Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by Ed Briscoe

Windows 10 Migration Project V1

advertisement 
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Marubeni Europe plc
Windows 10
Migration Project
Ed Briscoe - Infrastructure Technician ST0125 82
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Table of Contents
Introduction............................................................................................................................... 2
Evidence .................................................................................................................................... 3
2.1. Knowledge Module 1: Networking and Architecture ........................................................ 3
2.1.1. Working knowledge of: a range of cabling and connectivity, the various types of
antennas and wireless systems and IT test equipment ........................................................ 4
2.1.2. Understands maintenance processes and applies them in working practices ........... 8
2.1.3. Understands and applies the basic elements and architecture of computer systems
and business IT architecture ............................................................................................... 13
2.1.4. Understands where to apply the relevant numerical skills e.g Binary...................... 16
2.1.5. Understands the relevant networking skills necessary to maintain a secure network
............................................................................................................................................. 17
2.2. Knowledge Module 2: Mobile and Operating Systems.................................................... 30
2.2.1. Understands the similarities, differences and benefits of the current Operating
Systems available ................................................................................................................ 30
2.2.2. Understands how to operate remotely and how to deploy and securely integrate
mobile devices..................................................................................................................... 30
2.3. Knowledge Module 3: Cloud Services .............................................................................. 31
2.3.1. Understanding and working knowledge of Cloud and Cloud Services ..................... 31
2.4. Knowledge Module 4: Coding and Logic .......................................................................... 31
2.4.1. Understands the similarities and differences between a range of coding and logic 31
2.5. Knowledge Module 5: Business Processes ....................................................................... 32
2.5.1. Understands and complies with business processes ................................................ 32
2.5.2. Working knowledge of business IT skills relevant to the organisation ..................... 32
1 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Introduction
Marubeni Europe London office is the headquarters for the EMEA (Europe, the Middle East and
Africa) region. This means that I support over 700 computers across 58 difference offices
(comprising of Marubeni Europe branch offices, liaison offices, and subsidiaries).
Our parent company is Marubeni Corporation and the global HQ is based in Tokyo, Japan. This
is important because Marubeni Europe’s IT strategy and projects are directed by Tokyo
headquarters. Furthermore, core IT services and infrastructure are partly administered by HQ,
so we need to communicate and work with them on a daily basis.
In June 2019, Microsoft announced that they will terminate support of Windows 7 in January
2020. Therefore, I received the project from head office to ensure that all 700+ computers across
our region were migrated to Windows 10 before December 2019. The actual deployment and
workflows to upgrade a machine from Windows 7 to Windows 10 was left up to myself to work
out which would be the most time and cost efficient.
In addition to migration from Windows 7 to Windows 10, I was also given to the task to make
sure that all computers were compliant under Marubeni’s IT Governance and Security (M-IGS)
rules which would be enforced by Microsoft’s Azure Active Directory (AAD) or Marubeni’s EMEA
domain depending on the geographical location of the office.
The geographical location is significant because all our 58 sites are not all connected on the same
WAN (Wide Area Network). As London office contains the largest number of users (over 150)
and all machines can connect together on the same LAN (LAN), I decided that a network
deployment which be the most efficient use of resources to complete the task for this site. I had
to then research the tools needed to do this and ultimately settled on Microsoft Deployment
Toolkit (MDT).
Albeit our mainland branch offices are connected via the WAN, they do not contain many staff
(5-20), so it would not be necessary to replicate this server deployment infrastructure. Instead,
I opted to burn this network deployment to a USB bootable version so we could physically visit
the site and migrate from Windows 7 to Windows 10 manually. For offices further afield in such
as Africa and Middle East, I needed to visit the site and with the USB sticks I performed the
migration.
2 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Evidence
2.1. Knowledge Module 1: Networking and Architecture
Below is a table summarising the standards met for Knowledge Module 1 in this document.
The Knowledge Standards
Definition of the Minimum Requirements
•
Working knowledge of: a range of
cabling and connectivity, the
various types of antennas and
wireless systems and IT test
equipment
•
•
Understands maintenance
processes and applies them in
working practices
•
•
•
•
•
•
Understands and applies the basic
elements and architecture of
computer systems and business IT
architecture
Understands where to apply the
relevant numerical skills e.g Binary
•
•
•
•
•
•
•
•
•
Understands the relevant
networking skills necessary to
maintain a secure network
•
•
•
•
•
Understand and identify Ethernet, Coaxial, Fibre optic and RJ 45
connector
Understand and identify a range of Cat 1-6 cables
Understand and identify Directional, Omni directional, point to
point, point to multi point, mobile antennas Understand the types
of wireless systems
Understand the relevant test equipment associated with each
element of the above
Understand maintenance tools
Understand, configure and manage updates
Understand how to manage local storage
Understand how to monitor system performance
Understand the basic architecture of “computer systems”
Understand business IT architecture, taking into account the full
range of devices: OS, applications, databases, servers, networking,
security and services
Understanding of Internet Protocol addresses and how they work
Understand how computers see IP addresses
Understand and be able to use binary arithmetic and create large
numbers from groups of binary units or bits
Understanding of Platforms and Data Communications
Understanding of the requirements to configure IP settings
Understanding how to deploy and configure DNS service
Understanding of how to create and configure virtual networks
Understanding how to configure/ support networking settings and
connectivity
Understanding how to configure/ support and maintain network
security
Understanding how to configure/ support remote management
systems
Understand why and how to install domain controllers
Understand the need for creating and managing Active Directory
users and computers
Understand how to create and manage Active Directory groups
and organizational units (OUs)
3 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
2.1.1. Working knowledge of: a range of cabling and connectivity, the various
types of antennas and wireless systems and IT test equipment
Understand and identify Ethernet, Coaxial, Fibre optic and RJ 45 connector
I learnt via Microsoft’s that Microsoft Deployment Toolkit did not support a wireless connection
so we were going to need to use a cable environment. Having established this, I then needed to
understand the different types of cabling how it all connected together. I was able to gain
knowledge in this area from my MTA Network Fundamentals exam and then physically observe
what was used in our server rooms and office. I concluded that Ethernet is the industry standard
technology in connecting devices in a wired local area network (LAN) or wide area network
(WAN). However, Ethernet describes how network devices can transmit data so other devices
on the same network but an Ethernet cable is the physical, encased wiring over which the data
travels. These are very common place in an office environment and see them being used to
connect devices to network data points in the floor and also from the patch panel to the switch.
Coaxial cable is a type of copper cable specially built with a metal shield to block signal
interference over long distances. An important distinction between ethernet and coax is that
coax can carry analogue and digital signals. Nowadays coaxial cabling is used more for providing
internet, television or telephone services but is being slowly replaced now by optical fibre. Albeit
not common place in a business environment, I was able to identify coaxial cable used in our
office because we have a satellite tv subscription.
Optical fibre is the medium and technology associated with the transmission of data using light
pulses. This is traditionally used in long distance and very high-performance networks. Because
of this, it is common place to find fibre optic in telecommunication services such as internet,
television and telephones. The advantage over using light rather than copper as a medium is
that a much higher bandwidth and transmit speed can be accomplished. A disadvantage of
optical fibre is the cost of the cabling and associated hardware needed to use it. Due to the
increasing amount of data that is transmitted even within a single building office environment,
fibre optic can be used to interconnect switches. I have been able to observe fibre optic used in
our server room as it connects to our data centre via fibre optic in order to access the internet
and our WAN.
RJ45 refers to the connector type which is commonly used for ethernet network. It looks similar
to a DSL cable but is slightly bigger. Each RJ45 has connector has eight wires, four are solid and
four a striped. These eight wires need to be arranged in either 1 of 2 specification in order for
data to be transmitted successfully. The most common arrangement is commonly known as
‘crossover’ and the other is ‘straight through’. When you connect two devices of the same type
you use a ‘straight through’ cable for example a computer to a switch. When you connect 2
devices of the same type you need to use a ‘crossover cable’ for example 2 computers together.
For this project I used straight through cables as I was connecting computers to a switch in order
to access server resources.
Below is a table containing graphical representations of what each cable and connector type
mentioned above looks like.
4 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Image
Description
Ethernet cable
Coaxial cable
Fibre Optic
RJ 45 Connector
Understand and identify a range of Cat 1-6 cables
As technology as developed there have been improvements to ethernet cabling speeds and
functionality. Each improvement was classified a different ‘category’ or more commonly
referred to as ‘Cat’. It can be difficult to distinguish which cat the cables are from visual
observation. Therefore, to gather information about cable specifications about cabling I
consulted Microsoft’s literature on Networking Fundamentals. I also inspected ethernet cables
and found that by reading the printed information along the sheath of the cable it is possible to
determined what category the cable belong to. Below is a table summarising the information
gathered on Cat cabling:
Category Shielding
Max Transmission Speed (at 100 Max
meters)
Bandwidth
Cat 3
Unshielded
10 Mbps
16 MHz
Cat 5
Unshielded
10/100 Mbps
100 MHz
Cat 5e
Unshielded
1,000 Mbps / 1 Gbps
100 MHz
5 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Cat 6
Shielded
Unshielded
Cat 6a
Shielded
or
1,000 Mbps / 1 Gbps
250 MHz
10,000 Mbps / 10 Gbps
500 MHz
Cat 3 and 5 cables are now obsolete, this is simply because they are slow.
The ‘e’ in Cat 5e stands for enhanced meaning that these cables are built under more stringent
testing standards to eliminate unwanted signal noise (cross talk). Cat 5e is currently the most
commonly used cable, mainly due to its low production cost and support for speeds faster than
Cat 5 cables. Cat 5e is currently the most commonly used cable, mainly due to its low production
cost and support for speeds faster than Cat 5 cables. I therefore opted to use Cat 5 cabling in
this project.
Cat 6 cables support higher bandwidth and can actually transmit up to 10 Gbps but only up to
55 meters. I did not use these in the project because these cables are more expensive than Cat
5 cables and the transmission speed that Cat 5 offers are sufficient for the use case.
Cat 6a goes a step further by being ‘augmented’. This means they can support twice the
maximum bandwidth and able to maintain a higher speed over distance. These are always
shielded which means there is foil wrapped around each of the four pairs of copper cables to
prevent electromagnetic interference.
Understand and identify Directional, Omni directional, point to point, point to multi point,
mobile antennas
As previously mentioned, this project did not involve the use of wireless networks due to poor
performance however through my own study and research, I understood that there were
different antennas which could have been used in order to try and improve performance.
Directional: A directional antenna sends out a signal in a focused way which means the length
of the signal can be increased and output gain is high. These are used when you need to
specifically connect 2 nodes point to point such as a dish to a satellite or to two buildings
together.
Omni: These antennas send the signal in all directions around it. Therefore, this type of coverage
is most suited to multi point environments such as office or home WiFi where broad coverage
would allow clients to move around without losing signal.
Understand the types of wireless systems
As previously mentioned, Microsoft Deployment Toolkit does not officially support connection
via a wireless adapter but after doing some research on various online forums, it is possible to
get this working. However, as speed was paramount, I logged onto our Radius authentication
server and saw that the wireless access points installed in our office are Wi-Fi 802.11n which can
only offer a theoretical maximum file transfer speed of 450 Mbps (using MIMO) compared to
6 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
the ethernet’s 1000 Mbps. It would also not be not cost efficient to purchase and configure new
access points adhering to the newer faster 802.11ac albeit the specification states it can reach
1.3Gbps. This speed is also only theoretical not real world unless there is perfect alignment
between the access point antenna and device.
However, on the device end, I also opened up the laptop to verify the model of the network
cards which had been installed. This was done to verify whether the laptops could even benefit
from the higher speeds that the 802.11ac specification would offer. It turns out after obtaining
pricing from an IT reseller for new access points and network cards, it confirmed that this was
not a reasonable option as well as the additional time to manually fit the modems into each host.
To finally rule out wireless and to test the theory I learnt, I setup a basic large file transfer (a 4GB
ISO file) test between a computer and a file server which resulted in the cabled device
completing the transfer considerably quicker. I chose a large file to replicate what would be
deployed in the actual migration but also a large file allows for a more accurate file transfer
speed to be reached.
These technologies utilise radio frequencies (RF) to transmit data wirelessly. RFs are used in
wireless communication because of their ability to penetrate through objects and travel long
distance. Every day Wi-Fi in homes and businesses use radio waves in the 2.4ghz or 5ghz ranges.
However, there are many types of other wireless technologies used in other ranges and the use
a different type of electromagnetic radiation which I have summarised below:
Technology
Infrared
Bluetooth
Cellular
NFC (near field
communication) and RFID
(Radio-frequency
identification)
GPS (Global positioning
system)
Medium
Infrared light
Use case
TV remotes or thermal
imaging.
Radio waves between 2.402 Short
distance
data
GHz - 2.480GHz
communication for headsets
and mobile tethering
Radio waves 800MHz –
Used for 2G – 5G
3400MHz
connectivity and
communication for mobile
phones.
Radio waves at 13.56Mhz
Used for communication
between devices that are
5cm apart or less. Examples
are door security reader and
wireless payment systems.
Microwaves in frequency
Global navigation used in
between 300MHz to 300Ghz mobiles and wearable
technology to provide
location, velocity and time
synchronisation.
Understand the relevant test equipment associated with each element of the above
In order to connect the computers to the server I needed to plug them into a floor port in the
office which in turn connected them to the same switch that the server was plugged into. The
7 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
computers in this project did not have a network card capable of 10 Gbps so using Cat5e cabling
was suitable for this. I was able to obtain all various lengths of Cat5 cabling from our IT supplier
but I also made some of my own Cat5 cabling because some computers were far from the
nearest data point and needed a bespoke length. To learn this, I was able to able to view from
video tutorials found on Youtube. To test that my cabling worked, I used a pair of cable testers
which verified the cables were operating on a basic level. To double check they worked before
being installed, I used the cable to connect a laptop directly into a switch and checked that the
status light turned green on the switch port. I used the same ethernet cable for a power of
ethernet Cisco phone to double check that power and data was being successfully transmitted.
2.1.2. Understands maintenance processes and applies them in working
practices
Understand maintenance tools
In order to maintain a computers performance and stability there are several tools which can be
used inside of Windows to ensure that there is no hard drive corruption or errors. I acquired this
knowledge whilst studying for my MTA Operating Systems certification. These can be used on
any system running the Windows Operating Systems. During my deployment I occasionally ran
these commands on my server to ensure was operating normally:
Screenshot
Step
Run Command
Prompt as
administrator in
order for changes to
the system files can
be made.
Execute the
command chkdsk C:
/r
Usually the PC needs
to be rebooted for it
to be initiated.
This will check the C:
and repair any
logical errors and
bad sectors.
8 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
After rebooting the
PC will go through
with the scan.
Another command I
ran was sfc
/scannow.
This checks for any
corrupted Windows
files and can be
replaced with a
cached copy found
on the disk drive.
Historically hard
drives used a
mechanical disk
platter type of
technology but this
has now been
superseeded by the
much faster solidstate drive.
By using the disk
defragmenter utility
it’s possible to keep
old mechanical
drives optimally.
9 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Disk clean-up I also
used from time to
time to remove any
unwanted
temporary files on
the server to free up
disk space.
Setting up Windows
Updates also fetched
the latest patches
and driver updates
to ensure the
Operating System
was running secure.
Every few weeks I
use compressed air
to blow out dust and
debris out of the
server that was
sucked in by the
fans. This was to
ensure components
did not overheat and
fail.
Understand how to manage local storage
When installing any version of Windows to a hard disk it is possible to partition the drive into
logical drives. When I installed Windows on the server, I created 2 partitions. The reason for this
was because it was advised from research online to use a secondary partition to hold all the
drivers for all models of laptops and ISOs of Windows version. This ensured if there was a
problem with the system drive, I would not need to re download all the data again. It is also a
cleaner way to organise and manage separate from the Windows OS files. I was able to create
the
secondary
partition
by
using
disk
management:
10 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Screenshot
Step
I opened disk
management and
right clicked on the
available free disk
space and crated a
‘new simple volume’.
I set the size of the
partition to 30GB
I assigned the new
partition letter E:
I chose to format
using the NTFS file
format as it now the
de factor standard.
11 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Now a new E: has
been created.
Understand how to monitor system performance
Ensuring the deployment server performed efficiently was critical. Through my studying of
Network Fundamentals, I learnt of the performance monitor tool which I used to monitor such
things as systems memory usage, network usage and disk usage. By analysing the graphs when
the server was under peak load (so deploying Windows 10 to machines) I was able to see if there
were any performance bottlenecks. As there were no issues then it would okay to leave the
server in its current configuration, however if there were performance problems, I would have
upgraded the spec for example increasing the RAM or installing a faster network interface card.
Resource monitor running on server.
The above tool is useful to gather a quick snapshot of the current resource availability but also
from the server manager dashboard it’s possible to create an alert if certain thresholds are met.
Throughout my own exploration of settings on the server I setup a performance alert if the CPU
usage got above 85% and memory less than 400MB. This can be seen below.
12 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Performance Alert Thresholds.
2.1.3. Understands and applies the basic elements and architecture of
computer systems and business IT architecture
Understand the basic architecture of “computer systems”
From experience gathered through purchasing hardware for the IT department as well as
repairing and upgrading physical systems I have come to understand basic architecture of
computer systems. I used this knowledge in particular when purchasing the server that would
ultimately run the deployment server so the minimum specification was met for the operating
system and its applications. Also, in order to repair or laptop physically I needed to be able to
identify components. The below diagram shows an abstract illustration of computer system
architecture:
CPU
Hard Disk
RAM
Input /
Output
Basic architecture of a computer system
Each computer is comprised of a CPU, RAM, a Hard Disk and some form of input/out. CPU stands
for Central Processing Unit. A CPU is responsible for processing and executing instructions, it is
considered the ‘brains’ of a computer system.
13 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Random Access Memory (RAM) is where the data the computer is working on is stored while
the computer is running.
Hard Disk is a device which can store data and ensure that this data still resides even when the
power is turned off and then turned on again. RAM does not survive computer restarts.
Inputs connect the external environment with the internal computer system. Commonly used
input devices are keyboard and mouse.
Outputs connect the internal system of a computer to the external environment. Some
examples of an output device are printers and monitors.
Understand business IT architecture, taking into account the full range of devices: OS,
applications, databases, servers, networking, security and services
The office I am based in contains 230 machines and I undertook the migration on my own.
Therefore, I needed to find the most time efficient method and easiest way to deploy Windows
10 to all computers. I initially had a discussion with the IT infrastructure manager for his expert
opinion on what would be the most optimum solution to do this. I established that the design
of this system would need to be based on business IT architecture. As many companies still
needed to upgrade from Windows 7 to Windows 10, I further researched on the tech forums
what other system administrators had done to roll out Windows 10.
An operating system manages the computer’s memory and processes as well of its all its
software and hardware. It usually provides a graphical interface so humans can operate the
computer without needing to know low level computing language. The 2 operating systems I
used in this project were Windows Server and Windows 10. I installed Windows Server 2012
which provided the base interface for the server and on top of this I was able to install and
configure Deployment Workbench. However, in a business environment it can be expected to
find many Operating Systems ranging from mobile (Android, iOS) to Mac and Linux.
Windows Services are a core component of the Windows operating system and enable the
creation and management of long-running processes. Normally software is launched by the end
user and only runs when the user is logged on. Services run in the background and initiate when
the computer is booted up. These are crucial because they will manage functions like network
connections, sound, data backups and other visual settings. For example, on my server I have
the SQL service running the background to ensure access to my driver database is always up and
running:
14 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
SQL services running on server.
In its most basic definition, a server is a computer used in a network to provide services to a
client. Normally servers have more processing powder, memory and storage than a client
computer. In this instance I used a server to deploy operating systems to hosts connected to the
same network however a server can have many roles such as DNS, DHCP, host webpages and
Active Directory. A server has a wide range of uses in a business environment and can also be
used to install applications, host web sites, store files and manage telephone systems.
Databases are any collection of data or information that is organised for rapid search and
retrieval by a computer. I was able to find a video tutorial online on how to download Windows
SQL Express 2017 and create a database to automatically install drivers and software depending
on the make and mode of the laptop I was upgrading. Databases are normally used in a business
to record lots of information in one central place, for example a hospital storing information
about their patient’s contact and medical issues.
The client-server model describes the relationship in which one program (the client) requests a
a service or resources from another program (the server). An example of this is a computer
fetching a new IP address from a DHCP server. In order for this to be even possible, computers
must be connected to a network. This is possible by using a switch which is a device used to
connect devices together on a single Local Area Network (LAN). As I was setting up computers
in the same building, I used a switch to connect all the hosts that needed upgrading so they
could communicate with the server. A router is also used in a network in order to connect
computer networks together, for example a business network with the internet or a branch
office’s network.
When creating a network with an organisation, security is a critical element. The principle of
network security it to use rules and configurations designed to protect the integrity,
confidentiality and accessibility of computers and data using both software and hardware
technologies. Usually this takes the form of a physical separate device called a firewall that is
placed on the edge of the network to restrict incoming and outgoing traffic. Furthermore, a
software solution such as an antivirus can be installed on each client to try to mitigate any
malicious threats such as a virus. The core infrastructure of a network is connected together
using cables for performance and security reasons, but the way end users interact with networks
is now wireless. Mobiles and laptops can connect to LAN or guest network via a wireless access
point with at least WPA 2 encryption. There may also be a further login portal page in order to
access a business’s Wi-Fi. As well as setting system side security, end users have a unique ID and
15 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
a password which also forms another layer of security to access company resources. Every
organization requires a degree of network security solutions in place to protect it from the evergrowing landscape of cyber threats in todays world.
Combining all the elements above, I used Photoshop to create a physical network diagram below
illustrating typical IT business architecture:
Basic IT business architecture.
2.1.4. Understands where to apply the relevant numerical skills e.g Binary
Understanding of Internet Protocol addresses and how they work
Covered in 2.1.5 Understands the relevant networking skills necessary to maintain a secure
network
Understand how computers see IP addresses
Covered in 2.1.5 Understands the relevant networking skills necessary to maintain a secure
network
Understand and be able to use binary arithmetic and create large numbers from groups of
binary units or bits
Covered in 2.1.5 Understands the relevant networking skills necessary to maintain a secure
network
16 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
2.1.5. Understands the relevant networking skills necessary to maintain a
secure network
Understanding of Platforms and Data Communications
From my study of the Network Fundamentals I learnt about the seven-layer OSI model. This
provides a description of how computer systems communicate over a network. IT professionals
use this model to help give a visual as to what is going on within a network in order to
troubleshoot and diagnose issues. I have created the OSI model below describing what each
layer represents:
Application Layer
- Human computer interaction layer, where applications can access the
network services
Presentation Layer
- Ensures that data is in a usable format and is where data encryption occurs
Session Layer
- Maintains connections and is responsible for controlling ports and sessions
Transport Layer
- Decides which physical path the data will take
Network Layer
- Transmits data using transmission protocols including TCP UDP
Datalink Layer
- Define the Format of data on the network
Physical Layer
- Transmits raw bit stream over the physical medium.
7 layer OSI model
During the initial setup of my server, I noticed that the connection was intermittent and unstable.
Using the OSI model I was able to use this as a workflow to troubleshoot my problem. I started
from the bottom and tested the physical layer so in this case the cables. It turned out that the
issue was actually quite simple and that the cabling from the data port to the patch panel was
damaged. I tried connecting the server directly to the switch with the same cable and there was
no further issues.
Understanding of the requirements to configure IP settings
Firstly, computers and servers needed to be assigned an IP address so each device can be
uniquely identified on the LAN. IPv4 addresses are 32 bit long grouped in octets (for example
192.168.1.5) and IPV6 are 128 bit address (2001:0000:3238:DFE1:0063:0000:0000:FEFB).
Secondly, a subnet mask (also made up of 32 bits) is also required to be assigned so the device
knows which part of the IP address relates to the host, and then which network segment it
belongs to. A common subnet mask is 255.255.255.0. If a host has an IP address of 192.168.1.5
with a subnet mask of 255.255.255.0, this means that network portion of the ID is 192.168.1.X
17 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
and the last 8 bits can be assigned to host. From the subnet mask it is also possible to calculate
how many hosts are in that network segment by using binary arithmetic:
Computers at their lowest level operates in binary unlike humans which use base 10 for counting.
Therefore, the initial step is to convert the 255.255.255.0 to binary which is 11111111. 11111111.
11111111.00000000. Then using the formula h = 2x-2 where x equal thee number of 0’s, the
result in 254. The reason why -2 is performed at the end is because there are always 2 addresses
reserved which are used for network identity and the broadcast address.
Lastly each device on a network needs to be assigned a default gateway. This is needed in case
the device needs to communicate with another network outside of its own.
For this project I was using a DHCP server already setup on the network but I was shown by
Marubeni’s network engineer how I would setup an address pool for hosts to automatically use
an IP address from and the lease length. By setting up this pool, devices which were connected
to the LAN automatically received a dynamic IP address in order to set the default gateway for
all machines, this can be modified through the scope options.
IP scope and Lease properties.
Setting the default gateway.
.
However, for the server I set a static IP address. In order to do this, I viewed the existing
reservations entries and attempted to make my own reservation. To create a reservation, you
need to set the reservation name, IP address and MAC address. I set a static IP address is because
this is required for devices which need constant access. Otherwise if the IP address was dynamic,
hosts would struggle in finding the server each time they booted up. In Windows OS it is also
possible to set the IP address setting manually by visiting the adapter settings of the network
and sharing centre. I did this method due to the requirement of needing to setup DNS on the
server also.
18 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
IP reservation in DHCP.
IP reservation in Windows.
A DNS server is set so a computer is able to resolve an IP address from a host name or vice
versa.
Understanding how to deploy and configure DNS service
Domain Name System (DNS) is a service much like a phone book by managing the mapping
between names and numbers. DNS servers eliminate the need for humans to memorise IP
addresses such as 192.168.1.1 in IPv4, or IP addresses such as 2400:cb00:2048:1::c629:d7a2 in
IPv6. Using the video tutorials on ITPro.TV, I was able to add the DNS role to my deployment
server and configure it. I did not want to create conflicts and large-scale network issues with the
existing DNS servers already on the network so I disabled the DNS service. This allowed me to at
least have experience on how to deploy and configure a DNS server. Below is a table of the key
steps which I performed.
Screenshot
Step
Set a static IP
address and set DNS
server to the same
address.
Add the DNS role to
the server.
19 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Open DNS Manager
and create forward
look up zones (used
to map host names
to IP addresses for
example a printer
name or URL)
Set the zone type. I
selected Primary
Zone to imitate
setting up an
Authoritative DNS
server.
Enter zone name
Create the file where
all DNS records will
be saved for the
above zone name.
Disable dynamic
updates to avoid
20 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
auto modification of
records
Create the Host
Record so the DNS
server know which IP
address to resolve
the fully qualified
domain name to.
Now the entry is
added
Understanding of how to create and configure virtual networks
Virtual Local Area Networks (VLANs) allow IT administrators to logically segment a network using
the same physical network switch. One main reason to create a VLAN is to isolate broadcast
traffic which ensures network performance. If the number of devices within a broadcast domain
increases, so does the broadcast traffic within that broadcast domain. Each time a broadcast
request is received, the CPU of the device must be interrupted which impacts the processing
time of any given instructions. Through further research on the internet I learnt that in order to
setup VLANs, the switches ports needed to be reprogrammed. Marubeni Europe’s switches are
maintained by a third-party vendor thus it is was not possible to attempt this. Ideally, I would
have preferred to put the deployment server onto a VLAN to avoid any traffic to interfere with
the regular LAN when migrating hundreds of machines. However, I scheduled a meeting in order
to understand what is normally done when creating a VLAN:
•
•
•
•
Choose a VLAN number
Choose a private IP address range for devices on that VLAN to use
Configure the switch device with either static or dynamic mode.
Configure routing between VLANs as needed. This is usually done separately using a
router or a Layer 3 switch.
21 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Understanding how to configure/ support networking settings and connectivity
Covered in section 2.1.3 Knowledge Module 1: Networking and Architecture
Understanding how to configure/ support and maintain network security
This has been partially covered in section 2.1.3 Knowledge Module 1: Networking and
Architecture however there are many ways to maintain network security. Through my role
working on an IT helpdesk I have encountered and gained experience through various
technologies and mechanisms to configure and maintain network security. Below I shall
summarise some of the most important areas:
Firewall: Firewall devices can be used to secure the borders between a LAN and the internet.
They are primarily used to manage network traffic, allowing authorised traffic through while
blocking access to non-authorised traffic. Most organisation implement a whitelist strategy so
everything is forbidden besides and exceptions made. By shadowing a colleague, I was able to
learn how to log onto the FortiGate firewall and setup a simple allow rules for example to allow
our franking machine to access the postal system servers. This would protect my server from
any unauthorised communication.
Fortigate Firewall rules
VLANs: As mentioned earlier in this project, a VLANs can limit user access to a certain VLAN,
which then allows only authorized users to have access to networks with highly sensitive
information. For this deployment server I gave it IP address settings in a network segment which
was not accessible from standard end users.
Windows and Antivirus Updates: Ensuring that devices are running software with the most
recent bug fixes and security patches avoids any exploits from a virus, malware or a potential
hacker. After migrating a computer to Windows 10, I then registered the computer to Azure
Active Directory (AAD) via Settings > Accounts > Access Work or School. After joining the
machine would be synchronised with AAD forced the Semi-annual channel update policy to the
PC.
22 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Active Directory: Page 29 mentions some of the security parameters that are implemented in. In
addition to these I also disabled file and print sharing on everything other than the file server.
This made sure that everybody’s files were not broadcasted to all people on the LAN but also in
a public environment like a coffee shop or airport. I was able to reference some guides on the
internet to do this and used Group Policy to force this to all machines.
Understanding how to configure/ support remote management systems
Windows Remote Management (WinRM) is a native Windows built-in remote management
protocol to interface with remote computers and servers. This is done via a command line and
it is possible to do tasks such as retrieve information about a remote computer or execute a
process remotely via a script. By default, it is enabled on all versions of Windows Server 2012
and onwards but it is disabled on all computers. Therefore, I was able to enable it by deploying
a group policy:
Screenshot
Step
Create a new GPO at
the root domain by
right clicking an OU.
From here I made
several setting
changes
Firstly I browsed to
the setting
Configuration >
Policies>
Administrative
Templates > Windows
Components >
Windows Remote
Management
(WinRM) > WinRM
Service
23 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Then clicked ‘Enable’
radio button and then
put a * in order to
apply this any
computer connected
to the network.
Secondly the WinRM
service then needs to
be enabled on each
machine do by
browsing to Services
under Computer
Configuration. Then
right click on services
and click on new
Lastly an exception
needs to be created in
Windows Defender
Firewall to allow the
WinRM to be
accessed. I browsed
to the following
setting as per the
screenshot and
created a new rule.
24 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
The bottom box I
unticked because I
want to only allow
access to machines
from the same
domain.
The final dialogue box
confirms the
connection to be
allowed. Now all three
of these settings will
be applied to any user
that logs into a
computer on the
marubenieurope.test
domain
Understand why and how to install domain controllers
A Domain Controller (DC) is a server in the Windows network that allows users to access domain
resources. Its main purpose is to authenticate users in a network. The DC listens to
authentication requests from users in the network and verifies them based on their usernames
and passwords. The Domain Controller hosts the Active Directory Domain Services as well as a
wide range of other services. An example is the W32time which is service that uses Network
Time Protocol (NTP) to synchronize time and date for all computers joined to the Active
Directory.
The best practice for businesses that use Active Directory is to have at least two domain
controllers. This is for redundancy, so that if one goes down, the company can keep working.
Usually one server acts at the Single Primary Domain controller and one or more act as a Backup
Domain Controller. Another benefit of having multiple DCs is to improve speed. For example, in
25 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Marubeni Europe we have a domain controller in London as well in our Paris, Milan and
Dusseldorf branches. This is done so users in an aforementioned branch can authenticate and
receive policies locally which is much quicker than having to authenticate back to a domain
controller in London. As Marubeni Europe already has multiple Domain Controllers setup, I was
not able to create one which would be used in a live environment however on my deployment I
was able to practice installing one and just disable the AD service. The screenshots below show
the major steps to required:
Screenshot
Step
Clicked Add Role
and Features.
Set as role based.
Select target server.
26 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Add and install the
Active Directory
Domain Server
Promote the server
to be a domain
controller
As this is a test
server, I created a
dummy domain
name.
Directory Services
Restore Mode is a
safe mode boot
option for Windows
Server domain
controllers. It allows
Administrator to
repair or recover the
AD database.
27 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
Verify that the DC
was installed
successfully by
checking in AD UC
Understand the need for creating and managing Active Directory users and computers
Active Directory (AD) is a Microsoft technology that is installed when the Active Directory
Domain Services is set up in the Domain Controller. AD essentially is database that stores objects
such as groups, computers, printers, file shares, group policies, and file permissions. The most
crucial role of the Active Directory is to handle user authentication in the domain network. It
accomplishes this by allowing only authorized users to log into the network. The benefit of using
these technologies allows businesses to build a scalable and centrally managed Windows
network. Below are some specific examples as to why Active Directory is needed in an
organisation.
Roaming profiles: In a domain setup, users can login into any machine that is in the domain
using their standard active directory credentials. Normally the user experience is not consistent
across computers because none the individual settings are stored locally on a computer. With
roaming profiles, it is possible to log into any machine on the domain and fetch all the user’s
personalised settings.
Windows Update Services (WSUS): Without a Windows domain, each PC has individual settings
for Windows updates which creates security concerns and puts pressure on the internet
connection. Using WSUS it is possible to set a single update policy which all the machines will
adhere to. Additionally, the patches and updates are cached on the domain controller so that
they are not downloaded again and again from the public internet.
Security policies: An Active Directory user account will conform to a central password
policy. This allows the business to enforce password complexity and frequent changes across
the whole business, something which greatly tightens security. Other security settings such as
enforcing an automatic lockout, forced drive encryption and control of read/write external
media can be implemented.
Volume Shadow Copies: If using a Windows file server in a domain environment, it is possible for
users to restore previous versions of files and folders on a self-service basis from their computers.
Software installation: It is possible to deploy business critical software such as Microsoft Office
to any machine from a centralised server. This can also be run silently requiring no user
28 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
intervention. It is also an efficient way to deploy updated version of software such as a web
browser without having to change the setting on each user’s computer.
Printer management: Domain controllers allow businesses to centrally manage printers and
their queue. This allows the automatic deployment of printers to those who are only permitted
to use them. Also, it is possible to control where the print jobs
Single sign-on: In an organization, there are many different applications used. Usually each of
these applications has a different authentication mechanism and login credentials. Most
application vendors support integration with Active Directory for authentication. This means
that with Active Directory credentials, you can authenticate on different systems and
applications used by your organization. Therefore, this limits the amount of user’s names and
passwords that users need to remember.
Understand how to create and manage Active Directory groups and organizational units (OUs)
I have created a video below demonstrating how to create and manage groups and
organisational units (OUs) in Active Directory. The video shows the following:
•
•
•
•
Creation of OUs which represent each of our branch offices
Creation of sub OUs to separate out users from computers
Populated branches with some users and created a security group
Created some computer objects
29 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
2.2. Knowledge Module 2: Mobile and Operating Systems
2.2.1. Understands the similarities, differences and benefits of the current
Operating Systems available
Understanding of different platforms
Understand the process for constructing PCs with applied software utilised
Understand and be able to apply knowledge to various operating systems with installations
required for end to end testing
Understand native applications and tools
Understand security principles associated with different platforms and operating systems
2.2.2. Understands how to operate remotely and how to deploy and securely
integrate mobile devices
Undertake a Data Network Deployed Exercise to
implement and deploy remote mobile communications technology
Understand Secure Communications Interfaces for mobile connectivity
Understand mobility
Understand remote management and assistance
Understand security in mobile devices
Understanding of configuration to:
-Support remote access/connections
-Support mobility options
-Support security for mobile devices
30 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
2.3. Knowledge Module 3: Cloud Services
2.3.1. Understanding and working knowledge of Cloud and Cloud Services
Understand how to create and configure virtual machines
Understand hosted applications, such as: email, server, storage, desktops
Understand and explain provision tenants
Understand how to configure secure passwords and management of passwords
Understand how to manage user and security groups and/or cloud identities and their
importance
Understand how to configure DNS records for services
Understand how to enable client connectivity to Cloud Service
2.4. Knowledge Module 4: Coding and Logic
2.4.1. Understands the similarities and differences between a range of coding
and logic
Understand working/scripting at command line: particularly when supporting any server work
Understand and recognise different coding and language
Understand application lifecycle management
Understand algorithms and data structures
Understand web page development
31 of 32
Windows 10 Migration Project - Ed Briscoe - Infrastructure Technician ST0125 82
Ed Briscoe
2.5. Knowledge Module 5: Business Processes
2.5.1. Understands and complies with business processes
Understanding of Security Operating Procedures
Understanding of and ability to work confidentially
Understanding of how to work within the Company
Operating Procedures
Understanding and ability to comply with Data Protection
2.5.2. Working knowledge of business IT skills relevant to the organisation
Understanding of company IT requirements
Understanding of company IT systems and platforms
Understanding of company IT business required skills
Understand software lifecycles
Understanding of desktop applications, messaging systems,
document management
32 of 32
Related documents
THEREFORE, , I, utive
THEREFORE, , I, utive
Council to progress coastal adaptation planning 24 August 2015
Council to progress coastal adaptation planning 24 August 2015
MGMT 490 Firm Strategic Analysis 2007
MGMT 490 Firm Strategic Analysis 2007
Year 7 wordwall
Year 7 wordwall
Download
advertisement