer. I was able to find a video tutorial online on how to download Windows SQL Express 2017 and create a database to automatically install drivers and software depending on the make and mode of the laptop I was upgrading. Databases are normally used in a business to record lots of information in one central place, for example a hospital storing information about their patient’s contact and medical issues. The client-server model describes the relationship in which one program (the client) requests a a service or resources from another program (the server). An example of this is a computer fetching a new IP address from a DHCP server. In order for this to be even possible, computers must be connected to a network. This is possible by using a switch which is a device used to connect devices together on a single Local Area Network (LAN). As I was setting up computers in the same building, I used a switch to connect all the hosts that needed upgrading so they could communicate with the server. A router is also used in a network in order to connect computer networks together, for example a business network with the internet or a branch office’s network. When creating a network with an organisation, security is a critical element. The principle of network security it to use rules and configurations designed to protect the integrity, confidentiality and accessibility of computers and data using both software and hardware technologies. Usually this takes the form of a physical separate device called a firewall that is placed on the edge of the network to restrict incoming and outgoing traffic. Furthermore, a software solution such as an antivirus can be installed on each client to try to mitigate any malicious threats such as a virus. The core infrastructure of a network is connected together using cables for performance and security reasons, but the way end users interact with networks is now wireless. Mobiles and laptops can connect to LAN or guest network via a wireless access point with at least WPA 2 encryption. There may also be a further login portal page in order to access a business’s Wi-Fi. As well as setting system side security, end users have a unique ID and 15 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe a password which also forms another layer of security to access company resources. Every organization requires a degree of network security solutions in place to protect it from the evergrowing landscape of cyber threats in todays world. Combining all the elements above, I used Photoshop to create a physical network diagram below illustrating typical IT business architecture: Basic IT business architecture. 2.1.4. Understands where to apply the relevant numerical skills e.g Binary Understanding of Internet Protocol addresses and how they work Covered in 2.1.5 Understands the relevant networking skills necessary to maintain a secure network Understand how computers see IP addresses Covered in 2.1.5 Understands the relevant networking skills necessary to maintain a secure network Understand and be able to use binary arithmetic and create large numbers from groups of binary units or bits Covered in 2.1.5 Understands the relevant networking skills necessary to maintain a secure network 16 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe 2.1.5. Understands the relevant networking skills necessary to maintain a secure network Understanding of Platforms and Data Communications From my study of the Network Fundamentals I learnt about the seven-layer OSI model. This provides a description of how computer systems communicate over a network. IT professionals use this model to help give a visual as to what is going on within a network in order to troubleshoot and diagnose issues. I have created the OSI model below describing what each layer represents: Application Layer - Human computer interaction layer, where applications can access the network services Presentation Layer - Ensures that data is in a usable format and is where data encryption occurs Session Layer - Maintains connections and is responsible for controlling ports and sessions Transport Layer - Decides which physical path the data will take Network Layer - Transmits data using transmission protocols including TCP UDP Datalink Layer - Define the Format of data on the network Physical Layer - Transmits raw bit stream over the physical medium. 7 layer OSI model During the initial setup of my server, I noticed that the connection was intermittent and unstable. Using the OSI model I was able to use this as a workflow to troubleshoot my problem. I started from the bottom and tested the physical layer so in this case the cables. It turned out that the issue was actually quite simple and that the cabling from the data port to the patch panel was damaged. I tried connecting the server directly to the switch with the same cable and there was no further issues. Understanding of the requirements to configure IP settings Firstly, computers and servers needed to be assigned an IP address so each device can be uniquely identified on the LAN. IPv4 addresses are 32 bit long grouped in octets (for example 192.168.1.5) and IPV6 are 128 bit address (2001:0000:3238:DFE1:0063:0000:0000:FEFB). Secondly, a subnet mask (also made up of 32 bits) is also required to be assigned so the device knows which part of the IP address relates to the host, and then which network segment it belongs to. A common subnet mask is 255.255.255.0. If a host has an IP address of 192.168.1.5 with a subnet mask of 255.255.255.0, this means that network portion of the ID is 192.168.1.X 17 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe and the last 8 bits can be assigned to host. From the subnet mask it is also possible to calculate how many hosts are in that network segment by using binary arithmetic: Computers at their lowest level operates in binary unlike humans which use base 10 for counting. Therefore, the initial step is to convert the 255.255.255.0 to binary which is 11111111. 11111111. 11111111.00000000. Then using the formula h = 2x-2 where x equal thee number of 0’s, the result in 254. The reason why -2 is performed at the end is because there are always 2 addresses reserved which are used for network identity and the broadcast address. Lastly each device on a network needs to be assigned a default gateway. This is needed in case the device needs to communicate with another network outside of its own. For this project I was using a DHCP server already setup on the network but I was shown by Marubeni’s network engineer how I would setup an address pool for hosts to automatically use an IP address from and the lease length. By setting up this pool, devices which were connected to the LAN automatically received a dynamic IP address in order to set the default gateway for all machines, this can be modified through the scope options. IP scope and Lease properties. Setting the default gateway. . However, for the server I set a static IP address. In order to do this, I viewed the existing reservations entries and attempted to make my own reservation. To create a reservation, you need to set the reservation name, IP address and MAC address. I set a static IP address is because this is required for devices which need constant access. Otherwise if the IP address was dynamic, hosts would struggle in finding the server each time they booted up. In Windows OS it is also possible to set the IP address setting manually by visiting the adapter settings of the network and sharing centre. I did this method due to the requirement of needing to setup DNS on the server also. 18 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe IP reservation in DHCP. IP reservation in Windows. A DNS server is set so a computer is able to resolve an IP address from a host name or vice versa. Understanding how to deploy and configure DNS service Domain Name System (DNS) is a service much like a phone book by managing the mapping between names and numbers. DNS servers eliminate the need for humans to memorise IP addresses such as 192.168.1.1 in IPv4, or IP addresses such as 2400:cb00:2048:1::c629:d7a2 in IPv6. Using the video tutorials on ITPro.TV, I was able to add the DNS role to my deployment server and configure it. I did not want to create conflicts and large-scale network issues with the existing DNS servers already on the network so I disabled the DNS service. This allowed me to at least have experience on how to deploy and configure a DNS server. Below is a table of the key steps which I performed. Screenshot Step Set a static IP address and set DNS server to the same address. Add the DNS role to the server. 19 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Open DNS Manager and create forward look up zones (used to map host names to IP addresses for example a printer name or URL) Set the zone type. I selected Primary Zone to imitate setting up an Authoritative DNS server. Enter zone name Create the file where all DNS records will be saved for the above zone name. Disable dynamic updates to avoid 20 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe auto modification of records Create the Host Record so the DNS server know which IP address to resolve the fully qualified domain name to. Now the entry is added Understanding of how to create and configure virtual networks Virtual Local Area Networks (VLANs) allow IT administrators to logically segment a network using the same physical network switch. One main reason to create a VLAN is to isolate broadcast traffic which ensures network performance. If the number of devices within a broadcast domain increases, so does the broadcast traffic within that broadcast domain. Each time a broadcast request is received, the CPU of the device must be interrupted which impacts the processing time of any given instructions. Through further research on the internet I learnt that in order to setup VLANs, the switches ports needed to be reprogrammed. Marubeni Europe’s switches are maintained by a third-party vendor thus it is was not possible to attempt this. Ideally, I would have preferred to put the deployment server onto a VLAN to avoid any traffic to interfere with the regular LAN when migrating hundreds of machines. However, I scheduled a meeting in order to understand what is normally done when creating a VLAN: • • • • Choose a VLAN number Choose a private IP address range for devices on that VLAN to use Configure the switch device with either static or dynamic mode. Configure routing between VLANs as needed. This is usually done separately using a router or a Layer 3 switch. 21 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Understanding how to configure/ support networking settings and connectivity Covered in section 2.1.3 Knowledge Module 1: Networking and Architecture Understanding how to configure/ support and maintain network security This has been partially covered in section 2.1.3 Knowledge Module 1: Networking and Architecture however there are many ways to maintain network security. Through my role working on an IT helpdesk I have encountered and gained experience through various technologies and mechanisms to configure and maintain network security. Below I shall summarise some of the most important areas: Firewall: Firewall devices can be used to secure the borders between a LAN and the internet. They are primarily used to manage network traffic, allowing authorised traffic through while blocking access to non-authorised traffic. Most organisation implement a whitelist strategy so everything is forbidden besides and exceptions made. By shadowing a colleague, I was able to learn how to log onto the FortiGate firewall and setup a simple allow rules for example to allow our franking machine to access the postal system servers. This would protect my server from any unauthorised communication. Fortigate Firewall rules VLANs: As mentioned earlier in this project, a VLANs can limit user access to a certain VLAN, which then allows only authorized users to have access to networks with highly sensitive information. For this deployment server I gave it IP address settings in a network segment which was not accessible from standard end users. Windows and Antivirus Updates: Ensuring that devices are running software with the most recent bug fixes and security patches avoids any exploits from a virus, malware or a potential hacker. After migrating a computer to Windows 10, I then registered the computer to Azure Active Directory (AAD) via Settings > Accounts > Access Work or School. After joining the machine would be synchronised with AAD forced the Semi-annual channel update policy to the PC. 22 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Active Directory: Page 29 mentions some of the security parameters that are implemented in. In addition to these I also disabled file and print sharing on everything other than the file server. This made sure that everybody’s files were not broadcasted to all people on the LAN but also in a public environment like a coffee shop or airport. I was able to reference some guides on the internet to do this and used Group Policy to force this to all machines. Understanding how to configure/ support remote management systems Windows Remote Management (WinRM) is a native Windows built-in remote management protocol to interface with remote computers and servers. This is done via a command line and it is possible to do tasks such as retrieve information about a remote computer or execute a process remotely via a script. By default, it is enabled on all versions of Windows Server 2012 and onwards but it is disabled on all computers. Therefore, I was able to enable it by deploying a group policy: Screenshot Step Create a new GPO at the root domain by right clicking an OU. From here I made several setting changes Firstly I browsed to the setting Configuration > Policies> Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service 23 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Then clicked ‘Enable’ radio button and then put a * in order to apply this any computer connected to the network. Secondly the WinRM service then needs to be enabled on each machine do by browsing to Services under Computer Configuration. Then right click on services and click on new Lastly an exception needs to be created in Windows Defender Firewall to allow the WinRM to be accessed. I browsed to the following setting as per the screenshot and created a new rule. 24 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe The bottom box I unticked because I want to only allow access to machines from the same domain. The final dialogue box confirms the connection to be allowed. Now all three of these settings will be applied to any user that logs into a computer on the marubenieurope.test domain Understand why and how to install domain controllers A Domain Controller (DC) is a server in the Windows network that allows users to access domain resources. Its main purpose is to authenticate users in a network. The DC listens to authentication requests from users in the network and verifies them based on their usernames and passwords. The Domain Controller hosts the Active Directory Domain Services as well as a wide range of other services. An example is the W32time which is service that uses Network Time Protocol (NTP) to synchronize time and date for all computers joined to the Active Directory. The best practice for businesses that use Active Directory is to have at least two domain controllers. This is for redundancy, so that if one goes down, the company can keep working. Usually one server acts at the Single Primary Domain controller and one or more act as a Backup Domain Controller. Another benefit of having multiple DCs is to improve speed. For example, in 25 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Marubeni Europe we have a domain controller in London as well in our Paris, Milan and Dusseldorf branches. This is done so users in an aforementioned branch can authenticate and receive policies locally which is much quicker than having to authenticate back to a domain controller in London. As Marubeni Europe already has multiple Domain Controllers setup, I was not able to create one which would be used in a live environment however on my deployment I was able to practice installing one and just disable the AD service. The screenshots below show the major steps to required: Screenshot Step Clicked Add Role and Features. Set as role based. Select target server. 26 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Add and install the Active Directory Domain Server Promote the server to be a domain controller As this is a test server, I created a dummy domain name. Directory Services Restore Mode is a safe mode boot option for Windows Server domain controllers. It allows Administrator to repair or recover the AD database. 27 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe Verify that the DC was installed successfully by checking in AD UC Understand the need for creating and managing Active Directory users and computers Active Directory (AD) is a Microsoft technology that is installed when the Active Directory Domain Services is set up in the Domain Controller. AD essentially is database that stores objects such as groups, computers, printers, file shares, group policies, and file permissions. The most crucial role of the Active Directory is to handle user authentication in the domain network. It accomplishes this by allowing only authorized users to log into the network. The benefit of using these technologies allows businesses to build a scalable and centrally managed Windows network. Below are some specific examples as to why Active Directory is needed in an organisation. Roaming profiles: In a domain setup, users can login into any machine that is in the domain using their standard active directory credentials. Normally the user experience is not consistent across computers because none the individual settings are stored locally on a computer. With roaming profiles, it is possible to log into any machine on the domain and fetch all the user’s personalised settings. Windows Update Services (WSUS): Without a Windows domain, each PC has individual settings for Windows updates which creates security concerns and puts pressure on the internet connection. Using WSUS it is possible to set a single update policy which all the machines will adhere to. Additionally, the patches and updates are cached on the domain controller so that they are not downloaded again and again from the public internet. Security policies: An Active Directory user account will conform to a central password policy. This allows the business to enforce password complexity and frequent changes across the whole business, something which greatly tightens security. Other security settings such as enforcing an automatic lockout, forced drive encryption and control of read/write external media can be implemented. Volume Shadow Copies: If using a Windows file server in a domain environment, it is possible for users to restore previous versions of files and folders on a self-service basis from their computers. Software installation: It is possible to deploy business critical software such as Microsoft Office to any machine from a centralised server. This can also be run silently requiring no user 28 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe intervention. It is also an efficient way to deploy updated version of software such as a web browser without having to change the setting on each user’s computer. Printer management: Domain controllers allow businesses to centrally manage printers and their queue. This allows the automatic deployment of printers to those who are only permitted to use them. Also, it is possible to control where the print jobs Single sign-on: In an organization, there are many different applications used. Usually each of these applications has a different authentication mechanism and login credentials. Most application vendors support integration with Active Directory for authentication. This means that with Active Directory credentials, you can authenticate on different systems and applications used by your organization. Therefore, this limits the amount of user’s names and passwords that users need to remember. Understand how to create and manage Active Directory groups and organizational units (OUs) I have created a video below demonstrating how to create and manage groups and organisational units (OUs) in Active Directory. The video shows the following: • • • • Creation of OUs which represent each of our branch offices Creation of sub OUs to separate out users from computers Populated branches with some users and created a security group Created some computer objects 29 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe 2.2. Knowledge Module 2: Mobile and Operating Systems 2.2.1. Understands the similarities, differences and benefits of the current Operating Systems available Understanding of different platforms Understand the process for constructing PCs with applied software utilised Understand and be able to apply knowledge to various operating systems with installations required for end to end testing Understand native applications and tools Understand security principles associated with different platforms and operating systems 2.2.2. Understands how to operate remotely and how to deploy and securely integrate mobile devices Undertake a Data Network Deployed Exercise to implement and deploy remote mobile communications technology Understand Secure Communications Interfaces for mobile connectivity Understand mobility Understand remote management and assistance Understand security in mobile devices Understanding of configuration to: -Support remote access/connections -Support mobility options -Support security for mobile devices 30 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe 2.3. Knowledge Module 3: Cloud Services 2.3.1. Understanding and working knowledge of Cloud and Cloud Services Understand how to create and configure virtual machines Understand hosted applications, such as: email, server, storage, desktops Understand and explain provision tenants Understand how to configure secure passwords and management of passwords Understand how to manage user and security groups and/or cloud identities and their importance Understand how to configure DNS records for services Understand how to enable client connectivity to Cloud Service 2.4. Knowledge Module 4: Coding and Logic 2.4.1. Understands the similarities and differences between a range of coding and logic Understand working/scripting at command line: particularly when supporting any server work Understand and recognise different coding and language Understand application lifecycle management Understand algorithms and data structures Understand web page development 31 of 32 Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82 Ed Briscoe 2.5. Knowledge Module 5: Business Processes 2.5.1. Understands and complies with business processes Understanding of Security Operating Procedures Understanding of and ability to work confidentially Understanding of how to work within the Company Operating Procedures Understanding and ability to comply with Data Protection 2.5.2. Working knowledge of business IT skills relevant to the organisation Understanding of company IT requirements Understanding of company IT systems and platforms Understanding of company IT business required skills Understand software lifecycles Understanding of desktop applications, messaging systems, document management 32 of 32