designing a microsoft windows 2000 network infrastructure

Lesson Plans

Designing a Microsoft Windows 2000 Network Infrastructure

(Exam 70-221)

Table of Contents Table of Contents................................................................................................................ 1 Course Overview ................................................................................................................ 2 Course Preparation.............................................................................................................. 4 Section 1-1: Identifying Design Requirements................................................................... 6 Section 1-2: Creating an Initial Design............................................................................... 9 Section 1-3: Enhancing the Design................................................................................... 11 Section 1-4: Planning Implementation and Management ................................................. 13 Section 2-1: Topology and Protocol Design..................................................................... 15 Section 2-2: IP Addressing ............................................................................................... 18 Section 2-3: Optimizing IP Addressing ............................................................................ 22 Section 2-4: Designing Routing........................................................................................ 25 Section 2-5: Enhancing the TCP/IP Design...................................................................... 29 Section 3-1: WAN Connections........................................................................................ 31 Section 3-2: Internet Connectivity .................................................................................... 34 Section 3-3: Proxy Server ................................................................................................. 37 Section 3-4: Remote Access ............................................................................................. 40 Section 4-1: DHCP Concept Review................................................................................ 44 Section 4-2: Designing Address Allocation...................................................................... 46 Section 4-3: Enhancing Address Allocation ..................................................................... 48 Section 5-1: Host Names and DNS Review ..................................................................... 50 Section 5-2: Designing DNS Resolution .......................................................................... 52 Section 5-3: Designing NetBIOS Name Resolution......................................................... 55 Section 5-4: Integrating DNS and WINS.......................................................................... 58 Section 5-5: Enhancing DNS and WINS.......................................................................... 60 Section 6-1: Integrating with Other Protocols .................................................................. 62 Section 6-2: Planning Additional Services ....................................................................... 64 Section 6-3: Planning Implementation and Management ................................................. 66 Appendix A: Windows 2000 Network Infrastructure Design Objectives ........................ 69 Appendix B: Design Requirements Outline ..................................................................... 73 Appendix C: Design Your Home Office Network ........................................................... 75

©2002 TestOut Corporation (Rev 11/02) Designing a Microsoft Windows 2000 Network Infrastructure (70-221)

1

Course Overview This course prepares students for the Microsoft certification Exam 70-221, Designing a Microsoft Windows 2000 Network Infrastructure. Before beginning this course, students should have completed the four Windows 2000 core courses, or have equivalent knowledge. Students certified for Microsoft Windows NT 4.0, should have a Windows NT 4.0 to Windows 2000 update course.

Module 1 Module 1 covers the general process of designing a network infrastructure for a Windows 2000 network.

Module 2 Module 2 covers the basics of designing a LAN, including evaluating the physical network, subnetting, and designing routing.

Module 3 Module 3 covers WAN design.

Module 4 You can use DHCP with Windows 2000 to dynamically set client information. Module 4 covers methods for increasing DHCP performance, availability, and fault tolerance.

Module 5 A Windows 2000 network needs a way to resolve host names (and perhaps NetBIOS names) to IP addresses. Module 5 explains how to design DNS and NetBIOS name resolution systems.

Module 6 The design tasks covered in previous modules are the focus of this course. Module 6 explains other design tasks to consider.

Module 7 Module 7 reviews the most essential design rules presented in this course. It is meant to be used as a final review and study guide for Exam 70-221, Designing a Microsoft Windows 2000 Network Infrastructure. Consider printing this material for use as a last minute review of design principles.

Lab/Activities This section of each lesson plan contains lecture activities and/or design activities. Lecture activities can be presented on the board or with handouts. They do not require student computers, so they work well in a traditional classroom. Design Activates outline a network planning project that lasts during the entire course. These activities are


2

designed to give the student a design experience that is a close as possible to a real design project.

Design and Homework Suggestions Require each student to maintain a design notebook. This should be three-ring binder, as students will be adding documents to the notebook throughout the course. The design project may be done as an individual project or as a group project. Because of the scope of the project, and because real projects require teamwork, we recommend a combination approach. First, assign design documents as individual projects. Have each student complete a rough draft design. Then, as a class, or in small groups, discuss the rough draft designs, and combine them into a group design document. This allows you to evaluate individual students, while providing the teamwork common in real projects. In addition to regular lectures and design requirement discussions, plan to add a few hours of design review to the course. (These hours are not included in the 32 total instructional hours listed in the lesson plans.) Try to schedule design reviews as students complete major design elements. You may also want to schedule design presentations at the end of the course. The Homework Suggestions section may contain a list of Skill Review Exercises. These are not required to meet Microsoft exam objectives. Students should already know how to accomplish these tasks from the Network Infrastructure Administration course. These exercises are included because students may not remember material from the earlier course, or they may not have adequately understood the material. Use Skill Review Exercises as needed to improve prerequisite skills and understanding. The Homework Suggestions section also lists the focus question for the next section. Present this question at the end of class. Start each class with the focus question presented in the previous class. Encourage students to be prepared to answer the question, but make sure they understand that you don’t need a complete answer. You want them to preview the next section for a basic answer. This can help stimulate a better quality discussion and questions during the lecture. It will also help you assess student understanding of the topic. Consider the focus question for Section 1-2. Once you have identified design requirements, how do you start to create a design? Students should be able to provide simple responses such as: Determine the network architecture, protocols, and services.

Create an IP addressing scheme. Plan for DNS services.


3

Course Preparation

In Advance Setup TestOut courseware and create student accounts.

Instructor Computer Setup This course emphasizes network design. It can be taught in a classroom without any computers. Students need access to computers to run the TestOut course software and they need access to word processing software so they can prepare design documents. If you wish to use the Skill Reviews or demonstrate tasks as you review concepts, use the classroom configuration for the Network Infrastructure Design course. This configuration is described in the following paragraphs. Install a Windows 2000 domain controller, running DNS. Typically, this domain should be isolated from the working network. Consider using a domain name such as mcseclass.local. This computer will be the DNS server for the classroom. You may want to configure the DNS server as a forwarder. Point it to the “real” DNS server, so that student requests for non-local names will be passed on and resolved. Because students need to install and configure network services, they will need extensive administrative access to the domain. As a result, you probably don’t want students to join the domain hosted by the instructor computer. Instead, create a zone on the instructor’s computer to host the DNS domain name space used by the student computers (for example, students.local). Ideally, your classroom hub or switch will be accessible so you can unplug the classroom network from the rest of the network. This allows you to practice with services such as DHCP. When running something that is potentially disruptive, simply unplug the classroom until the practice is over. Student Computer Setup If you wish to use the Skill Reviews or demonstrate tasks as you review concepts, use the classroom configuration for the Network Infrastructure Design course. This configuration is described in the following paragraphs. Computers need to support Windows 2000 Server running Active Directory. Because the TestOut material contains audio, computers should have sound cards. You may want to require students to bring their own headphones or provide them.


4

Start with Windows 2000 Server installed on each computer on a 3 to 4 GB partition. (Partition size depends on the amount of other software you plan to install.) Install the Administration tools on each computer (Adminpak.msi). Ideally, setup the computers in pairs – one as a domain controller and one as a member server. This allows students to work in pairs when you want to look at the difference between a member server and a domain controller. Set up a parent and a child domain. Configure each student computer to use the DNS server on the instructor computer. The following table shows a sample layout for a classroom with 12 computers.

Instructor Computer Instructor1.mcse.local

DNS server Computer1.student.local Domain controller

Computer2.student.local Member server

Computer7.child.student.local Domain controller

Computer8.child.student.local Member server

Computer3.student.local Domain controller




Computer5.student.local Domain controller




Student computers should have static IP addresses. The computers are servers, and some of the services they will install during the course of the class require static IP addresses. One way to create this type of lab is to use removable hard drives in the student computers. Students check out the drives for their classes. This allows you to teach multiple classes in a single lab, while preventing one class from damaging or destroying the installations used by another class. To facilitate the frequent computer OS rebuilds required by this type of lab, consider investing in disk duplication software. You could also create unattended installation files to automate the baseline Windows 2000 installations needed for the lab computers.


5

Section 1-1: Identifying Design Requirements

Preparation A network infrastructure consists of the core services and technologies that enable network communication. The first step in designing a network infrastructure is to identify the design requirements. This section explains how to identify design requirements. Before class, prepare for the design project. This is by far the longest lab in the course. It will probably take a few hours to completely identify network design requirements. The time spent on this activity is well worth the effort, as a good requirements discussion is the foundation for design solutions throughout the course. In this project, you are designing the network infrastructure for your school. Use the design requirements outline in Appendix B to collect the information needed to present to the students. Be prepared to identify existing network conditions, stakeholders and desired conditions. Describe the organization structure, network users, and resources in detail. If you don’t have exact numbers, give a reasonable estimate. Keep the discussion of network infrastructure light. You will fill in details later in the course. Provide details about network management and trends. Students will need this information as they try to balance requirements. As you identify stakeholders and desired conditions, try to identify real issues with your current environment. If possible, invite one of your network administrators to class to discuss desired improvements. Students will need to balance requirements based on the information you presented.

Exam Objectives 101 Analyze the existing and planned business models. 102 Analyze the existing and planned organizational structures. Considerations

include management model; company organization; vendor, partner, and customer relationships; and acquisition plans.

103 Analyze factors that influence company strategies. 104 Analyze the structure of IT management. Considerations include type of

administration, such as centralized or decentralized; funding model; outsourcing; decision-making process, and change-management process.

201 Evaluate the company's existing and planned technical environment and goals.

202 Analyze the impact of infrastructure design on the existing and planned technical environment.

203 Analyze the network requirements for client computer access. 204 Analyze the existing disaster recovery strategy for client computers,

servers, and the network. 604 Design a resource strategy.


6

Vocabulary: requirements, existing conditions, desired conditions, stakeholder, organizational structure, users, resources, network infrastructure, network management, trends, organization management

Focus Question: What are design requirements and how do I go about documenting them?

Time About 3 hours; about 1½ hours to introduce course and discuss Section 1-1, 1½ hours to discuss your network design requirements.

Lecture Tips • Start with the focus question. Do students have any questions about the material

they have studied? • Introduce instructor. • Have each student introduce self, explain why he or she are taking the course, and

what he or she hope to get out of it. • Hand out and explain syllabus, lab policies, and any other required introductory

material. • Explain the lab notebook to students and make sure they understand that they

must have a notebook for the next class session. • Demonstrate login to network. • Demonstrate how to access the courseware. • Counsel students who don’t meet the prerequisite requirements. Before beginning

this course, students should have completed the Windows 2000 four core courses, or have equivalent knowledge. Students certified for Microsoft Windows NT 4.0, should have a Windows NT 4.0 to Windows 2000 update course. Specifically, students should be familiar with the following:

o Windows 2000 networking basics. o Configuring remote access, packet filters, and VPNs. o Implementing a PKI.

• Discuss the nature of design requirements. o Requirements suggest existing and desired conditions. o Multiple stakeholders may exist. o A given stakeholder may have multiple requirements. o Requirements are not always communicated.

• Discuss how to identify existing conditions. o Organizational structure. o Network users and resources. o Network infrastructure. o Network management. o Trends and other known changes.


7

• Discuss how to identify stakeholders and desired conditions. o Network users. o Network management. o Organization management.

• Discuss balancing requirements. o Ask stakeholders to clarify. o Who is your boss? o Who has the ultimate responsibility? o What is really needed? o Design multiple options.

Lab/Activity Design Activity

• Identify Existing Conditions. o Create a document that identifies existing conditions. Use the outline in

Appendix B. • Identify Stakeholders and Desired Conditions.

o Create a document that identifies stakeholders and desired conditions. Use the outline in Appendix B.

• Balancing Requirements. o Create a document that assigns priorities to each of the desired outcomes.

Use the outline in Appendix B.

Assessment Check design notebooks.

Homework Suggestions • Read Section 1-1 and take the section test. • Research the focus question for the next section.

o Once you have identified design requirements, how do you start to create a design?

• Go to http://www.microsoft.com/windows2000/techinfo/reskit/dpg/default.asp. Download the Deployment Planning Guide – Complete. Read Chapter 6, Preparing Your Network Infrastructure for Windows 2000 and Appendix A, Preparing Your Network Infrastructure for Windows 2000.


8

http://www.microsoft.com/windows2000/techinfo/reskit/dpg/default.asp

Section 1-2: Creating an Initial Design

Preparation After you have a good understanding of the environment, a list of design requirements, and know which requirements have priority, you can begin designing specific solutions to meet the requirements. This section discusses the initial design creation.

Exam Objectives

Vocabulary: initial design, enhanced design, network architecture, network protocols, network services, Ethernet, PSTN, Token Ring, FDDI, ISDN, Frame Relay, DSL, TCP/IP, IPX/SPX, AppleTalk, SNA, IP Routing, static, dynamic, autostatic, RIP, OSPF, Connection sharing, routing, NAT, proxy server, remote access, VPN, PPTP, L2TP, DNS, WINS, SNA Gateway Services, Gateway Services for NetWare, SQL Server, IIS Server, Exchange Server, Terminal Services, Dfs, Active Directory

Focus Question: Once you have identified design requirements, how do you start to create a design?

Time About 1 hour


they have studied? • Discuss characteristics of an initial design.

o Initial design. o Enhanced design.

• Discuss general components of a network infrastructure design. These topics should be review for students.

o Network architecture. • Ask students to name LAN and WAN architectures.

o Network protocols. • Ask students to name common protocols.

o Network services. • Ask students to name common network services.

• Discuss components of a Windows 2000 TCP/IP network infrastructure design. Briefly review each topic.

o IP Addressing. • What do you need to assign to each host when you configure IP?

o IP Routing. • Static, dynamic, autostatic. • RIP, OSPF.


9

o Internet Access. • Connection sharing, routing, NAT, proxy server.

o Remote Access. • Dial-up, VPN. • PPTP, L2TP.

o IP Address Allocation (Host Configuration). • Manual or dynamic.

o Name Resolution. • DNS, WINS.

o Other Services. • SNA Gateway Services. • Gateway Services for NetWare. • SQL Server. • IIS Server. • Exchange Server. • Terminal Services. • Dfs Services. • Active Directory Services.

Lab/Activity Lecture Activity

• Ask students to name LAN and WAN architectures, common protocols, and common network services.

Design Activity • Create an initial design checklist.

o General design topics include architecture, protocols, and services. o Windows 2000 design topics include IP addressing, IP routing, Internet

access, remote access, IP address allocation, name resolution, and other services.

• For each topic, tentatively identify whether there need to be changes to the existing network. For example, if users requested remote access and none exists, remote access design needs to be addressed. If IT managers identified slow WAN links as a major concern, your WAN architecture needs to be addressed. You will fill in details for all of these topics as you complete the course.

Assessment Were students able to name LAN and WAN architectures, common protocols, and common network services? Are they familiar with the components of a Windows 2000 TCP/IP network infrastructure design? If not, they need to review these topics in order to be successful in this course.


o What can you do to enhance your initial network design?


10

Section 1-3: Enhancing the Design

Preparation After creating an initial design, you may need to enhance the design to meet security, performance, or availability requirements. This section introduces some enhancement principles and technologies discussed throughout this course.

Vocabulary: firewalls (Packet Filters), demilitarized zones (DMZs), tunneling, Internet Protocol Security (IPSec), Virtual Private Networks (VPN), caching, load sharing, DNS round robin, Network Load Balancing (NLB), stability, isolation, redundancy, Microsoft Windows Cluster Server (MSCS)

Focus Question: What can you do to enhance your initial network design?

Time About 1 hour


they have studied? • Discuss enhancing security.

o Firewalls (Packet Filters). o Demilitarized Zones (DMZs). o Tunneling. o Internet Protocol Security (IPSec). o Virtual Private Networks (VPN).

• Discuss enhancing performance. o Using adequate hardware. o Eliminating unnecessary communication. o Co-locating users and resources. o Caching. o Load sharing. o DNS round robin. o Network Load Balancing (NLB).

• Discuss enhancing availability. o Stability. o Isolation. o Redundancy. o Microsoft Windows Cluster Server (MSCS).


11


• This section should be revisited at the end of the course, before students hand in completed design projects. When design projects are almost finished, ask students to reread this section and review their designs.

• Write a short paper critiquing the existing design and suggest improvements that could enhance security, performance, and/or availability.



o How do you implement a network design? What sort of planning is involved?

• Look at the documentation that describes your existing network. Identify two potential security risks.

• Look at the documentation that describes your existing network. Identify two areas that would benefit from increased performance.

• Look at the documentation that describes your existing network. Identify two areas that need high availability.


12

Section 1-4: Planning Implementation and Management

Preparation After designing a network infrastructure, you need to plan how you will implement the design and manage the network infrastructure after it is in place. This section presents some fundamental principles of implementation and management planning.

Exam Objectives 601 Design a strategy for monitoring and managing Windows 2000 network

services. Services include global catalog, Lightweight Directory Access Protocol (LDAP) services, Certificate Services, DNS, DHCP, WINS, Routing and Remote Access, Proxy Server, and Dfs.

602 Design network services that support application architecture. 603 Design a plan for the interaction of Windows 2000 network services such

as WINS, DHCP, and DNS. 604 Design a resource strategy.

Vocabulary: implementation planning, acceptance criteria, management planning

Focus Question: How do you implement a network design? What sort of planning is involved?

Time About 1 hour


they have studied? • Discuss principles of implementation planning.

o Foundation first. o Minimizes risk. o Maximizes return. o Monitored. o Accommodates users.

• Discuss principles of management planning. o On-going. o Crisis-oriented. o Trend-oriented. o Other conditions.


13


• This section should be revisited at the end of the course, when students study Section 6-3. At that time, they will create an implementation and management plan.



o How do I determine which topologies and protocols to use? Where should I place subnets?

• In the Deployment Planning Guide – Complete read Chapter 1, Deployment Planning, and Chapter 2, Creating a Deployment Roadmap.


14

Section 2-1: Topology and Protocol Design

Preparation Bandwidth measures the amount of traffic that can be sent on a network. Two factors that affect the available bandwidth are the network's physical structure and the total number of hosts on each network segment (which affects the amount of network traffic generated). As you design a network infrastructure, you will need to identify the bandwidth requirements and design or modify the network structure accordingly to provide the necessary bandwidth. This section covers the following topics related to the physical network design. Before class, gather information for the requirements documentation. This includes information on the existing architecture, topology, and protocol use. Be able to identify desired improvements.

Exam Objectives 301 Modify and design a network topology.

Vocabulary: network architecture, Ethernet, Token Ring, LAN backbone, 10Base2, 10BaseT, 100BaseT, network protocol, TCP/IP, IPXC/SPX, AppleTalk, SNA, NetBIOS, NetBEUI, NetBT

Focus Question: How do I determine which topologies and protocols to use? Where should I place subnets?

Time About 2 hours


they have studied? • Discuss selecting a network architecture.

o Define network architecture. o Compare Ethernet and Token Ring. o Describe LAN backbones.

• Discuss modifying an existing topology. o Define topology. o Explain what is involved when upgrading from 10Base2 to 10BaseT. o Explain what is involved when upgrading from 10BaseT to 100BaseT.

• Discuss selecting a networking protocol. o Briefly review common protocols: TCP/IP, IPX/SPX, AppleTalk, SNA. o Where is each protocol used? o Discuss application and platform support.


15

• Discuss in these topics in detail. o NetBIOS.

• NetBIOS computer names. • Pre-Windows 2000 clients require NetBIOS names for networking.

Windows 2000 can use it, but is not required. o NetBEUI.

• Windows 3.11, NT 3.x, and LAN manager require it. o NetBT.

• You can turn this off on Windows 2000 computers. This causes problems if you also have pre-Windows 2000 computers on the network.

• Discuss selecting network protocols. o Compare TCP/IP, NetBT, NetBEUI, IPX/SPX, AppleTalk, and SNA. o When would you use each protocol? What is it for? o When is each protocol required?

• Discuss subnetting the network. o Reasons for subnetting:

• Improve performance. • Enforce security. • Connect dissimilar architecture.

o Subnetting guidelines: • Keep users resources they use on the same subnet. • Analyze network traffic, and subnet to reduce traffic as necessary. • Subnet based on physical location. • Analyze the capacity of routers. • Anticipate future growth.

o Subnet design should include: • Total number of needed subnets. • Maximum number of devices supported on each subnet. • Physical location of each subnet. • Number, location, and capability of the routers.


• Fill in details in the requirements documentation. o Document the existing architecture and topology by creating detailed

network diagrams. Create a diagram that describes the physical network. Include:

• Details such as the physical paths of the wiring, analog, and ISDN lines.

• Location of devices such as hubs, switches, modems, routers and bridges.

o Document current protocol use. If more than one protocol is used, identify clients and servers that need to communicate with each other.


16

o If necessary, identify desired improvements. Most of this information will come from the IT staff. User complaints of slow access might point to issues such as slow hubs or a need for better subnetting. Desired conditions may have been covered when you initially discussed requirements.

• If necessary, revise your desired outcomes document and readdress balancing of requirements.

• Create an architecture, topology, and protocol design document. o Architecture – Will the architecture change or remain the same?

(Architecture is likely to remain the same, unless you are designing a brand new network.)

o Topology – Will the topology change or remain the same? This may include a network wide change, such as upgrading to 100BaseT, or you may simply replace some components, such as replacing hubs with faster switches.

o Protocol Design – What protocol(s) will be used? Which clients and hosts will use which protocol? Will all clients run all protocols? Do you need to install a gateway or a proxy?

o Subnet Design – Create a diagram(s) to describe subnet placement. At this point, you don’t need to identify network addresses for each subnet. If the current subnet design is adequate, note this in the documentation. You may want to make a few minor changes, such as splitting an existing subnet that currently has too much traffic, or moving a group of users that generates excessive traffic to their own subnet.



o How do I create an IP addressing scheme for my network design? • Use the Internet to research price and features for three different hubs. Compare

the devices, and recommend a choice for your network design. • Use the Internet to research price and features for three different switches.

Compare the devices, and recommend a choice for your network design.


17

Section 2-2: IP Addressing

Preparation After you have determined how many hosts will be on your network, how many subnets are needed and how many hosts should be on each subnet. The next step is to identify the address and mask for each subnet. This section reviews IP subnetting concepts covered in the earlier courses and applies them to network design.

Exam Objectives 302 Design a TCP/IP networking strategy. Vocabulary: subnet mask, default subnet mask, custom subnet mask, private addressing, public addressing, network address

Focus Question: How do I create an IP addressing scheme for my network design?

Time About 2 hours


they have studied? • Review IP addressing. Students should know this material, but if they don’t,

spend time reviewing these concepts. o IP addressing.

• 32 bit addresses. • Octets.

o Default subnet mask. • Discuss default mask for each class. • Stress that this mask does NOT create subnets. You have a single

network ID, with all hosts on the same subnet. o Custom subnet mask.

• A custom mask covers more bits than the default mask. • This creates additional subnets.

• Review binary numbers. Students should know this material, but if they don’t, spend time reviewing these concepts.

o Remind students of the decimal system. • Decimal is based on powers of 10.


18

o The binary system is based on powers of 2 instead of 10. • Digits are 0, 1. • Calculate powers of 2. 20 = 1, 21 = 2, 22 = 4, 23 = 8, 24 = 16, 25 =

32… • 10011000 = 1*27+0*26 + 0*25 + 1*24 + 1*23 + 0*22 + 0*21 + 0*20

= 1*128 + 0*64 + 0*32 + 1*16 + 1*8 + 0*4 + 0*2 + 0*1 = 152

o Explain how to convert between binary and decimal. • By hand. • Using a calculator.

• Discuss selecting the network address. o Private IP addresses. o Private IP addresses.

• 10.0.0.0 to 10.255.255.255 • 172.16.0.0 to 172.31.255.255 • 192.168.0.0 to 192.168.255.255

o When do you use public addresses? o When do you use private addresses? o Select the network address and mask.

• Use the existing network address. • If connecting to the Internet and using public addressing, request a

block of addresses. • If not connected to the Internet or using private addressing, select

the mask and the network address. • Discuss choosing the subnet mask.

o Begin by selecting the subnet mask based on the total number of subnets required.

o Verify that the mask provides enough hosts per subnet. o Modify the mask to accommodate more hosts if necessary. Verify that the

necessary number of subnets is still supported. • Review methods for calculating a subnet mask based on the number or required

subnets. o Calculating the mask. Explain the technique, and then do the lecture

activities as a class. o Selecting the mask from a table. Explain the technique, and then do the

lecture activities as a class. • Review methods for calculating the number of hosts per subnet. Then do the

lecture activities as a class. o Calculating the number of hosts. o Identifying total hosts from a table.

• Review assigning the subnet address. Then do the lecture activities as a class. o Given a network ID and a subnet mask, show students how to identify

valid subnet addresses.


19

o After calculating the valid subnet addresses, show students how to determine the range of valid IP addresses on each subnet.

• The first IP address in each range is not used as a host ID because it is the network ID for that subnet.

o The last IP address in each range is not used as a host ID because it is the broadcast address for that subnet.


• Calculate subnet masks. o Divide the Class A address 10.0.0.0 into 190 subnets. o Divide the Class B address 172.16.0.0 into 10 subnets. o Divide the Class C address 192.16.5.0 into 2 subnets.

• Select the mask from a table. o Divide the Class A address 10.0.0.0 into 220 subnets. o Divide the Class B address 172.16.0.0 into 34 subnets. o Divide the Class C address 192.16.5.0 into 4 subnets.

• Calculate the number of valid host IDs on each subnet. o Network ID 10.0.0.0, subnet mask 255.255.248.0 o Network ID 145.16.0.0, subnet mask 255.255.192.0 o Network ID 192.168.1.0, subnet mask 255.255.255.128

• Identify valid subnet addresses. o Network ID 192.168.2.0, subnet mask 255.255.255.192 o Network ID 192.168.2.0, subnet mask 255.255.255.224 o For each subnet address you calculated in the last exercise, identify the

range of valid IP addresses. What is the broadcast address for each subnet? What is the network ID for each subnet?

Design Activity • Select an IP addressing scheme.

o Will you use private or public IP addresses? o If using private IP addressing, do you need to connect to the Internet? o What public IP address(s) will be used to connect to the Internet? o Assign subnet addresses to your subnet placement design.

Assessment • Did students participate during the lecture activity? Do they understand the IP

problems? • Check design notebooks.


20


o How do I optimize my IP addressing design? • Calculate subnet masks or select the mask from a table.

o Divide the Class A address 10.0.0.0 into 30 subnets. o Divide the Class B address 172.16.0.0 into 6 subnets. o Divide the Class C address 192.16.5.0 into 4 subnets. o Divide the Class A address 10.0.0.0 into 90 subnets. o Divide the Class B address 172.16.0.0 into 20 subnets. o Divide the Class B address 172.16.0.0 into 125 subnets.

• Calculate the number of valid host IDs on each subnet. o Network ID 10.0.0.0, subnet mask 255.255.224.0 o Network ID 172.16.0.0, subnet mask 255.255.248.0 o Network ID 192.168.2.0, subnet mask 255.255.255.128

• Identify valid subnet addresses. o Network ID 192.168.1.0, subnet mask 255.255.255.128 o Network ID 192.168.1.0, subnet mask 255.255.255.224 o Network ID 192.168.1.0, subnet mask 255.255.255.240 o Network ID 172.16.0.0, subnet mask 255.255.255.0 o Network ID 172.16.0.0, subnet mask 255.255.248.0

• For each subnet address you calculated in the last exercise, identify the range of valid IP addresses. What is the broadcast address for each subnet? What is the network ID for each subnet?


21

Section 2-3: Optimizing IP Addressing

Preparation The last section reviewed how to identify the subnet mask and subnet addresses based on the number of required subnets and the number of hosts per subnet. This section teaches students how to customize the subnetting scheme to better utilize available IP addresses and reduce routing overhead.

Exam Objectives 302 Design a TCP/IP networking strategy. 503 Design a Routing and Remote Access routing solution to connect

locations.

Vocabulary: system-wide subnet mask, VLSM, CIDR, hierarchical routing, route aggregation, supernetting

Focus Question: How do I optimize my IP addressing design?

Time About 1 hour


they have studied? • Custom subnet masks.

o Uses a mask different from the default mask. o Discussion in last section generated a system-wide subnet mask. o Pitfall of a system-wide subnet mask:

• Subnets don’t support enough hosts. • Not enough available subnets.

o Discuss wasted IP addresses. • VLSM – variable length subnet masks.

o Use different masks for different subnets. o Select the subnet mask for individual subnets based on the number of

hosts required on the subnet. o Conserve IP addresses by sizing the address range for a subnet based on

the maximum number of hosts. • Guidelines for VLSM design. Use VLSM when:

o You cannot create subnets with a single mask that give you enough subnets or hosts.

o You cannot select a different network address. o Your network is connected to the Internet and is using public addressing. o You need to minimize the number of unused or wasted IP addresses.


22

o Implementation factors. • VLSM is more complicated. • Make sure that routers support VLSM. • Make sure that subnet addresses or ranges do not overlap.

• CIDR – Classless Interdomain Routing. o Hierarchical routing. o Route aggregation. o Review CIRD notation.

• Make sure students understand that this is exactly the same as the subnetting discussed earlier. It is simply a different notation.

• They may decide they like this notation better, and prefer it for calculations. That’s fine.

• Show students how to convert between the CIDR notation and dotted decimal notation for masks.

o /25 and 255.255.255.192 • Review supernetting.

o Supernetting allows you to combine multiple networks into a single logical network. It is essential the opposite of subnetting.

o Show students how to calculate a supernet mask. o Show students how to calculate the CIDR bit number.

• Discuss CIDR design guidelines. o When to use CIDR:

• To reduce the size of individual routing tables. • If your network advertises routes on the Internet. • If supernetting is required.

o Design guidelines. • Structure the physical layout of the routers hierarchically. • Assign subnet addresses with custom masks to match the physical

network layout. • Routers must support both VLSM and CIDR.


• Design a VLSM solution. You are using the network ID 192.168.1.x. You need to divide this network ID in to five subnets. The first four subnets each require 30 host IDs. The last subnet requires 60 host IDs.

• Practice converting between CIDR and dotted decimal notation. o /9 o /18 o /21 o /30 o 255.0.0.0 o 255.255.192.0 o 255.255.255.0 o 255.255.255.224


23

• Calculate the supernet mask values. o You need to group eight class C addresses, ranging from 201.10.0.0 to

201.10.7.0. o You need to group five class C addresses, ranging from 198.121.23.0 to

198.121.27.0. • Calculate the CIDR bit number for the supernets you created in the last activity.

Design Activity • Review your subnet address design. Make changes as necessary to optimize your

subnet design. You may decide that your design is adequate. In that case, briefly defend your design decisions.

Assessment • Did students participate during the lecture activity? Do they understand the IP

problems? • Check design notebooks.


o How do I design a routing solution for my network? • Practice converting between CIDR and dotted decimal notation.

o /10 o /11 o /23 o /31 o 255.192.0.0 o 255.255.248.0 o 255.255.255.248 o 255.255.255.252

• Calculate the supernet mask values. Calculate the CIDR bit number for each of the supernets.

o You need to group eight class C addresses, ranging from 201.10.16.0 to 201.10.23.0.

o You need to group thirty-two class C addresses, ranging from 207.1.64.0 to 207.1.95.0.


24

Section 2-4: Designing Routing

Preparation If you are designing a network with multiple subnets, you will use routers to connect the subnets and enable intersubnet communication. Routers move data between various networks by keeping track of known networks in their routing tables. The routing table identifies the network and the interface or next hop router used to reach that network. As part of your design, you will need to identify how routers build routing tables. This section covers routing design. Prepare a graphic/example to use when discussing OSPF autonomous system components

Exam Objectives 302 Design a TCP/IP networking strategy. Vocabulary: static routing, dynamic routing, autostatic routing, directly connected networks, default route, RIP, OSPF, IGMP, multicast

Focus Question: How do I design a routing solution for my network?

Time About 1 hour


they have studied? • Discuss routing methods.

o Static routing. o Dynamic routing. o Autostatic routing.

• Discuss default routing table entries. o Directly-connected networks. o The default route.

• Design guidelines for selecting a routing method. o Default routes.

• Networks with only one router. o Static routes.

• Small networks. • If network routes rarely change. • To reduce traffic due to routing updates. • To prevent route broadcasting.

o Dynamic routing. • Medium to large networks. • Networks that change frequently.


25

• To reduce administration of routing. o Auto-static routing.

• Networks connected by expensive or non-persistent WAN links. • If OSPF is not used as the routing protocol. • To control when routing updates take place (schedule).

• The choice of the routing protocol depends on: o The networking protocol. o The number of networks in the routing table. o The routing protocols supported by existing routers. o The routing protocols already in use in the network.

• Windows 2000 Routing Support. o Configured as a software router capable of 40,000 packets/second. o Supports RIP 1, RIP 2, and OSPF routing protocols (TCP/IP). o Supports RIP and SAP protocols (IPX). o Supports DHCP packet forwarding. o Supports IP packet filtering. o Supports a wide range of LAN and WAN boards from major

manufacturers. • Guidelines for selecting an IP routing protocol.

o RIP version 1. • Small networks. • Existing routers run RIP v1.

o RIP version 2. • Small networks. • Use multicasts or unicasts for exchanging routing table updates. • Implement router authentication. • Support VLSM or route aggregation. • Support autostatic routing. • Discard routes from specific routers.

o OSPF. • Large networks. • Support VLSM or route aggregation. • Maintain redundant paths to a single destination. • Faster sharing of routing information. • Reduce traffic due to routing updates (OSPF generates less traffic

than RIP). • Implement router authentication. • RIP cannot be used.

• Introduce OSPF design. Define the following terms: o Autonomous System (AS). o Area. o Network.

• Use a picture to discuss OSPF autonomous system components. o AS boundary router. o Backbone.


26

o Areas. • OSPF special design conditions.

o Stub Area. o Virtual Link.

• General steps to design an OSPF network: o Identify the backbone area. o Subdivide the remaining networks into areas. Try to ensure that all inter-

area traffic crosses the backbone. o Assign subnet addressing, organizing addresses hierarchically as much as

possible. o Configure routers within and between areas. Configure how routers share

routing information. • OSPF design guidelines.

o Create a single backbone. o Create all stub areas if possible. Avoid virtual links. o Create areas with 100 networks or less. o Assign area subnetting so that only one route is summarized onto the

backbone for all area subnets. o Identify the least busy router as the designated router for each area.

• Multicasting. o Define multicasting. Describe how it works. o IGMP tasks and Windows 2000 support. o IGMP interface modes. o Design guidelines.

• Make sure the Windows 2000 server is the last router in the multicast path

• Configure the private interface in Router mode. • Configure the public interface in Proxy mode. • For a single-router network not connected to any other networks,

configure both interfaces in Router mode. • Discuss enhancing router security.

o Requiring authentication. o Encrypt router-to-router traffic. o Eliminate all router updates. o Keep routers in a locked facility. o Use passwords. o Run only routing services on the router.

• Discuss enhancing router performance and availability. o Limit the number of other services running on the device. o Upgrade hardware. o Design subnet addresses to permit summarization and reduce routing table

sizes. o Replace software routers with hardware routers.

• Enhancing network communications with routers. o Configure packet filters on routers to screen traffic. o Use routers to create screened subnets.


27

o Provide redundant paths between networks. o Use load balancing to select the least congested route. o Use metrics to force traffic over faster or preferred links. o Upgrade WAN or network connections. o Properly place network devices to reduce traffic.


• Identify locations where you will use Windows 2000 routers and identify routing protocols.

o If your network already has hardware routers, you probably don’t plan to replace them with Windows 2000 routers. In this case, simply identify the location of your routers.

• Create a diagram that shows router placement, and port addresses for each subnet on each router. This diagram is a simple addition to your IP subnet design.

• Write a brief paper describing how you plan to address router security, performance, and availability.

o For example, all routers will be configured with passwords to control access, and only IT staff will have keys to the rooms where the routers are kept.



o How can I further enhance my TCP/IP design? • Use the Internet to research price and features for three different routers. Compare

the devices, and recommend a choice for your network design. • In the Deployment Planning Guide – Complete read Chapter 7, Determining

Network Connectivity Strategies, IP Routing Infrastructure. • Skill Review Exercises

o (If needed, install fake NICs on student computers.) If necessary, disable routing and remote access. Run the routing and remote access wizard. Select the network router option.

o Student computers should be configured as routers from the last lab. Add RIP and configure the servers as RIP routers.

o Define two neighbors for your RIP router. o Configure your RIP router to interact with a Windows NT 4.0 RIP router. o Install and configure OSPF. o If necessary, install fake modems on student computers. Disable routing

and remote access. Run the routing and remote access wizard. Select the network router option, and configure a demand-dial router.


28

Section 2-5: Enhancing the TCP/IP Design

Preparation Window 2000 supports some enhancements to the TCP/IP protocol suite, which improve performance and ensure security. This section discusses the new features and how they can enhance TCP/IP design.

Exam Objectives 302 Design a TCP/IP networking strategy. Vocabulary: IPSec, AH, ESP, IPSec default policies, Kerberos v5, public key certificate, preshared keys, HMAC, DES, Diffie-Hellman key agreement algorithm, TCP window size, SACK, ICMP router discovery, quality of service

Focus Question: How can I further enhance my TCP/IP design?

Time About 1 hour


they have studied? • Discuss IPSec security features.

o AH and ESP. o IPSec Process. o IPSec Default Policies.

• Client policy. • Server policy. • Secure server policy.

o IPSec key exchange methods. • Kerberos v5. • Public key certificates. • Preshared keys.

o When would you use each of the IPSec key exchange methods? o Discuss IPSec protection methods.

• HMAC. • DES. • Diffie-Hellman key agreement algorithm.

o When would you use each of the IPSec protection methods? • Discuss features for enhancing TCP/IP performance.

o Larger TCP window size. o TCP selective acknowledgment (SACK).


29

o ICMP router discovery. o Disabling NetBIOS over TCP/IP. o Quality of Service (QoS).


• Review your design requirements documents. Are there any parts of the network that require IPSec? If so, design an IPSec solution to enhance protocol security.

• Review your design requirements documents. Would any of the TCP/IP performance and availability features help meet requirements? If so, add these features to your design.



o What factors influence WAN design? • Go to

http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/default.asp. Download and read Deploying QoS to Enhance Multimedia Network Performance.

• Skill Review Exercises o Create a new IPSec policy. Accept the default response rule. Document

the choices you make in the Wizard and explain what your policy does. o Add a new rule to your policy. o Disable NetBIOS over TCP/IP.


30

http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/default.asp


http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/scenarios/qos_deploy_qos_enhance_multimedia_network_performance.asp

http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/scenarios/qos_deploy_qos_enhance_multimedia_network_performance.asp

Section 3-1: WAN Connections

Preparation Wide area network (WAN) connections are used to connect remote users or sites. Although the actual implementation of a WAN design is beyond the scope of this course, students should have a basic understanding of the components required for WAN communications and the factors influencing WAN design. Prepare to provide details about the existing WAN environment and desired improvements. Estimate current bandwidth use if necessary. If possible, invite a network administrator to describe the existing environment and desired improvements.

Exam Objectives 301 Modify and design a network topology.

Vocabulary: demarc, WAN service provider, local loop, WAN cloud, analog network, digital network, T-carriers, dial-up, ISDN, DSL, T-1, remote access, VPN, bandwidth, persistence, cost

Focus Question: What factors influence WAN design?

Time About 2 hours


they have studied? • Define basic WAN components.

o Demarc. o Local loop. o WAN service provider. o WAN cloud.

• Discuss basic WAN solutions. o Analog networks. o Combined digital and analog networks. o Digital networks.

• Discuss common WAN transmission media. o Telephone line wiring. o T-carriers.

• Compare some WAN connectivity options. o Dial-up. o ISDN. o DSL. o T-1.


31

• Identifying WAN requirements. o Type and method of resource access.

• Remote access. • Internetwork communication. • Internet access. • VPN through the Internet.

o Characteristics. • Bandwidth. • Persistence. • Cost.

• Selecting the WAN connection method. o Identify how users connect. o Identify link requirements. o Determine which services are available and at what cost.

• Enhancing existing WAN connections. o Reducing cost. o Increasing bandwidth. o Increasing WAN availability.

• Redundant devices. • Backup WAN link. • Separate WAN providers.

o Increasing WAN performance. • Increase bandwidth. • Upgrade connection hardware. • Add links for BAP or load balancing. (BAP is covered in Section

7-1 of the Network Infrastructure Administration course. BAP allows multilink connections to be dropped and established dynamically. If all connections are in use and another connection request is made, one of the existing connections is dropped and made available for the new call.)

o Increasing WAN security. • Increase authentication level. • Enforce strict passwords. • IPSec or VPN. • Packet filters. • Screened subnet.


32


• Fill in details in the requirements documentation. o Document the WAN connections. Create a diagram that describes the

physical network. Include: • Details such as the connection capacity and current bandwidth use. • Current cost of each connection. • Do you currently have remote access, connections between

multiple networks, Internet access, and/or a VPN. o If necessary, identify desired improvements. Desired conditions may have

been covered when you initially discussed requirements. • Do you need remote access, connections between multiple

networks, Internet access, and/or a VPN? • Do you need to upgrade WAN connections?


• Create WAN design document. o Include physical connections. Specify details such as the connection

capacity and cost. o Include methods of resource access: remote access, connections between

multiple networks, Internet access, and/or a VPN. • As you create your WAN design, consider ways to improve WAN availability,

performance, and security.



o How do I design the Internet connection for a network? • Analyze your WAN design, with respect to WAN availability, performance, and

security. What changes would you make to improve the WAN design? • Investigate WAN connection costs. What is the monthly fee for dial-up, ISDN,

DSL, and a T-1 in your area?


33

Section 3-2: Internet Connectivity

Preparation Connecting to the Internet is one of the most common reasons for needing a WAN connection. This section covers the specifics of designing an Internet connection for your network. This section assumes that you have already selected the physical connection to the Internet (dial-up, ISDN, DSL, or T-carrier). Be prepared to fill in details about current Internet connectivity and identify desired improvements.

Exam Objectives 401 Design an Internet and extranet access solution. Components of the

solution could include proxy server, firewall, Routing and Remote Access, Network Address Translation (NAT), connection sharing, web server, or mail server.

502 Design a virtual private network (VPN) strategy. 503 Design a Routing and Remote Access routing solution to connect

locations.

Vocabulary: routing, NAT, ICS, proxy server, VPN

Focus Question: How do I design the Internet connection for a network?

Time About 1 hour


they have studied? • Review connectivity solutions.

o Routing. o NAT. o ICS. o Proxy server. o VPN.

• Discuss selecting an Internet connectivity method. o Routing.

• Small to large networks. • Hosts must be able to respond to Internet-initiated requests. • Maximum flexibility. • Hosts running TCP/IP.


34

o NAT. • Small- to medium-sized networks. • Automatic address assignment. • Few hosts need outside-initiated contact. • Hosts running TCP/IP.

o ICS. • Single subnet. • Automatic address assignment. • Hosts running TCP/IP. • A Windows 2000 or 98 computer to run ICS.

o Proxy Server. • Small to large networks. • Hosts running a variety of protocols. • The ability to restrict Internet access or contact by user or site. • Caching of Internet or Web server content.

o VPN. • Secure end-to-end communications through the Internet.

• Discuss designing routing access. o All hosts on the private network have a registered public address. o Internet router configuration.

• Public IP addresses for all hosts. • Subnet private network. • Configure default route to point on the Internet. • Prevent router connected to Internet from sharing private routes.

o Security is a concern. Implement: • Packet filters. • Proxy and firewall solutions. • Screened subnets.

• Discuss NAT design process. o Identify private address range. o Design address allocation. o Design name resolution. o Enable public access.

• Discuss NAT design guidelines. o Majority of private hosts need Internet access, but do not need to be

contacted from the Internet. o Registered public address for the NAT router. o Select a private network address. o When using the NAT router to assign private IP addresses, make sure no

other DHCP servers are on the private network. o The NAT router has only limited DHCP capabilities. o If the private network has multiple subnets, use DHCP servers, enable

DHCP forwarding, or configure DHCP relay agents. o When using the NAT router to assign private IP addresses, enable DNS

forwarding or configure each host with the DNS preferred server.


35

o To enable Internet hosts to contact specific private hosts, configure address mappings or port mappings.

o Obtain a registered IP address for every private host that must be contacted from the Internet.

o Implement proxy or firewall services for maximum security.


• Fill in details about current Internet connectivity and add them to your design requirements documentation.

• Identify desired improvements. Desired conditions may have been covered when you initially discussed requirements.


• Design the Internet connectivity for your network. Will you use routing, NAT, ICS, proxy server, and/or a VPN? If your needs include proxy server or remote access, you will design these solutions in later sections.

o Create a diagram showing Internet your connectivity design. Identify device placement, IP addresses, and connection types.



o How do I design a proxy server solution? • Go to

http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/default.asp. Download and read Creating a Business Partner Extranet Connection and Connecting a Branch Office Using L2TP.

• Skill Review Exercises o Configure a Windows 2000 router to route between an internal network

and the Internet. o Install and configure a NAT router to route between an internal network

and the Internet.


36



http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/scenarios/route04_creatingbusinesspartnerextranetconnection.asp

http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/scenarios/route03_connectingbranchofficeusingl2tp.asp

Section 3-3: Proxy Server

Preparation Microsoft's Proxy Server is an integrated Internet firewall, caching, and management solution for securing and enhancing Internet access. Proxy Server 2.0 runs on Windows NT 4.0 or Windows 2000. Its successor, Microsoft's Internet Security and Acceleration Server (ISA), runs on Windows 2000 and offers greater Active Directory integration. This section discusses configuring a proxy server solution.


solution could include proxy server, firewall, routing and remote access, Network Address Translation (NAT), connection sharing, web server, or mail server.

Vocabulary: Internet access control, protocol translation, caching, server proxy, redirector, gateway, screened subnet, proxy array

Focus Question: How do I design a proxy server solution?

Time About 1 hour


they have studied? • Discuss proxy server features.

o Internet access control. o Protocol translation. o Caching. o Server proxy.

• Discuss designing proxy server placement. o Proxy server as a redirector. o Proxy server as a gateway. o Controlling Internet access. o Creating a screened subnet. o Creating an internal screened subnet. o Providing protocol/architecture translation. o Caching Internet content. o Caching web server content. o Caching internal content.

• Discuss designing proxy client configuration. o Proxy client software. o Default gateway.


37

o Compare client solutions. • IE 5.x. • MS Proxy Client software. • SOCKS. • Default gateway.

o Describe proxy server client services. • Web proxy. • SOCKS proxy. • WinSock proxy.

• Discuss enhancing security with proxy server. o A proxy server provides:

• Packet filtering based on source/destination address, protocol, and port.

• Domain name filtering. • User access restrictions through local or Active Directory groups. • Web server read and publishing controls.

o Increase the security of the proxy server. • Place it within a screened subnet. • Restrict physical access to the server. • Run only necessary services on the physical system.

• Discuss enhancing proxy availability and performance. o To optimize caching.

• Configure the caching method. • Increase the cache size. • Configure hierarchical proxies.

o To improve availability. • Server arrays or clusters. • Round robin DNS. • Microsoft's Network Load Balancing.


• If your needs include proxy server design a proxy server solution for your network.

o Include proxy server placement and client configuration in your design documentation.

o You plan should include information about security, availability, and performance.


38



o How do I design a remote access solution? • In the Deployment Planning Guide – Complete read Chapter 7, Determining

Network Connectivity Strategies, External Connectivity Within and Organization and Windows 2000 TCP/IP.


39

Section 3-4: Remote Access

Preparation Your network infrastructure design will include remote access if you have traveling users, users who work from home, or users who connect from distant locations. This section covers topics related to remote access design.



501 Design an implementation strategy for dial-up remote access. 502 Design a virtual private network (VPN) strategy. 503 Design a Routing and Remote Access routing solution to connect

locations.

Vocabulary: dial-up remote access, voluntary VPN, compulsory VPN, authentication, encryption, tunneling protocol, PPTP, L2TP, remote access policies, remote access conditions, connection manager, RADIUS, IAS, RADIUS client, RADIUS server, authentication domain

Focus Question: How do I design a remote access solution?

Time About 1 hour


they have studied? • Selecting the connection method.

o Identify: • Number of concurrent remote users. • Location of remote users. • Resources that remote users need access to. • Connection and total bandwidth required to support remote users.

o Balance the connection characteristics with their cost. • Remote access hardware costs. • Installation costs. • Connection charges.

o Select the connection method. • Dial-Up remote access. • Voluntary VPN. • Compulsory VPN.


40

o Summarize the characteristics of each connection method. • Dial-Up remote access. • Voluntary VPN. • Compulsory VPN.

• Remote access server configuration. o Remote access hardware.

• Dial-up: identify the number of concurrent users and the bandwidth requirements to identify the number of modem ports.

• VPN: existing Internet connection must handle traffic caused by the remote users.

o Consider these factors: • Remote Access Resources. • Remote Access Server Placement. • Address Assignment. • Protocol Support. • Name Resolution.

o VPN connection design includes: • Port Configuration. • Firewall Integration.

• Authentication and encryption levels. o Authentication.

• EAP, MS-CHAP v1, MS-CHAP v2, CHAP, SPAP, PAP. o Encryption.

• MPPE, IPSec. o Tunneling Protocol.

• PPTP, L2TP. o Remote access client support.

• Review remote access policies. o Conditions. o Permissions. o Profile settings. o Review rules used to identify and apply remote access policies. o Policy design guidelines:

• For a policy to be applied, the connection characteristics must match all conditions.

• Policies are checked in order. • If the connection is denied no other policies are checked. • Policies are stored on each remote access server.

o To have similar policies on multiple servers, create the policy on each server or use a RADIUS server.

• AD mixed mode and standalone servers: permissions controlled through user accounts.

• AD native mode: permissions controlled through user accounts or remote access policy.


41

• Remote access client configuration. o Client configuration settings. o Connection Manager.

• Review how RADIUS works. o RADIUS server. o RADIUS client. o Remote access client.

• RADIUS design decisions. o RADIUS client/server placement. o RADIUS client/server configuration. o Authentication domain.

• Discuss enhancing the remote access design. o Increasing remote access security. o Increasing remote access performance. o Increasing remote access availability.


• If your needs include remote access, design a remote access server solution for your network.

o Include the connection method, server configuration, authentication, and encryption levels.

o What remote access policies do you need to design? Will everyone have access, or is access limited to select users? Will access be limited by time of day?

o What client configuration settings are required? o Will you use RADIUS?

• Your plan should include information about security, availability, and performance.



o How do I use DHCP to automatically configure client computers? • Go to:

http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/default.asp. Download and read Connecting Dial-up Remote Access Users to an Intranet, Connecting Remote Users Across the Internet Using PPTP, and Connecting Remote Users Across the Internet Using L2TP.


42



• Skill Review Exercises o If necessary, install fake modems on student computers. o Run the Routing and Remote Access Setup Wizard. Configure your server

as a remote access server. Configure the server to assign IP addresses from the static address pool of 192.168.10.50 to 192.168.10.100.

o Configure a RAS server to use a DHCP server for client IP configuration. o Use the Network Connection Wizard to connect to a RAS server (Dial up

to a private network option). o Create a group called Sales. Create a remote access policy that allows

members of the Sales group to connect to the RAS server between 6:00 AM and 10:00 PM. Record procedure in lab notebooks.

o Configure user account properties to always call a user back at 555-1111. o Configure a profile to disconnect users after 30 minutes of idle time.

Restrict the maximum session to 3 hours. o Configure a profile to allow multilink access. o Configure a profile to allow smart card authentication. o Configure a policy on an IAS server. o Configure a RAS server as a RADUIS client.


43

Section 4-1: DHCP Concept Review

Preparation You can use the Dynamic Host Configuration Protocol (DHCP) to automatically configure hosts on a network with IP addressing information. This section reviews DHCP. Be prepared to fill in details about existing DHCP services and identify desired improvements.

Exam Objectives 303 Design a DHCP strategy. Vocabulary: DHCP, scope, address range, exclusions, reservation, lease renewal, superscope, server level option, scope level option, reserved client level options, class level option

Focus Question: How do I use DHCP to automatically configure client computers?

Time About 2 hours


they have studied? • DHCP scopes.

o Address range. o Exclusion. o Reservation. o Discuss reasons to reserve specific IP addresses.

• DHCP lease duration. o Default lease is 8 days. o Review lease renewal process.

• Superscopes. o You can use multiple scopes on a single physical subnet. o Why create superscopes?

• Non-contiguous IP addresses. • Add more computers to subnet, but limited available IP addresses. • Replace existing address ranges with new address ranges.

• DHCP client options. o Review common parameters.

• 003 router, 006 DNS servers, 105 DNS Domain Name, 044 WINS/NBNS Servers, 046 WINS/NBT Node Type.


44

o Control options/parameters delivered to each client using levels. • Server level options. • Scope level options. • Reserved client level options. • Class level options.


• Fill in details about existing DHCP services and add them to your design requirements documentation.





o How do I design an IP addressing strategy and DHCP options? • In the Deployment Planning Guide – Complete read Chapter 7, Determining

Network Connectivity Strategies, Windows 2000 DHCP. • Skill Review Exercises

o Install DHCP on student computers. o Authorize the servers. o Make sure the lab is disconnected from the rest of the network before you

proceed with this exercise. Create a scope. o Create a client reservation. o Change the lease duration on the existing scope. o Set a DNS server address as a server level option. o Set a different DNS server address as a scope level option. Which DNS

address will be used by the client and why? o Create a superscope. o Create a multicast scope.


45

Section 4-2: Designing Address Allocation

Preparation All TCP/IP hosts are identified by an IP address. As part of the infrastructure design, you should plan how IP addresses are assigned to each host. This section covers selecting an IP addressing strategy and designing DHCP options.

Exam Objectives 303 Design a DHCP strategy. Vocabulary: APIPA, DHCP relay agent, multihomed DHCP server

Focus Question: How do I design an IP addressing strategy and DHCP options?

Time About 1 hour


they have studied? • Selecting the Address Assignment Method.

o Manual. o Manual DHCP.

• Reservations. o Automatic DHCP. o APIPA.

• 169.254.x.y, 255.255.0.0 o Discuss selecting the address assignment method.

• Identifying DHCP server placement. Discuss the implications of each placement strategy.

o DHCP at each location. o Multiple DHCP servers on a single subnet. o Single DHCP server for multiple subnets.

• Designing DHCP for multiple subnets. o By default, DHCP broadcasts are not forwarded through routers. o DHCP server on each subnet. o Forward DHCP broadcasts. o DHCP relay agent. o Multihomed DHCP server.

• Configuring DHCP servers. o When designing a scope.

• Create a scope for each subnet. • Identify exclusions. • Identify reservations.


46

o Discuss using superscopes. • Identifying DHCP client options.

o Identify options to deliver to each client or group of clients. o Determine the option level. o Determine the lease length. o Identify clients with limited or no DHCP support.

• BOOTP clients. • Non-DHCP clients.


• Design IP address allocation for your network. o Identify computers that will be configured manually, via DHCP

reservations, and via DHCP. o Identify DHCP server placement. o If you are serving multiple subnets, how does your design address this

issue? o Identify the scopes to be used on your DHCP servers. o Identify scope options.

Assessment Check design notebook.


o How do I improve my DHCP design? • Go to

http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/default.asp. Download and read DHCP Configuration for a Multiple Subnet Environment.


47



http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/scenarios/dhcp_dhcp_config_mul_sub_env.asp

http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/scenarios/dhcp_dhcp_config_mul_sub_env.asp

Section 4-3: Enhancing Address Allocation

Preparation For most networks, you will need to modify your DHCP design to improve security, availability, and performance. This section covers enhancing the DHCP design.

Exam Objectives 303 Design a DHCP strategy. Vocabulary: distributed scope

Focus Question: How do I improve my DHCP design?

Time About 1 hour


they have studied? • Designing distributed scopes.

o Multiple DHCP servers with scopes for the same subnet – distributed scopes.

o Recommendations for creating distributed scopes. • Multiple DHCP servers on the same subnet (50/50). • Multiple DHCP servers on different subnets (80/20). • DHCP Relay Agent settings for distributed scopes.

• Enhancing DHCP security. o DHCP security and Windows 2000 groups.

• DHCP Users. • DHCP Administrators.

o DHCP server authorization. • If Windows 2000 DHCP server not authorized, it can’t hand out IP

addresses. o DHCP security in a screened subnet.

• Long leases. • Minimize size of scope. • Create client reservations.

• Enhancing DHCP availability and performance. o Availability.

• Add servers. • Server clustering.


48

o Performance. • Multihomed server. • Upgrade server hardware. • Add servers. • Modify lease length.


• Review your initial DHCP design. Does the design adequately address the following issues? Update the design as necessary.

o Distributed scopes. o Security. o Availability. o Performance.



o What is the role of DNS in a Windows 2000 network?


49

Section 5-1: Host Names and DNS Review

Preparation The principle method for identifying resources on a Windows 2000 network and on the Internet is by using host names that conform to the Domain Name System (DNS) standard. This section reviews DNS and its role in a Windows 2000 network. Be prepared to fill in details about existing DNS services and identify desired improvements.

Exam Objectives 304 Design name resolution services. Vocabulary: domain name space, fully qualified domain name, public DNS namespace, private DNS namespace, Active Directory DNS namespace, forward lookup, reverse lookup, zone, zone delegation, root hint, forwarder, standard zone, Active Directory-integrated zone, standard zone synchronization, Active Directory-integrated zone synchronization

Focus Question: What is the role of DNS in a Windows 2000 network?

Time About 1 hour


they have studied? • Review host names and the DNS naming standard.

o Internet domain namespace. o Fully qualified domain name.

• Discuss namespaces on a Windows 2000 network. o Public DNS namespace. o Private DNS namespace. o Active Directory namespace.

• Review DNS servers, lookups, and resource records. o DNS servers.

• Windows NT 4.0, Windows 2000, BIND. o Forward lookup. o Reverse lookup. o Locating Active Directory with SRV records. o Manual resource record registration. o Dynamic resource record registration.


50

• Review DNS zones. o Zones. o Zone delegation. o Root hints. o Forwarders. o Standard zone. o Active Directory-integrated zone.

• DNS zone synchronization. o Standard zone synchronization. o Active Directory-integrated zone synchronization.


• Fill in details about existing DNS services and add them to your design requirements documentation.





o How do I design a DNS system? • Go to:

http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/default.asp. Download and read Overview of DNS Infrastructure.

• Skill Review Exercises o Install DNS. o Create a primary zone. o Configure a Windows 2000 computer with multiple DNS suffixes. o Configure a DHCP server for dynamic DNS updates. o Configure a DNS server for dynamic DNS updates. Is the secure option

available on the computer you used? Why or why not? o Create resource records in the zones created earlier. o Open zone properties. Can you convert to an AD integrated zone and

why? o Create a zone for a subdomain on a second DNS computer. On the first

DNS computer, delegate authority for that zone. o Create a primary zone on one DNS server. Create a secondary zone on

another computer. Configure zone transfers. o Configure a DNS server as a forwarder.


51



Section 5-2: Designing DNS Resolution

Preparation If your network uses IP host names to identify private or Internet hosts, you need to provide a DNS resolution system. DNS is also necessary for Active Directory clients to locate Active Directory. This section explains how to design a baseline DNS resolution system.

Exam Objectives 304 Design name resolution services. Vocabulary: public DNS namespace, private DNS namespace, Active Directory namespace, SRV record, dynamic update, Active Directory integrated zone, replication partner, forwarder, private root domain

Focus Question: How do I design a DNS system?

Time About 1 hour


they have studied? • Determining DNS resolution needs.

o Enable Internet hosts to resolve the organization's Internet host names. o Enable private network hosts to resolve other private network host names. o Enable active directory clients to locate Active Directory. o Enable private network hosts to resolve Internet host names.

• Planning the DNS namespace. o Namespaces.

• Public DNS namespace. • Private DNS namespace. • Active Directory namespace.

o Design guidelines. • Document the existing DNS namespace. • Choose understandable but concise domain names. • Minimize levels. • Choose stable, inclusive domain names. • Use standard characters for names.

• Planning the public DNS namespace implementation. o Use an Internet Service Provider's DNS server. o Use a DNS server in a screened subnet on the organization's network.


52

• Planning the private DNS namespace implementation. o Keep the private DNS namespace private. o Put a private DNS server in each site.

• Planning the Active Directory namespace implementation. o Support for SRV records is required.

• BIND 4.9.6 or later, NT 4.0 with SP4, Windows 2000. • If SRV records not supported, update DNS server or delegate

subdomains. o Support for dynamic updates is recommended.

• BIND 8.1.2 or later, Windows 2000. • If dynamic updates supported, update DNS server, delegate

subdomains, or manually create subdomains and SRV records. • Planning zone transfers.

o Consider integrating zones into Active Directory. • Redundancy. • Simple synchronization. • Multi-master updates. • Secure dynamic updates.

o Ensure compatibility between replication partners. • Unicode characters. • Fast zone transfers. • IXFR. • WINS and WINS-R records. • Vendor specific records.

o Scrutinize replication with public DNS servers. • Use secondary zones. • Never replicate private zones to public DNS servers.

• Planning Internet access. o Forwarders. o Proxy server and name exclusion list or auto-configuration file. o Private root domain o Overlapping private and public DNS namespaces.

• Planning DNS client configuration. o Client DNS server lists.

• Clients use DNS servers that are nearby and authoritative for zones containing frequently used resources.

• If a private DNS namespace exists, clients use private DNS servers.

• Put multiple DNS servers on a client's DNS server list. • Split the client load.

o Client DNS suffixes. o Client DNS resolution options.


53

o DNS name registration. • Client Dynamic DNS (DDNS). • DHCP Server Dynamic DNS (DDNS). • Manual Registration.


• Design DNS services for your network infrastructure. o Use requirements documentation to determine DNS resolution needs. o Plan the DNS namespace. This includes the public, private, and Active

Directory DNS namespaces. o If you will have more then one DNS server, plan for zone transfers. o Design DNS services to support Internet access. o Plan DNS client configuration. If you are using DHCP to deliver IP

configuration to client computers, include DNS configuration information in your DHCP scopes.



o How do I design a NetBIOS name resolution system? • Go to:

http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/default.asp. Download and read Deploying Dynamic Update and Secure Dynamic Update.


54



Section 5-3: Designing NetBIOS Name Resolution

Preparation On a Windows 2000 Active Directory-based network, the principle means of identifying network resources is through DNS names. However, legacy networking applications (including previous versions of Windows) rely on NetBIOS names instead. So you should usually plan for NetBIOS name resolution in your network design. This section reviews NetBIOS and describes how to design a NetBIOS name resolution system. Be prepared to fill in details about existing WINS services and identify desired improvements.

Exam Objectives 304 Design name resolution services. Vocabulary: NetBIOS, NetBIOS name, WINS, NetBIOS name registration, NetBIOS name release, NetBIOS name resolution, WINS proxy, static WINS entry

Focus Question: How do I design a NetBIOS name resolution system?

Time About 1 hour


they have studied? • When is NetBIOS name resolution required?

o Pre-Windows 2000 computers such as Windows 9x or Windows NT 4.0. o Windows 2000 computers belonging to a workgroup rather than an Active

Directory domain (if a DNS server is not available). o Third party NetBIOS-based applications.

• Should you install WINS servers or use broadcast-based NetBIOS name resolution?

o Small, non-routed network; WINS not necessary. o Large, routed network; install WINS server(s).

• Planning WINS server installations. o WINS server locations.

• One WINS server per site. • At least two WINS servers. • One WINS server per 10,000 clients.


55

o WINS replication settings. • Replication partners.

o Automatic partner discovery. o Manual configuration.

• Pull and push partners. o WINS service settings.

• Persistent connections. • Renewal period. • Burst handling.

• Planning WINS client configuration. o Computer names.

• NetBIOS name for a Windows 2000 computer is first 15 characters of host name.

• The NetBIOS computer name for an Active Directory domain controller cannot be changed.

• NetBIOS names must be unique across network. • Only use the following characters to facilitate integration with

DNS: A to Z, a to z, - (hyphen). • Prevent users from changing their computer names.

o Client WINS server lists. • Clients use WINS servers that are nearby. • Configure WINS server to use itself. • Put multiple WINS servers on a client's WINS server. • Split the client load. • Manually configure a client's WINS server list for clients with

static IP addresses. • Use DHCP to deliver WINS server list to DHCP clients.

• Accommodating non-WINS computers. o One WINS proxy for every subnet with non-WINS computers. o Static WINS entries for every non-WINS computer. o Explain how the WINS proxy and static entries facilitate NetBIOS name

registration and resolution. • Non-WINS client name registration. • Non-WINS client name resolution of WINS client names. • WINS client resolution of non-WINS client names.


• Fill in details about existing WINS services and add them to your design requirements documentation.




56

• If required, design a NetBIOS name resolution solution. o Design WINS services. This includes server location, replication settings,

and service settings. o Plan WINS client configuration. If you are using DHCP to deliver IP

configuration to client computers, include WINS configuration information in your DHCP scopes.

o If necessary, plan to accommodate non-WINS computers.



o How do I integrate DNS and WINS name resolution? • Go to:

http://www.microsoft.com/windows2000/techinfo/reskit/deploymentscenarios/default.asp. Download and read Deploying WINS in an Enterprise Network.

• Skill Review Exercises o Install WINS. o Create a static mapping. o Create a scope on a DHCP server that assigns the IP address of a WINS

server and set H-node NetBIOS name resolution. o Configure a computer to be a WINS proxy. o Configure two WINS servers as push/pull partners.


57



Section 5-4: Integrating DNS and WINS

Preparation DNS and NetBIOS name resolution can be integrated. Some of this integration takes place automatically based on the name resolution behavior built into Windows clients. Other integration requires planning on your part. This section explains DNS and NetBIOS integration.

Exam Objectives 304 Design name resolution services. 603 Design a plan for the interaction of Windows 2000 network services such

as WINS, DHCP, and DNS. Vocabulary: forward lookup DNS zone, reverse lookup DNS zone, WINS record, WINS-R record

Focus Question: How do I integrate DNS and WINS name resolution?

Time About 1 hour


they have studied? • Name resolution behavior of Windows 2000 computers.

o DNS first. • Client computer query to DNS. • This may involve appending various suffixes to the name and

querying one or more DNS servers. o NetBIOS second.

• If the name is 15 characters or less, client computer tries NetBIOS resolution.

• This may involve broadcasting or consulting one or more WINS servers.

o Windows NT 4.0 and Windows 9x computers first try NetBIOS resolution, then try DNS resolution.

• Forwarding name resolution requests from DNS to WINS. o Identify zones that should support WINS lookups. o WINS/WINS-R records tell the DNS server to forward unresolvable

requests to a WINS server. • Describe forward lookup DNS zones. • Describe reverse lookup DNS zones.


58

o If you want a DNS zone to perform WINS lookups, make all DNS servers authoritative for the zone support WINS lookups.

• Delegate a zone for WINS lookups. • Configure DNS clients to use delegated WINS lookup zone.


• If required, create a design that integrates DNS and WINS. o Review your DNS and WINS designs and make any changes necessary to

support integration of these two services.



o How can I improve my name resolution design? • Skill Review Exercises

o Set up WINS/DNS integration on your server.


59

Section 5-5: Enhancing DNS and WINS

Preparation Once you've designed a functional name resolution system, examine your design for ways to increase security, availability, and performance. As with other design tasks, you must assess an organization's needs, then weigh the costs and benefits of implementing various enhancements. This section summarizes actions to consider when enhancing a name resolution system.

Exam Objectives 304 Design name resolution services. Vocabulary: private data, public server, caching-only server, incremental zone transfer, fast zone transfer

Focus Question: How can I improve my name resolution design?

Time About 1 hour


they have studied? • Enhancing name resolution security.

o (DNS) Use Active Directory-integrated zones. o (DNS) Let a DHCP server control dynamic DNS updates. o (DNS) Give the public access to secondary zones only. o Use a screened subnet. o Never replicate private data to public servers. o Never replicate from public servers into the private network. o Use a VPN or IPSec to encrypt replication data from the private network.

• Enhancing name resolution availability. o (DNS) Use Active Directory-integrated zones. o Always have at least two servers to provide basic fault tolerance. o Configure clients to use multiple servers. o Put DNS or WINS on a server cluster. o Put servers on an UPS. o Put servers in separate buildings and on separate power grids.

• Enhancing name resolution performance. o (DNS) Consider placing caching-only servers in remote locations. o (DNS) Consider creating delegated zones. o (DNS) Make additional DNS servers available. o (DNS) Use servers that support incremental zone transfers and fast zone

transfers.


60

o (WINS) Use WINS servers to decrease NetBIOS broadcasts. o (WINS) Configure persistent connections for WINS servers that can stay

connected. o (WINS) Set the burst handling threshold appropriately. o (WINS) Configure only one WINS proxy per subnet to minimize the

WINS server's load. o Balance the client load across servers by configuring group of clients to

use different servers. o Put servers near clients that need to use them. o Balance the need for database convergence and bandwidth conservation. o Use a hub and spoke replication topology to minimize database

convergence. o Use appropriate hardware. o Dedicate servers to DNS or WINS.


• Review your DNS and WINS designs. Make any changes necessary to enhance security, availability, and performance.



o How do I integrate a Windows 2000 TCP/IP-based network with other protocols such as IPX/SPX and SNA?


61

Section 6-1: Integrating with Other Protocols

Preparation Currently, TCP/IP is the network protocol of choice because it can be used by many operating systems and is the protocol of the Internet. However, you might need to integrate with other protocols running on the network such as Novell's IPX/SPX (used by many NetWare servers) or IBM's SNA (used by IBM mainframes). Before class, prepare diagrams to explain the components of a SNA hierarchical environment and the components of an APPN environment. If necessary, be prepared to fill in details about existing protocols services and identify desired improvements.

Exam Objectives 304 Design name resolution services.

Vocabulary: IPX/SPX, SNA, APPN

Focus Question: How do I integrate a Windows 2000 TCP/IP-based network with other protocols such as IPX/SPX and SNA?

Time About 1 hour


they have studied? • Integrating with IPX/SPX.

o Basic communication. • IPX/SPX, NWLink.

o Windows clients access Netware resources directly. • Client Service for Netware.

o Windows clients access Netware resources via a Windows 2000 server. • Gateway Service for Netware.

o Netware clients access Windows 2000 resources. • File and Print Services for Netware.

• Integrating with SNA. o Introduce SNA.

• Hierarchical SNA – present graphic showing components of SNA hierarchical environment.

• APPN – present graphic showing components of APPN environment.

o Explain how Microsoft SNA Server acts as a gateway.


62

o SNA server models. • Local SNA servers. • Branch SNA servers. • Centralized SNA servers. • Distributed SNA servers.


• If necessary, fill in details about existing protocols services and add them to your design requirements documentation.

• If necessary, identify desired improvements. Desired conditions may have been covered when you initially discussed requirements.


• If necessary, design a plan that integrates IPX/SPX and/or SNA into your Windows 2000 network infrastructure.



o Are there additional services I should consider for my network design? • Skill Review Exercises

o Install NWLink. o Install and configure CSNW on a client. Configure the client to connect to

a NetWare server. o Install and configure GSNW on a server. Configure the server as a

gateway to NetWare resources.


63

Section 6-2: Planning Additional Services

Preparation This course focuses on creating an underlying network foundation using Windows 2000 TCP/IP-related services. However, you might also need to design other services to provide access to a network directory, distributed files, web and other Internet resources, applications, databases, group messaging, and collaboration. Although other courses focus on the details of such planning, this section provides some fundamental guidelines related to server placement and using appropriate clustering technologies. Be prepared to fill in details about existing services and identify desired improvements.

Exam Objectives 305 Design a Distributed file system (Dfs) strategy. 402 Design a load-balancing strategy. 601 Design a strategy for monitoring and managing Windows 2000 network


602 Design network services that support application architecture. 603 Design a plan for the interaction of Windows 2000 network services such

as WINS, DHCP, and DNS. 604 Design a resource strategy.

Vocabulary: Active Directory, Distributed File System, Internet Information Services, Terminal Services, SQL Services, Exchange Server, Network Load Balancing, Microsoft Cluster Service Focus Question: Are there additional services I should consider for my network design?

Time About 1 hour


they have studied? • Common services.

o Active Directory. o Distributed File System. o Internet Information Services. o Terminal Services. o SQL Services. o Exchange Server.


64

• Server placement guidelines. o Place servers near the users that use them. o For basic fault tolerance, provide at least two copies of each resource. o Keep copies of data synchronized through appropriate replication. o Active Directory domain controller placement. o Global catalog server placement. o DFS root server placement. o DFS replica server placement.

• Server clustering guidelines. o Network Load Balancing.

• Services that store little data themselves, such as IIS and terminal Services.

o Microsoft Cluster Service. • Services that store data with a high need for availability, such as

file and print services, SQL server and Exchange server.


• Fill in details about existing services and add them to your design requirements documentation.



• Create a design document that outlines additional services that your network infrastructure needs to support. These services are not the focus of this course, so keep this part of the project brief.

o Outline required services. o Plan server placement. o Determine if you need to support server clustering.



o What further items should I consider as I plan implementation and management?

• Skill Review Exercises o Configure a Dfs root and links. o Configure a web site with Internet Information Services. o Install and configure Terminal Services in remote administration mode. o Install and configure Terminal Services in application server mode.


65

Section 6-3: Planning Implementation and Management

Preparation After designing a network and its services, you need to plan how to implement the design and manage the network over time. Section 1-4 presented the basics of implementation and management. This section provides some additional details.

Exam Objectives 601 Design a strategy for monitoring and managing Windows 2000 network


602 Design network services that support application architecture. 604 Design a resource strategy.

Vocabulary: centralized, decentralized, service dependency

Focus Question: What further items should I consider as I plan implementation and management?

Time About 1 hour


they have studied? • Centralized and decentralized implementation and management.

o Centralized tasks. • Designing a global network infrastructure. • Designing the DNS namespace. • Creating naming standards. • Installing the first Active Directory domain controller. • Modifying the Active Directory schema. • Monitoring global network needs.

o Often centralized tasks. • Deciding password and other security policies. • Deciding backup and restore policies. • Designing replication topology and schedules. • Authorizing DHCP servers. • Installing/configuring Active Directory domain controllers. • Installing/configuring DHCP servers. • Installing/configuring DNS servers.


66

o Often decentralized tasks. • Supporting end users. • Creating/deleting user accounts. • Modifying user passwords and configuring other user account

properties. • Installing/configuring member servers. • Monitoring individual servers and subnets.

• Implementing network services. o Service dependencies.

• Active Directory requires DNS. • Authorizing a DHCP server requires Active Directory. • Securing resources and services based on domain user or computer

accounts requires Active Directory. • IPSec requires Active Directory unless you manually configure

shared strings on each computer. o Combining services.

• Combine services that compliment, not compete for resources. • Put services that communicate frequently on the same server to

reduce network traffic. • Monitoring network services.

o Collecting data. • Choose carefully what and when to monitor. • Keep a log. • Track changes in state. • Decide between in-band and out-of-band collection.

o Analyzing data. • Decide between centralized and decentralized analysis. • Decide between automated and manual analysis. • Make and keep an analysis schedule.

o Responding to data. • Decide a notification method. • Decide between automated and manual responses. • Keep a log.


67


• Review Section 1-4, as it introduces implementation and management. • Create an implementation and management plan.

o Identify tasks and whether implementation and management will be centralized or decentralized. Identify the individuals or groups who will be responsible for each task.

o If you are installing multiple services in a single server, review service resource use to determine if you are effectively combining services. If necessary, move services to different computers or recommend hardware upgrades.

o Create a plan for monitoring your network during and after implementation.


Homework Suggestions • Read Section 6-3 and take the section test. • In the Deployment Planning Guide – Complete read Part 1, Deployment Planning.

This includes Chapters 1 through 5.


68

Appendix A: Windows 2000 Network Infrastructure Design Objectives

Exam 70-221, Designing a Microsoft Windows 2000 Network Infrastructure Microsoft exam objectives are grouped by general topic. To find instruction for a particular exam objective, locate the objective below and note the section(s) in the course you need to study. Course sections are numbered as [module #]-[section #].

Skills Being Measured This certification exam measures your ability to analyze the business requirements for a network infrastructure and design a network infrastructure that meets business requirements. Before taking the exam, you should be proficient in the following job skills:

Exam 70-221, Designing a Microsoft Windows 2000 Network Infrastructure

Analyzing Business Requirements TestOut for Designing Objectives a Network Infrastructure 101 Analyze the existing and planned business models. 1-1

• Analyze the company model and the geographical scope. Models include regional, national, international, subsidiary, and branch offices.

• Analyze company processes. Processes include information flow, communication flow, service and product life cycles, and decision-making.

102 Analyze the existing and planned organizational structures. Considerations 1-1 include management model; company organization; vendor, partner, and customer relationships; and acquisition plans. 103 Analyze factors that influence company strategies. 1-1

• Identify company priorities. • Identify the projected growth and growth strategy. • Identify relevant laws and regulations. • Identify the company’s tolerance for risk. • Identify the total cost of operations.

104 Analyze the structure of IT management. Considerations include the type of 1-1 administration, such as centralized or decentralized; funding model; outsourcing; decision-making process, and change-management process.


69

Analyzing Technical Requirements TestOut for Designing Objectives a Network Infrastructure 201 Evaluate the company's existing and planned technical environment and 1-1* goals.

• Analyze company size, user, and resource distribution. • Assess the available connectivity between the geographic locations of

worksites and remote sites. • Assess net available bandwidth and latency issues. • Analyze performance, availability, and scalability requirements of

services. • Analyze data and system access patterns. • Analyze network roles and responsibilities. • Analyze security considerations.

202 Analyze the impact of infrastructure design on the existing and planned 1-1* technical environment.

• Assess current applications. • Analyze network infrastructure, protocols, and hosts. • Evaluate network services. • Analyze TCP/IP infrastructure. • Assess current hardware. • Identify existing and planned upgrades and rollouts. • Analyze technical support structure. • Analyze existing and planned network and systems management.

203 Analyze the network requirements for client computer access. 1-1*

• Analyze end-user work needs. • Analyze end-user usage patterns.

204 Analyze the existing disaster recovery strategy for client computers, 1-1* servers, and the network. * Details you should consider when analyzing technical requirements related to specific technologies are discussed throughout the entire course in the applicable module(s) or section(s).


70

Designing a Windows 2000 Network Infrastructure TestOut for Designing Objectives a Network Infrastructure 301 Modify and design a network topology. 2-1 and 3-1 302 Design a TCP/IP networking strategy. 2-2 to 2-5

• Analyze IP subnet requirements. • Design a TCP/IP addressing and implementation plan. • Measure and optimize a TCP/IP infrastructure design. • Integrate software routing into existing networks. • Integrate TCP/IP with existing WAN requirements.

303 Design a DHCP strategy. 4-1 to 4-3

• Integrate DHCP into a routed environment. • Integrate DHCP with Windows 2000. • Design a DHCP service for remote locations. • Measure and optimize a DHCP infrastructure design.

304 Design name resolution services. 5-1 to 5-5, 6-1

• Create an integrated DNS design. • Create a secure DNS design. • Create a highly available DNS design. • Measure and optimize a DNS infrastructure design. • Design a DNS deployment strategy. • Create a WINS design. • Create a secure WINS design. • Measure and optimize a WINS infrastructure design. • Design a WINS deployment strategy. • Design a multi-protocol strategy. Protocols include IPX/SPX and SNA.

305 Design a Distributed file system (Dfs) strategy. 6-2

• Design the placement of a Dfs root. • Design a Dfs root replica strategy.


71

Designing for Internet Connectivity TestOut for Designing Objectives a Network Infrastructure 401 Design an Internet and extranet access solution. Components of the 3-2 to 3-4


402 Design a load-balancing strategy. 6-2

Designing a Wide Area Network Infrastructure TestOut for Designing Objectives a Network Infrastructure 501 Design an implementation strategy for dial-up remote access. 3-4

• Design a remote access solution that uses Routing and Remote Access. • Integrate authentication with Remote Authentication Dial-In User Service

(RADIUS). 502 Design a virtual private network (VPN) strategy. 3-2, 3-4 503 Design a Routing and Remote Access routing solution to connect 2-3, 3-2, 3-4 locations.

• Design a demand-dial routing strategy.

Designing a Management and Implementation Strategy for Windows 2000 Networking TestOut for Designing Objectives a Network Infrastructure 601 Design a strategy for monitoring and managing Windows 2000 1-4, 6-2, 6-3 network services. Services include global catalog, Lightweight Directory Access Protocol (LDAP) services, Certificate Services, DNS, DHCP, WINS, Routing and Remote Access, Proxy Server, and Dfs. 602 Design network services that support application architecture. 1-4, 6-2, 6-3 603 Design a plan for the interaction of Windows 2000 network 1-4, 5-4, 6-2 services such as WINS, DHCP, and DNS. 604 Design a resource strategy. 1-1, 1-4, 6-2, 6-3

• Plan for the placement and management of resources. • Plan for growth. • Plan for decentralized resources or centralized resources.


72

Appendix B: Design Requirements Outline

1. Existing Conditions. a. Organizational structure.

i. Mission statement – Include a mission statement. ii. Geographical locations – Include a diagram showing all locations.

iii. Organizational Chart – Include an organizational chart. iv. Product/Services Lifecycle – Describe the product or services

lifecycle. If you are doing this at a school, the service is education. How does this impact your network services? For example, network use tends to be low during the summer. You may need to create many user accounts at the beginning of each term.

b. Network users and resources. i. User Distribution – Outline the number and location of users.

ii. Workgroups – Identify groups of users who work together and have similar needs.

iii. Resource Types – What resources are used by each workgroup? iv. Resource Distribution – Where are resources located? v. Resource Access Patterns – When are resources most heavily

used? vi. Resource Security, Performance, and Availability Requirements –

Which resources need to be highly secure, how quickly do users need access to them, and how sensitive is the network to a resource being unavailable?

c. Network infrastructure. i. Architecture – Briefly identify during Module 1. For example, the

institution is currently using 10BaseT. Fill in details in Modules 2 and 3 as you discuss LAN and WAN infrastructure. Details will include subnet diagrams, locations of routers, hubs, switches, and WAN connections.

ii. Protocols – What protocols are currently used? iii. Services – What services are currently in use? What version is

used? For example, if the network has DNS servers, what operating system and version are in use?

iv. Clients – What types of clients are currently installed? d. Network management.

i. Roles and Responsibilities – Who is responsible for managing the network? Expand the network management section of the organizational chart.

ii. Management Processes – Note laws and regulations that could affect your network design. What is the approval process for network changes? This will affect your implementation plan.


73

iii. Costs – Identify funding issues. For the purposes of this project you don’t need to know exact details. However, you need to know if this project will be completed on a very strict budget or not. Will you be required to reuse as much equipment as possible? Can you afford to buy many new servers? Do you have a technology grant for upgrading your infrastructure?

e. Trends and other known changes. i. Organizational Structure – Are any changes planned? If so,

document plans. ii. Network Users and Resources – Do you anticipate changes in

resource use? In a school environment, you may have increasing or decreasing enrollment projections. Maybe one department is planning to implement online courses in the next year or two.

iii. Network Infrastructure – Are any changes planned? Are any new buildings planned? Are you planning to upgrade WAN links soon?

iv. Network Management – Will new managers be hired as part of the network infrastructure upgrade? Will management roles change?

2. Stakeholders and Desired Conditions– Identify each group of stakeholders. Identify the network improvements that each group desires. At this point, it is not important to prioritize improvements. Simply list them.

a. Network Users – What do users want to get out of this upgrade? For example, teachers might want to be able to post grades to a secure web server so students can view their grades from a browser. Students might want faster lab computers or more open lab hours.

b. Network Management – What does the IT staff want to get out of this upgrade? For example, they might want to upgrade the mail server or improve bandwidth on slow sections of the network.

c. Organization Management – What does management want to get out of this upgrade? Management typically has final approval of the budget, so you will have to stay within the financial guidelines set by management.

3. Balancing Conditions – Consider each of the desired conditions that you identified. Prioritize these requirements.


74

Appendix C: Design Your Home Office Network This project can be used in place of the primary project described in the lesson plans, or it can be assigned as a supplemental exercise. Designing a home network does not provide as much practical experience as designing a larger network. However, if you are teaching a course on a compressed schedule, the smaller scope of this project is more practical. Students follow all of the design steps outlined for the network design project described in the design activities. However, the scale of the project will be much smaller. Encourage students to make this exercise as realistic as possible. In Module 1, when creating the requirements documentation, make a budget for the home network. Students may choose a limited budget, or they may want to create a dream network with an ample budget. Discourage students from budgeting tens of thousands of dollars on this project, as it makes the project less realistic. In Modules 2 and 3, encourage students to look into technologies common in home networks, such as wireless networking for the LAN and DSL or cable modem for the WAN connection. In Module 4, students who plan to use ICS for their Internet connection should explain how DHCP is used to deliver IP addresses to network clients. In Module 5, students who plan to use ICS for their Internet connection should explain how DNS is used in this environment. In Module 6, students should create a detailed implementation plan. They are unlikely to need additional protocols or services on the home network.


75

designing a microsoft windows 2000 network infrastructure

Documents