Unit 27: Planning and Maintaining a Microsoft Windows Server Network Infrastructure Learning outcomes A candidate following a programme of learning leading to this unit will be able to: Configure security for servers that are assigned specific roles Plan a secure baseline installation Plan security for servers that are assigned specific roles. Roles might include domain controllers, web servers, database servers, and mail servers Evaluate and select the operating system to install on computers in an enterprise plan a TCP/IP network infrastructure strategy Plan and modify a network topology Plan an Internet connectivity strategy Plan network traffic monitoring Troubleshoot connectivity to the Internet Troubleshoot TCP/IP addressing Plan a host name resolution strategy Plan a NetBIOS name resolution strategy Troubleshoot host name resolution Plan a routing strategy Plan security for remote access users Implement secure access between private networks Troubleshoot TCP/IP routing Plan services for high availability Identify system bottlenecks, including memory, processor, disk, and network related bottlenecks Implement a cluster server Manage Network Load Balancing Plan a backup and recovery strategy Configure network protocol security Configure security for data transmission Plan for network protocol security Plan secure network administration methods OCR Level 3 Certificate/Diploma for IT Professionals 196
Plan security for wireless networks Plan security for data transmission Troubleshoot security for data transmission Configure Active Directory service for certificate publication Plan a public key infrastructure (PKI) that uses Certificate Services Plan a framework for planning and implementing security Plan a security update infrastructure NB Before starting this unit please refer to the Vendor website for up-to-date specifications, examination objectives and availability. OCR Level 3 Certificate/Diploma for IT Professionals 197
Unit Content: Planning and Maintaining a Microsoft Windows Server Network Infrastructure 1 Configure security for servers that are assigned specific roles a Plan a secure baseline installation Plan a strategy to enforce system default security settings on new systems Identify client operating system default security settings Identify all server operating system default security settings b Plan security for servers that are assigned specific roles. Roles might include domain Deploy the security configuration for servers controllers, Web servers, database servers, that are assigned specific roles and mail servers Create custom security templates based on server roles c Evaluate and select the operating system to install on computers in an enterprise d Plan a TCP/IP network infrastructure strategy e Plan and modify a network topology 2 Plan an Internet connectivity strategy Identify the minimum configuration to satisfy security requirements Analyse IP addressing requirements Plan an IP routing solution Create an IP subnet scheme Plan the physical placement of network resources Identify network protocols to be used a Plan network traffic monitoring Efficiently utilise tools including Network Monitor and System Monitor b Troubleshoot connectivity to the Internet Diagnose and resolve issues related to Network Address Translation (NAT) Diagnose and resolve issues related to name resolution cache information Diagnose and resolve issues related to client configuration c Troubleshoot TCP/IP addressing Diagnose and resolve issues related to client computer configuration Diagnose and resolve issues related to DHCP server address assignment 198 OCR Level 3 Certificate/Diploma for IT Professionals
d Plan a host name resolution strategy e Plan a NetBIOS name resolution strategy Plan a DNS namespace design Plan zone replication requirements Plan a forwarding configuration Plan for DNS security Examine the interoperability of DNS with third-party DNS solutions Plan a WINS replication strategy Plan NetBIOS name resolution by using the Lmhosts file f Troubleshoot host name resolution Diagnose and resolve issues related to DNS services Diagnose and resolve issues related to client computer configuration g Plan a routing strategy Identify routing protocols to use in a specified environment Plan routing for IP multicast traffic h Plan security for remote access users Plan remote access policies Analyse protocol security requirements Plan authentication methods for remote access clients i Implement secure access between private networks Create and implement an IPSec policy j Troubleshoot TCP/IP routing Efficiently utilise tools including tracert, ping, pathping, and netsh commands and Network Monitor k Plan services for high availability Plan a high availability solution that uses clustering services plan a high availability solution that uses Network Load Balancing l Identify system bottlenecks, including memory, processor, disk, and network related bottlenecks m Implement a cluster server n Manage Network Load Balancing Identify system bottlenecks by using System Monitor Recover from cluster node failure Efficiently utilise tools including the Network Load Balancing Monitor Microsoft Management Console (MMC) snap-in and the WLBS cluster control utility. OCR Level 3 Certificate/Diploma for IT Professionals 199
o Plan a backup and recovery strategy Identify appropriate backup types Methods include full, incremental, and differential Plan a backup strategy that uses volume shadow copy Plan system recovery that uses Automated System Recovery (ASR) p Configure network protocol security Configure protocol security in a heterogeneous client computer environment Configure protocol security by using IPSec policies Configure IPSec policy settings. q Configure security for data transmission r Plan for network protocol security Specify the required ports and protocols for specified services Plan an IPSec policy for secure network communications s Plan secure network administration methods Create a plan to offer Remote Assistance to client computers Plan for remote administration by using Terminal Services 3 Plan security for wireless networks a Plan security for data transmission b Troubleshoot security for data transmission Secure data transmission between client computers to meet security requirements Secure data transmission by using IPSec Efficiently utilise tools including the IP Security Monitor MMC snap-in and the Resultant Set of Policy (RSoP) MMC snap-in 4 Configure Active Directory directory service for certificate publication a Plan a public key infrastructure (PKI) that uses Certificate Services b Plan a framework for planning and implementing security Identify the appropriate type of certificate authority to support certificate issuance requirements Plan the enrolment and distribution of certificates Plan for the use of smart cards for authentication Plan for security monitoring Plan a change and configuration management framework for security 200 OCR Level 3 Certificate/Diploma for IT Professionals
c Plan a security update infrastructure Efficiently utilise tools including Microsoft Baseline Security Analyzer and Microsoft Software Update Services Assessment This unit will be assessed by an on-line Microsoft set examination for Planning and Maintaining a Microsoft Windows Server Network Infrastructure. Notes for tutors The knowledge and understanding within this unit is complementary to Unit 28 - Planning, Implementing and Maintaining a Microsoft Windows Server. This unit may be delivered stand alone by using the Microsoft Official Curriculum. For students wishing to do all the Microsoft units this will complement Unit 28. They may wish to complete both 27 and unit 28 before attempting the two Microsoft examinations as the knowledge required for both units is complementary and will improve chances of success in most cases. Developments in software by Microsoft present centres with the option to choose one from a number of examinations. Please check the Microsoft website to ensure the validity of content and examination being taken. OCR Level 3 Certificate/Diploma for IT Professionals 201