Evan Patten ITNET-198: Project Implementation (Network Specialist) Domain: W2K8AD01.com INTERNET Windows Server 2008 Domain Controller: MSN-DC-1 -DHCP Server -DNS Server (primary) Windows Server 2008 Member Server: MSN-SRV-1 -File Server -DNS Server (secondary) IP Adress: 172.16.0.2 IP Adress: 172.16.0.66 Subnet Mask: 255.255.255.192 Subnet Mask: 255.255.255.192 DNS: 127.0.0.1 DNS: 172.16.0.2 Default Gateway: 172.16.0.1 Default Gateway: 172.16.0.65 Subnet 1: 172.16.0.0 /26 Subnet 2: 172.16.0.64 /26 Windows Server 2003 Router MSN-RTR-1 -Firewall -NAT -DHCP Relay Agent NIC #1: Assigned by ISP Subnet Mask: Assigned by ISP Windows 7 Workstation MSN-CLIENT-01 NIC #2: 172.16.0.1 Windows 7 Workstation MSN-CLIENT-02 Subnet Mask: 255.255.255.192 IP Adress: DHCP enabled, dynamically assigned IPV.4 address NIC #3: 172.16.0.65 IP Adress: DHCP enabled, dynamically assigned IPV.4 address Subnet Mask: 255.255.255.192 Subnet Mask: 255.255.255.192 Subnet Mask: 255.255.255.192 DNS: 172.16.0.2 (primary) 172.16.0.66 (secondary) DNS: 172.16.0.2 (primary) 172.16.0.66 (secondary) Default Gateway: 172.16.0.1 Default Gateway: 172.16.0.65 Project Description The average IT department utilizes only about 5% to 25% of their servers’ capacity. Businesses get the most out of their underutilized servers through virtualization. Consolidating several servers on one machine can help a business reduce energy consumption; minimalize hardware maintenance, and most of all, save money. The goal of my project was to virtualize a simple domain-based Microsoft network in Hyper-V. In my project, I’ve virtualized two Windows Server 2008 machines (one being a domain controller, the other a member server), one Windows Server 2003 machine (RRAS server), and a couple of clients running Windows 7 Professional. My project includes (but is not limited to) DHCP, DNS, FTP, group policy objects, folder redirection, and roaming profiles. Required Hardware/Software Microsoft’s foray into server virtualization is Hyper-V. The Hyper-V role is only available with the 64-bit versions of Windows Server 2008 Standard, Datacenter, and Enterprise editions (including Server Core). However, other requirements to run Hyper-V include: 64-bit processor with virtualization support and hardware data execution protection Enough free memory and disk space to run virtual machines and store virtual hard drives Having met these requirements, I installed Windows Server 2008 R2, Enterprise Edition, on my server. Later, I installed extra memory; bumping it up to 8 gigabytes. After installing the OS, I installed the Hyper-V role; thus completing the setup for my server. Hyper-V settings and configurations can be managed through the Hyper-V Manager MMC snapin (which can be accessed through Administrative Tools in the Start menu). The New Virtual Machine wizard provided the step-by-step process to create the machines. A separate console allowed me to adjust the settings for each VM. The Virtual Network Manager allowed me to create three networks for my machines. Two networks (Subnet 1 and 2) were private, and the third (Internet) was external. Once I had created my five machines, I needed to configure my domain. Network Configuration For the network address scheme, I chose to subnet a class B license (172.16.0.0) into a couple of class C licenses. To do this, I borrowed 10 host bits; resulting in a subnet mask of 255.255.255.192. This allowed for 62 useable hosts on each subnet. The network IDs for Subnet 1 and 2 are 172.16.0.0 and 172.16.0.64 respectively. Domain Controller: MSN-DC-1 Roles and Services: ADDS, DHCP, DNS (primary) IP Address: 172.16.0.2 /26 DNS: 127.0.0.1 Default Gateway: 172.16.0.1 /26 Member Server: MSN-SRV-1 Roles and Services: FTP, DNS (secondary) IP Address: 172.16.0.66 /26 DNS: 172.16.0.2 /26 Default Gateway: 172.16.0.65 /26 RRAS Server: MSN-RTR-1 Roles and Services: Routing and Remote Access, DHCP Relay Agent NIC #1(Internet) - IP Address: Assigned by Internet Service Provider NIC #2 (Subnet 1) - IP Address: 172.16.0.1 /26 NIC #3 (Subnet 2) – IP Address: 172.16.0.65 /26 Subnet 1 Workstation: MSN-CLIENT-01 IP Address: DHCP enabled, dynamically assigned IPv4 address DNS: 172.16.0.2 (preferred), 172.16.0.66 (alternate) Default Gateway: 172.16.0.1 /26 Subnet 2 Workstation: MSN-CLIENT-02 IP Address: DHCP enabled, dynamically assigned IPv4 address DNS: 172.16.0.2 (preferred), 172.16.0.66 (alternate) Default Gateway: 172.16.0.65 /26 Project Implementation The domain controller was the first machine I configured. After installing Windows Server 2008, Enterprise edition, I named the machine (MSN-DC-1), adjusted the time zone, and configured the network settings. To make MSN-DC-1 a domain controller, I installed the the Active Directory Domain Services role. In addition, I installed the DNS Server role; Domain Name System is required for Active Directory functionality. Next, I ran dcpromo to create my domain- W2K8AD01.com. Apart from the aforementioned roles, I also added the DHCP Server role. Dynamic Host Configuration Protocol is used to provide automatic IP addressing for Windows clients; it eases the burden of maintaining IP addresses on a large or small network. The DHCP Server console can be accessed through Server Manager or Administrative Tools. In this console, I created two scopes; one for Subnet 1 (172.16.0.0) and one for Subnet 2 (172.16.0.64). Within each scope, I created a range of IP addresses for the Address Pool. Later, when the Windows 7 workstations were configured and DHCP was enabled on each, IPv4 addresses would be leased out to them. (For MSN-Client-02 in Subnet 2 to receive a dynamically assigned IP address, the router would need to be configured as a DHCP Relay Agent.) I also configured Scope Options for each separate scope: 003 Router (the subnet’s default gateway), 006 DNS Servers (172.16.0.2, 172.16.0.66), and 015 DNS Domain Name (W2K8AD01.com). Domain Name System is a distributed hierarchical database that’s mainly composed of computer names and IP addresses. Active Directory depends on this service to resolve computer names to IP addresses (and vice versa) and to locate computers that offer specific services. Since this Active Directory integrated DNS server hosts the primary DNS zone for my domain, I created a forward look-up and a reverse look-up zone (that contained Host and PTR records, respectively). Active Directory is a directory service that allows administrators manage network resources. Active Directory Users and Computers allowed me to create objects for my domain. I created a couple of users (“Test User 1” and “Test User 2”), an Organizational Unit (“Marketing”), and a couple of child OU’s (“Project” and “Sales”). The Properties dialogue box of a user has various tabs that allow me to configure different aspects of the object. In the Profile tab, I could put in the UNC path for a roaming profile. In the Account tab, I can decide what computer(s) the user can log on to. The Group Policy Management snap-in allowed me to create a couple Group Policy Objects that I could link to an OU. I created one GPO for Folder Redirection and linked it to the Domain. I also created a GPO to remove the Control Panel from the Start Menu and linked it to the Sales OU. A domain wouldn’t be functional without a router connecting the separate networks. On my Windows Server 2003 machine, I installed the Routing and Remote role. I also made the server a member of my domain and configured the IP settings for each of the three network adapters. The IP addresses for the adapters for Subnet 1 and 2 were statically assigned, while the adapter that connected to the Internet received its IP address from the local service provider. For the client machine in Subnet 2 to receive a dynamically assigned IP address from the DHCP server on Subnet 1, a DHCP relay agent had to be enabled. Finally, Network Address Translation was configured to help protect the private network from public networks by allowing internal clients access to the Internet through a shared IP address. For my member server in Subnet 2, I installed Windows Server 2008, Enterprise Edition. Apart from the usual tasks like naming the machine and setting the correct time zone, I made it a member of the domain and statically assigned its IP settings. Next, I included the DNS Server role and created a secondary DNS zone to make it the alternate DNS server for the domain. Since I wanted a file server for my domain, I added the File Services role to MSN-SRV-1. I also created a couple of shares on the root of the C: / drive for folder redirection and roaming profiles. When a roaming profile is configured for a user, the next time he or she logs on to a computer, the default or existing local profile is copied to the roaming profile. The folder with the user’s logon name and .V2 at the end is created automatically with the appropriate permissions. This allows the user’s profile to be available on any computer they log on to. For folder redirection, I created a share for user documents. When a user creates a file or folder on their desktop or in the ‘Documents’ folder, it’s not stored on the local machine, but on the network’s FTP server. Share and NTFS permissions need to be properly configured so that the documents can be accessed by the appropriate user. For the Windows 7 clients, DHCP was enabled and IP addresses were dynamically assigned. To see if the DHCP relay agent worked, I pulled up the command prompt for MSN-CLIENT-02. When I ping the domain controller, I get a response that helps tell me that DNS is functioning. Since Test User1 was only allowed to log on to the workstation in Subnet 2, the user is denied access to the workstation in Subnet 1. The GPO linked to the Sales OU removed the Control Panel from the Start Menu for Test User1 when the user logs on to MSN-CLIENT-02. Project Summary Originally, I set out to virtualize my network using VMware. But ultimately, I decided to go with Hyper-V- only because of VMware’s steep learning curve. Had I gone with VMware, I probably would have spent an inordinate amount of the semester learning how to use it. In the early stages of my project, I wanted to implement WSUS and web services. But, the project became too sprawling; so, I had to scale back some of the proposed elements. During project implementation, I hit a couple speed bumps… Migrating machines back and forth from a server running Virtual PC to one running Hyper-V posed bit of a problem when integration features were installed. This issue led to a VHD file, originally created with Virtual PC, not being compatible with Hyper-V. To get around this, I had to do one of two things: uninstall the integration features before migrating to Hyper-V, or not use them at all. Ultimately, I wanted to make the migration process hassle free and chose the latter. I also had an issue configuring the share and NTFS permissions for folder redirection late in the semester. Had I afforded myself more time during the initial stages of configuration, it wouldn’t have gone down to wire. But, I guess hindsight is 20/20. Warts and all, I found the project rewarding (and learned a lot along the way). (Furthermore, CBT Nuggets and Microsoft TechNet proved to be valuable resources).