Which editions should you recommend?
###BeginCaseStudy###
Case Study: 19
Consolidated Messenger
General Background
Consolidated Messenger is an international company with multiple regional offices, branch offices,
and data centers.
The company has an existing Microsoft Software Assurance for Volume Licensing subscription.
Infrastructure Background
The offices and data centers are described in the following table.
All offices and data centers are connected by a private routed network.
The environment includes a mix of physical servers and virtual machines (VMs).
All servers are backed up by using Microsoft System Center Data Protection Manager (DPM). The
DPM server in each data center has a replica partner in the other data center.
Branch Offices
The branch offices do not have secure locations in which to install network equipment or servers.
The six physical servers in the Montreal branch office are described in the following table.
Data Centers
The data centers contain Hyper-V failover clusters, as described in the following table.
The data centers share a Hyper-V geocluster with 16 nodes. Each site has 8 nodes. Replicated SAN
storage and a file share witness for the geocluster are located in the Ottawa regional office.
Each data center contains direct-attached storage (DAS) and multiple storage area network (SAN)
systems. Some SAN storage is replicated across the data centers.
The company has a single DHCP server that is located in the Toronto data center. All network
switches and routers are configured with DHCP Relay to the Toronto DHCP server. The DHCP server
is a physical server with DAS.
Domain Background
The company network contains an Active Directory Domain Services (AD DS) domain. Each location
is represented by an Active Directory site. All domain controllers run Windows Server 2008. The
domain controllers are described in the following table.
The Root.local domain only contains a limited number of administrative accounts. All other user
accounts are located in the User.Root.local domain.
Security Background
The Ethernet switches and Wireless Access Points (WAPs) are protected with 802. lx port security
using Windows username and password Protected Extensible Authentication Protocol (PEAP). Client
computers are authenticated by using a Network Policy Server (NPS). A health check is performed
before client computers are allowed onto the corporate network.
Application Background
Applications are deployed to client computers and Remote Desktop servers by using Microsoft
Application Virtualization (App-V). Each data center and branch office has an App-V Streaming
Server.
Several applications utilize Windows Server Failover Clustering within the Hyper-V environment. All
failover cluster servers run Windows Server 2008 R2.
A Customer Relationship Management (CRM) application is installed on a 32-bit virtual machine
(VM) in the Toronto data center that is not compatible with Windows on Windows (WoW). Users will
be granted remote access to the CRM application.
Business requirements
The company is planning to migrate its existing Microsoft Exchange Server environment to Microsoft
Office 365 with rich co-existence.
The company is planning to deploy 500 new retail locations. The retail locations must use a new
Active Directory infrastructure. Each retail location will have access to a set of services. These
services will be accessible only from a new perimeter network in both the Toronto and Vancouver
data centers. Each retail location will have a private network connection to the perimeter network.
The retail location client computers will be hardware-based thin clients that run Windows 7
Enterprise. The retail locations will use only network printers managed by printer location policies.
A consulting company will provide on-site consultants in multiple regional offices, branch offices,
and retail locations. The consulting company will supply the consultants with tablet computers. The
consultants will require access to the Internet and to some server resources.
Technical Requirements
You have the following general requirements:
• Each office must have at least one domain controller.
• All current and future branch office domain controllers must replicate AD information only
with domain controllers located in the data centers.
• Client computers and servers must always obtain the same IP address in the event of a DHCP
service failure.
• Remote access to the CRM application must be enabled through a CustomerService.msi file
distributed to users.
• Applications must be streamed from a local Streaming Server if one is available.
You have the following security requirements:
• Ensure that users in the retail locations cannot see or access any corporate domain
information or other corporate services.
• Permit user accounts on each branch office and retail location server only for users who
work in that location.
• Enable single sign-on (SSO) using the existing Active Directory user accounts for all external
applications.
• Consultant computers must be issued exemption certificates from a dedicated Active
Directory Certificate Services (AD CS) server.
• Ensure that all non-corporate computers pass a Health Check before being allowed on the
network, other than consultant computers that have passed a manual system audit.
• Minimize the attack surface an all servers.
###EndCaseStudy###
The AD CS servers must meet the following requirements:
• Install all management components on the server.
• Manage the server from the server console.
You need to recommend the editions of Windows Server 2008 R2 that meet the requirements for
the new AD CS server.
Which editions should you recommend? (Each correct answer presents a complete solution. Choose
three.)
Which technologies should you recommend?
###BeginCaseStudy###
Case Study: 19
Consolidated Messenger
General Background
Consolidated Messenger is an international company with multiple regional offices, branch offices,
and data centers.
The company has an existing Microsoft Software Assurance for Volume Licensing subscription.
Infrastructure Background
The offices and data centers are described in the following table.
All offices and data centers are connected by a private routed network.
The environment includes a mix of physical servers and virtual machines (VMs).
All servers are backed up by using Microsoft System Center Data Protection Manager (DPM). The
DPM server in each data center has a replica partner in the other data center.
Branch Offices
The branch offices do not have secure locations in which to install network equipment or servers.
The six physical servers in the Montreal branch office are described in the following table.
Data Centers
The data centers contain Hyper-V failover clusters, as described in the following table.
The data centers share a Hyper-V geocluster with 16 nodes. Each site has 8 nodes. Replicated SAN
storage and a file share witness for the geocluster are located in the Ottawa regional office.
Each data center contains direct-attached storage (DAS) and multiple storage area network (SAN)
systems. Some SAN storage is replicated across the data centers.
The company has a single DHCP server that is located in the Toronto data center. All network
switches and routers are configured with DHCP Relay to the Toronto DHCP server. The DHCP server
is a physical server with DAS.
Domain Background
The company network contains an Active Directory Domain Services (AD DS) domain. Each location
is represented by an Active Directory site. All domain controllers run Windows Server 2008. The
domain controllers are described in the following table.
The Root.local domain only contains a limited number of administrative accounts. All other user
accounts are located in the User.Root.local domain.
Security Background
The Ethernet switches and Wireless Access Points (WAPs) are protected with 802. lx port security
using Windows username and password Protected Extensible Authentication Protocol (PEAP). Client
computers are authenticated by using a Network Policy Server (NPS). A health check is performed
before client computers are allowed onto the corporate network.
Application Background
Applications are deployed to client computers and Remote Desktop servers by using Microsoft
Application Virtualization (App-V). Each data center and branch office has an App-V Streaming
Server.
Several applications utilize Windows Server Failover Clustering within the Hyper-V environment. All
failover cluster servers run Windows Server 2008 R2.
A Customer Relationship Management (CRM) application is installed on a 32-bit virtual machine
(VM) in the Toronto data center that is not compatible with Windows on Windows (WoW). Users will
be granted remote access to the CRM application.
Business requirements
The company is planning to migrate its existing Microsoft Exchange Server environment to Microsoft
Office 365 with rich co-existence.
The company is planning to deploy 500 new retail locations. The retail locations must use a new
Active Directory infrastructure. Each retail location will have access to a set of services. These
services will be accessible only from a new perimeter network in both the Toronto and Vancouver
data centers. Each retail location will have a private network connection to the perimeter network.
The retail location client computers will be hardware-based thin clients that run Windows 7
Enterprise. The retail locations will use only network printers managed by printer location policies.
A consulting company will provide on-site consultants in multiple regional offices, branch offices,
and retail locations. The consulting company will supply the consultants with tablet computers. The
consultants will require access to the Internet and to some server resources.
Technical Requirements
You have the following general requirements:
• Each office must have at least one domain controller.
• All current and future branch office domain controllers must replicate AD information only
with domain controllers located in the data centers.
• Client computers and servers must always obtain the same IP address in the event of a DHCP
service failure.
• Remote access to the CRM application must be enabled through a CustomerService.msi file
distributed to users.
• Applications must be streamed from a local Streaming Server if one is available.
You have the following security requirements:
• Ensure that users in the retail locations cannot see or access any corporate domain
information or other corporate services.
• Permit user accounts on each branch office and retail location server only for users who
work in that location.
• Enable single sign-on (SSO) using the existing Active Directory user accounts for all external
applications.
• Consultant computers must be issued exemption certificates from a dedicated Active
Directory Certificate Services (AD CS) server.
• Ensure that all non-corporate computers pass a Health Check before being allowed on the
network, other than consultant computers that have passed a manual system audit.
• Minimize the attack surface an all servers.
###EndCaseStudy###
You need to add the necessary technologies to the environment to prepare Active Directory for
Office 365.
Which technologies should you recommend? (Each correct answer presents part of the solution.
Choose two.)
What should you recommend?
###BeginCaseStudy###
Case Study: 19
Consolidated Messenger
General Background
Consolidated Messenger is an international company with multiple regional offices, branch offices,
and data centers.
The company has an existing Microsoft Software Assurance for Volume Licensing subscription.
Infrastructure Background
The offices and data centers are described in the following table.
All offices and data centers are connected by a private routed network.
The environment includes a mix of physical servers and virtual machines (VMs).
All servers are backed up by using Microsoft System Center Data Protection Manager (DPM). The
DPM server in each data center has a replica partner in the other data center.
Branch Offices
The branch offices do not have secure locations in which to install network equipment or servers.
The six physical servers in the Montreal branch office are described in the following table.
Data Centers
The data centers contain Hyper-V failover clusters, as described in the following table.
The data centers share a Hyper-V geocluster with 16 nodes. Each site has 8 nodes. Replicated SAN
storage and a file share witness for the geocluster are located in the Ottawa regional office.
Each data center contains direct-attached storage (DAS) and multiple storage area network (SAN)
systems. Some SAN storage is replicated across the data centers.
The company has a single DHCP server that is located in the Toronto data center. All network
switches and routers are configured with DHCP Relay to the Toronto DHCP server. The DHCP server
is a physical server with DAS.
Domain Background
The company network contains an Active Directory Domain Services (AD DS) domain. Each location
is represented by an Active Directory site. All domain controllers run Windows Server 2008. The
domain controllers are described in the following table.
The Root.local domain only contains a limited number of administrative accounts. All other user
accounts are located in the User.Root.local domain.
Security Background
The Ethernet switches and Wireless Access Points (WAPs) are protected with 802. lx port security
using Windows username and password Protected Extensible Authentication Protocol (PEAP). Client
computers are authenticated by using a Network Policy Server (NPS). A health check is performed
before client computers are allowed onto the corporate network.
Application Background
Applications are deployed to client computers and Remote Desktop servers by using Microsoft
Application Virtualization (App-V). Each data center and branch office has an App-V Streaming
Server.
Several applications utilize Windows Server Failover Clustering within the Hyper-V environment. All
failover cluster servers run Windows Server 2008 R2.
A Customer Relationship Management (CRM) application is installed on a 32-bit virtual machine
(VM) in the Toronto data center that is not compatible with Windows on Windows (WoW). Users will
be granted remote access to the CRM application.
Business requirements
The company is planning to migrate its existing Microsoft Exchange Server environment to Microsoft
Office 365 with rich co-existence.
The company is planning to deploy 500 new retail locations. The retail locations must use a new
Active Directory infrastructure. Each retail location will have access to a set of services. These
services will be accessible only from a new perimeter network in both the Toronto and Vancouver
data centers. Each retail location will have a private network connection to the perimeter network.
The retail location client computers will be hardware-based thin clients that run Windows 7
Enterprise. The retail locations will use only network printers managed by printer location policies.
A consulting company will provide on-site consultants in multiple regional offices, branch offices,
and retail locations. The consulting company will supply the consultants with tablet computers. The
consultants will require access to the Internet and to some server resources.
Technical Requirements
You have the following general requirements:
• Each office must have at least one domain controller.
• All current and future branch office domain controllers must replicate AD information only
with domain controllers located in the data centers.
• Client computers and servers must always obtain the same IP address in the event of a DHCP
service failure.
• Remote access to the CRM application must be enabled through a CustomerService.msi file
distributed to users.
• Applications must be streamed from a local Streaming Server if one is available.
You have the following security requirements:
• Ensure that users in the retail locations cannot see or access any corporate domain
information or other corporate services.
• Permit user accounts on each branch office and retail location server only for users who
work in that location.
• Enable single sign-on (SSO) using the existing Active Directory user accounts for all external
applications.
• Consultant computers must be issued exemption certificates from a dedicated Active
Directory Certificate Services (AD CS) server.
• Ensure that all non-corporate computers pass a Health Check before being allowed on the
network, other than consultant computers that have passed a manual system audit.
• Minimize the attack surface an all servers.
###EndCaseStudy###
You need to configure the replication topology for the branch offices.
What should you recommend? (Choose all that apply.)
What should you recommend?
###BeginCaseStudy###
Case Study: 19
Consolidated Messenger
General Background
Consolidated Messenger is an international company with multiple regional offices, branch offices,
and data centers.
The company has an existing Microsoft Software Assurance for Volume Licensing subscription.
Infrastructure Background
The offices and data centers are described in the following table.
All offices and data centers are connected by a private routed network.
The environment includes a mix of physical servers and virtual machines (VMs).
All servers are backed up by using Microsoft System Center Data Protection Manager (DPM). The
DPM server in each data center has a replica partner in the other data center.
Branch Offices
The branch offices do not have secure locations in which to install network equipment or servers.
The six physical servers in the Montreal branch office are described in the following table.
Data Centers
The data centers contain Hyper-V failover clusters, as described in the following table.
The data centers share a Hyper-V geocluster with 16 nodes. Each site has 8 nodes. Replicated SAN
storage and a file share witness for the geocluster are located in the Ottawa regional office.
Each data center contains direct-attached storage (DAS) and multiple storage area network (SAN)
systems. Some SAN storage is replicated across the data centers.
The company has a single DHCP server that is located in the Toronto data center. All network
switches and routers are configured with DHCP Relay to the Toronto DHCP server. The DHCP server
is a physical server with DAS.
Domain Background
The company network contains an Active Directory Domain Services (AD DS) domain. Each location
is represented by an Active Directory site. All domain controllers run Windows Server 2008. The
domain controllers are described in the following table.
The Root.local domain only contains a limited number of administrative accounts. All other user
accounts are located in the User.Root.local domain.
Security Background
The Ethernet switches and Wireless Access Points (WAPs) are protected with 802. lx port security
using Windows username and password Protected Extensible Authentication Protocol (PEAP). Client
computers are authenticated by using a Network Policy Server (NPS). A health check is performed
before client computers are allowed onto the corporate network.
Application Background
Applications are deployed to client computers and Remote Desktop servers by using Microsoft
Application Virtualization (App-V). Each data center and branch office has an App-V Streaming
Server.
Several applications utilize Windows Server Failover Clustering within the Hyper-V environment. All
failover cluster servers run Windows Server 2008 R2.
A Customer Relationship Management (CRM) application is installed on a 32-bit virtual machine
(VM) in the Toronto data center that is not compatible with Windows on Windows (WoW). Users will
be granted remote access to the CRM application.
Business requirements
The company is planning to migrate its existing Microsoft Exchange Server environment to Microsoft
Office 365 with rich co-existence.
The company is planning to deploy 500 new retail locations. The retail locations must use a new
Active Directory infrastructure. Each retail location will have access to a set of services. These
services will be accessible only from a new perimeter network in both the Toronto and Vancouver
data centers. Each retail location will have a private network connection to the perimeter network.
The retail location client computers will be hardware-based thin clients that run Windows 7
Enterprise. The retail locations will use only network printers managed by printer location policies.
A consulting company will provide on-site consultants in multiple regional offices, branch offices,
and retail locations. The consulting company will supply the consultants with tablet computers. The
consultants will require access to the Internet and to some server resources.
Technical Requirements
You have the following general requirements:
• Each office must have at least one domain controller.
• All current and future branch office domain controllers must replicate AD information only
with domain controllers located in the data centers.
• Client computers and servers must always obtain the same IP address in the event of a DHCP
service failure.
• Remote access to the CRM application must be enabled through a CustomerService.msi file
distributed to users.
• Applications must be streamed from a local Streaming Server if one is available.
You have the following security requirements:
• Ensure that users in the retail locations cannot see or access any corporate domain
information or other corporate services.
• Permit user accounts on each branch office and retail location server only for users who
work in that location.
• Enable single sign-on (SSO) using the existing Active Directory user accounts for all external
applications.
• Consultant computers must be issued exemption certificates from a dedicated Active
Directory Certificate Services (AD CS) server.
• Ensure that all non-corporate computers pass a Health Check before being allowed on the
network, other than consultant computers that have passed a manual system audit.
• Minimize the attack surface an all servers.
###EndCaseStudy###
You need to ensure that the CRM application server is a highly available virtual machine (HAVM) that
will fail between data centers.
What should you recommend?
What should you recommend?
###BeginCaseStudy###
Case Study: 19
Consolidated Messenger
General Background
Consolidated Messenger is an international company with multiple regional offices, branch offices,
and data centers.
The company has an existing Microsoft Software Assurance for Volume Licensing subscription.
Infrastructure Background
The offices and data centers are described in the following table.
All offices and data centers are connected by a private routed network.
The environment includes a mix of physical servers and virtual machines (VMs).
All servers are backed up by using Microsoft System Center Data Protection Manager (DPM). The
DPM server in each data center has a replica partner in the other data center.
Branch Offices
The branch offices do not have secure locations in which to install network equipment or servers.
The six physical servers in the Montreal branch office are described in the following table.
Data Centers
The data centers contain Hyper-V failover clusters, as described in the following table.
The data centers share a Hyper-V geocluster with 16 nodes. Each site has 8 nodes. Replicated SAN
storage and a file share witness for the geocluster are located in the Ottawa regional office.
Each data center contains direct-attached storage (DAS) and multiple storage area network (SAN)
systems. Some SAN storage is replicated across the data centers.
The company has a single DHCP server that is located in the Toronto data center. All network
switches and routers are configured with DHCP Relay to the Toronto DHCP server. The DHCP server
is a physical server with DAS.
Domain Background
The company network contains an Active Directory Domain Services (AD DS) domain. Each location
is represented by an Active Directory site. All domain controllers run Windows Server 2008. The
domain controllers are described in the following table.
The Root.local domain only contains a limited number of administrative accounts. All other user
accounts are located in the User.Root.local domain.
Security Background
The Ethernet switches and Wireless Access Points (WAPs) are protected with 802. lx port security
using Windows username and password Protected Extensible Authentication Protocol (PEAP). Client
computers are authenticated by using a Network Policy Server (NPS). A health check is performed
before client computers are allowed onto the corporate network.
Application Background
Applications are deployed to client computers and Remote Desktop servers by using Microsoft
Application Virtualization (App-V). Each data center and branch office has an App-V Streaming
Server.
Several applications utilize Windows Server Failover Clustering within the Hyper-V environment. All
failover cluster servers run Windows Server 2008 R2.
A Customer Relationship Management (CRM) application is installed on a 32-bit virtual machine
(VM) in the Toronto data center that is not compatible with Windows on Windows (WoW). Users will
be granted remote access to the CRM application.
Business requirements
The company is planning to migrate its existing Microsoft Exchange Server environment to Microsoft
Office 365 with rich co-existence.
The company is planning to deploy 500 new retail locations. The retail locations must use a new
Active Directory infrastructure. Each retail location will have access to a set of services. These
services will be accessible only from a new perimeter network in both the Toronto and Vancouver
data centers. Each retail location will have a private network connection to the perimeter network.
The retail location client computers will be hardware-based thin clients that run Windows 7
Enterprise. The retail locations will use only network printers managed by printer location policies.
A consulting company will provide on-site consultants in multiple regional offices, branch offices,
and retail locations. The consulting company will supply the consultants with tablet computers. The
consultants will require access to the Internet and to some server resources.
Technical Requirements
You have the following general requirements:
• Each office must have at least one domain controller.
• All current and future branch office domain controllers must replicate AD information only
with domain controllers located in the data centers.
• Client computers and servers must always obtain the same IP address in the event of a DHCP
service failure.
• Remote access to the CRM application must be enabled through a CustomerService.msi file
distributed to users.
• Applications must be streamed from a local Streaming Server if one is available.
You have the following security requirements:
• Ensure that users in the retail locations cannot see or access any corporate domain
information or other corporate services.
• Permit user accounts on each branch office and retail location server only for users who
work in that location.
• Enable single sign-on (SSO) using the existing Active Directory user accounts for all external
applications.
• Consultant computers must be issued exemption certificates from a dedicated Active
Directory Certificate Services (AD CS) server.
• Ensure that all non-corporate computers pass a Health Check before being allowed on the
network, other than consultant computers that have passed a manual system audit.
• Minimize the attack surface an all servers.
###EndCaseStudy###
You need to ensure that DHCP service is highly available between the two data centers.
What should you recommend? (Each correct answer presents part of the solution. Choose three.)
What should you recommend?
###BeginCaseStudy###
Case Study: 19
Consolidated Messenger
General Background
Consolidated Messenger is an international company with multiple regional offices, branch offices,
and data centers.
The company has an existing Microsoft Software Assurance for Volume Licensing subscription.
Infrastructure Background
The offices and data centers are described in the following table.
All offices and data centers are connected by a private routed network.
The environment includes a mix of physical servers and virtual machines (VMs).
All servers are backed up by using Microsoft System Center Data Protection Manager (DPM). The
DPM server in each data center has a replica partner in the other data center.
Branch Offices
The branch offices do not have secure locations in which to install network equipment or servers.
The six physical servers in the Montreal branch office are described in the following table.
Data Centers
The data centers contain Hyper-V failover clusters, as described in the following table.
The data centers share a Hyper-V geocluster with 16 nodes. Each site has 8 nodes. Replicated SAN
storage and a file share witness for the geocluster are located in the Ottawa regional office.
Each data center contains direct-attached storage (DAS) and multiple storage area network (SAN)
systems. Some SAN storage is replicated across the data centers.
The company has a single DHCP server that is located in the Toronto data center. All network
switches and routers are configured with DHCP Relay to the Toronto DHCP server. The DHCP server
is a physical server with DAS.
Domain Background
The company network contains an Active Directory Domain Services (AD DS) domain. Each location
is represented by an Active Directory site. All domain controllers run Windows Server 2008. The
domain controllers are described in the following table.
The Root.local domain only contains a limited number of administrative accounts. All other user
accounts are located in the User.Root.local domain.
Security Background
The Ethernet switches and Wireless Access Points (WAPs) are protected with 802. lx port security
using Windows username and password Protected Extensible Authentication Protocol (PEAP). Client
computers are authenticated by using a Network Policy Server (NPS). A health check is performed
before client computers are allowed onto the corporate network.
Application Background
Applications are deployed to client computers and Remote Desktop servers by using Microsoft
Application Virtualization (App-V). Each data center and branch office has an App-V Streaming
Server.
Several applications utilize Windows Server Failover Clustering within the Hyper-V environment. All
failover cluster servers run Windows Server 2008 R2.
A Customer Relationship Management (CRM) application is installed on a 32-bit virtual machine
(VM) in the Toronto data center that is not compatible with Windows on Windows (WoW). Users will
be granted remote access to the CRM application.
Business requirements
The company is planning to migrate its existing Microsoft Exchange Server environment to Microsoft
Office 365 with rich co-existence.
The company is planning to deploy 500 new retail locations. The retail locations must use a new
Active Directory infrastructure. Each retail location will have access to a set of services. These
services will be accessible only from a new perimeter network in both the Toronto and Vancouver
data centers. Each retail location will have a private network connection to the perimeter network.
The retail location client computers will be hardware-based thin clients that run Windows 7
Enterprise. The retail locations will use only network printers managed by printer location policies.
A consulting company will provide on-site consultants in multiple regional offices, branch offices,
and retail locations. The consulting company will supply the consultants with tablet computers. The
consultants will require access to the Internet and to some server resources.
Technical Requirements
You have the following general requirements:
• Each office must have at least one domain controller.
• All current and future branch office domain controllers must replicate AD information only
with domain controllers located in the data centers.
• Client computers and servers must always obtain the same IP address in the event of a DHCP
service failure.
• Remote access to the CRM application must be enabled through a CustomerService.msi file
distributed to users.
• Applications must be streamed from a local Streaming Server if one is available.
You have the following security requirements:
• Ensure that users in the retail locations cannot see or access any corporate domain
information or other corporate services.
• Permit user accounts on each branch office and retail location server only for users who
work in that location.
• Enable single sign-on (SSO) using the existing Active Directory user accounts for all external
applications.
• Consultant computers must be issued exemption certificates from a dedicated Active
Directory Certificate Services (AD CS) server.
• Ensure that all non-corporate computers pass a Health Check before being allowed on the
network, other than consultant computers that have passed a manual system audit.
• Minimize the attack surface an all servers.
###EndCaseStudy###
You need to plan a name resolution strategy for the App-V Streaming Servers.
What should you recommend?
What should you recommend?
###BeginCaseStudy###
Case Study: 19
Consolidated Messenger
General Background
Consolidated Messenger is an international company with multiple regional offices, branch offices,
and data centers.
The company has an existing Microsoft Software Assurance for Volume Licensing subscription.
Infrastructure Background
The offices and data centers are described in the following table.
All offices and data centers are connected by a private routed network.
The environment includes a mix of physical servers and virtual machines (VMs).
All servers are backed up by using Microsoft System Center Data Protection Manager (DPM). The
DPM server in each data center has a replica partner in the other data center.
Branch Offices
The branch offices do not have secure locations in which to install network equipment or servers.
The six physical servers in the Montreal branch office are described in the following table.
Data Centers
The data centers contain Hyper-V failover clusters, as described in the following table.
The data centers share a Hyper-V geocluster with 16 nodes. Each site has 8 nodes. Replicated SAN
storage and a file share witness for the geocluster are located in the Ottawa regional office.
Each data center contains direct-attached storage (DAS) and multiple storage area network (SAN)
systems. Some SAN storage is replicated across the data centers.
The company has a single DHCP server that is located in the Toronto data center. All network
switches and routers are configured with DHCP Relay to the Toronto DHCP server. The DHCP server
is a physical server with DAS.
Domain Background
The company network contains an Active Directory Domain Services (AD DS) domain. Each location
is represented by an Active Directory site. All domain controllers run Windows Server 2008. The
domain controllers are described in the following table.
The Root.local domain only contains a limited number of administrative accounts. All other user
accounts are located in the User.Root.local domain.
Security Background
The Ethernet switches and Wireless Access Points (WAPs) are protected with 802. lx port security
using Windows username and password Protected Extensible Authentication Protocol (PEAP). Client
computers are authenticated by using a Network Policy Server (NPS). A health check is performed
before client computers are allowed onto the corporate network.
Application Background
Applications are deployed to client computers and Remote Desktop servers by using Microsoft
Application Virtualization (App-V). Each data center and branch office has an App-V Streaming
Server.
Several applications utilize Windows Server Failover Clustering within the Hyper-V environment. All
failover cluster servers run Windows Server 2008 R2.
A Customer Relationship Management (CRM) application is installed on a 32-bit virtual machine
(VM) in the Toronto data center that is not compatible with Windows on Windows (WoW). Users will
be granted remote access to the CRM application.
Business requirements
The company is planning to migrate its existing Microsoft Exchange Server environment to Microsoft
Office 365 with rich co-existence.
The company is planning to deploy 500 new retail locations. The retail locations must use a new
Active Directory infrastructure. Each retail location will have access to a set of services. These
services will be accessible only from a new perimeter network in both the Toronto and Vancouver
data centers. Each retail location will have a private network connection to the perimeter network.
The retail location client computers will be hardware-based thin clients that run Windows 7
Enterprise. The retail locations will use only network printers managed by printer location policies.
A consulting company will provide on-site consultants in multiple regional offices, branch offices,
and retail locations. The consulting company will supply the consultants with tablet computers. The
consultants will require access to the Internet and to some server resources.
Technical Requirements
You have the following general requirements:
• Each office must have at least one domain controller.
• All current and future branch office domain controllers must replicate AD information only
with domain controllers located in the data centers.
• Client computers and servers must always obtain the same IP address in the event of a DHCP
service failure.
• Remote access to the CRM application must be enabled through a CustomerService.msi file
distributed to users.
• Applications must be streamed from a local Streaming Server if one is available.
You have the following security requirements:
• Ensure that users in the retail locations cannot see or access any corporate domain
information or other corporate services.
• Permit user accounts on each branch office and retail location server only for users who
work in that location.
• Enable single sign-on (SSO) using the existing Active Directory user accounts for all external
applications.
• Consultant computers must be issued exemption certificates from a dedicated Active
Directory Certificate Services (AD CS) server.
• Ensure that all non-corporate computers pass a Health Check before being allowed on the
network, other than consultant computers that have passed a manual system audit.
• Minimize the attack surface an all servers.
###EndCaseStudy###
You need to consolidate the physical servers in the Montreal branch office.
What should you recommend? (Choose all that apply.)
What should you recommend?
###BeginCaseStudy###
Case Study: 19
Consolidated Messenger
General Background
Consolidated Messenger is an international company with multiple regional offices, branch offices,
and data centers.
The company has an existing Microsoft Software Assurance for Volume Licensing subscription.
Infrastructure Background
The offices and data centers are described in the following table.
All offices and data centers are connected by a private routed network.
The environment includes a mix of physical servers and virtual machines (VMs).
All servers are backed up by using Microsoft System Center Data Protection Manager (DPM). The
DPM server in each data center has a replica partner in the other data center.
Branch Offices
The branch offices do not have secure locations in which to install network equipment or servers.
The six physical servers in the Montreal branch office are described in the following table.
Data Centers
The data centers contain Hyper-V failover clusters, as described in the following table.
The data centers share a Hyper-V geocluster with 16 nodes. Each site has 8 nodes. Replicated SAN
storage and a file share witness for the geocluster are located in the Ottawa regional office.
Each data center contains direct-attached storage (DAS) and multiple storage area network (SAN)
systems. Some SAN storage is replicated across the data centers.
The company has a single DHCP server that is located in the Toronto data center. All network
switches and routers are configured with DHCP Relay to the Toronto DHCP server. The DHCP server
is a physical server with DAS.
Domain Background
The company network contains an Active Directory Domain Services (AD DS) domain. Each location
is represented by an Active Directory site. All domain controllers run Windows Server 2008. The
domain controllers are described in the following table.
The Root.local domain only contains a limited number of administrative accounts. All other user
accounts are located in the User.Root.local domain.
Security Background
The Ethernet switches and Wireless Access Points (WAPs) are protected with 802. lx port security
using Windows username and password Protected Extensible Authentication Protocol (PEAP). Client
computers are authenticated by using a Network Policy Server (NPS). A health check is performed
before client computers are allowed onto the corporate network.
Application Background
Applications are deployed to client computers and Remote Desktop servers by using Microsoft
Application Virtualization (App-V). Each data center and branch office has an App-V Streaming
Server.
Several applications utilize Windows Server Failover Clustering within the Hyper-V environment. All
failover cluster servers run Windows Server 2008 R2.
A Customer Relationship Management (CRM) application is installed on a 32-bit virtual machine
(VM) in the Toronto data center that is not compatible with Windows on Windows (WoW). Users will
be granted remote access to the CRM application.
Business requirements
The company is planning to migrate its existing Microsoft Exchange Server environment to Microsoft
Office 365 with rich co-existence.
The company is planning to deploy 500 new retail locations. The retail locations must use a new
Active Directory infrastructure. Each retail location will have access to a set of services. These
services will be accessible only from a new perimeter network in both the Toronto and Vancouver
data centers. Each retail location will have a private network connection to the perimeter network.
The retail location client computers will be hardware-based thin clients that run Windows 7
Enterprise. The retail locations will use only network printers managed by printer location policies.
A consulting company will provide on-site consultants in multiple regional offices, branch offices,
and retail locations. The consulting company will supply the consultants with tablet computers. The
consultants will require access to the Internet and to some server resources.
Technical Requirements
You have the following general requirements:
• Each office must have at least one domain controller.
• All current and future branch office domain controllers must replicate AD information only
with domain controllers located in the data centers.
• Client computers and servers must always obtain the same IP address in the event of a DHCP
service failure.
• Remote access to the CRM application must be enabled through a CustomerService.msi file
distributed to users.
• Applications must be streamed from a local Streaming Server if one is available.
You have the following security requirements:
• Ensure that users in the retail locations cannot see or access any corporate domain
information or other corporate services.
• Permit user accounts on each branch office and retail location server only for users who
work in that location.
• Enable single sign-on (SSO) using the existing Active Directory user accounts for all external
applications.
• Consultant computers must be issued exemption certificates from a dedicated Active
Directory Certificate Services (AD CS) server.
• Ensure that all non-corporate computers pass a Health Check before being allowed on the
network, other than consultant computers that have passed a manual system audit.
• Minimize the attack surface an all servers.
###EndCaseStudy###
You need to recommend the necessary component for the retail location client computers. What
should you recommend?
What should you recommend?
###BeginCaseStudy###
Case Study: 19
Consolidated Messenger
General Background
Consolidated Messenger is an international company with multiple regional offices, branch offices,
and data centers.
The company has an existing Microsoft Software Assurance for Volume Licensing subscription.
Infrastructure Background
The offices and data centers are described in the following table.
All offices and data centers are connected by a private routed network.
The environment includes a mix of physical servers and virtual machines (VMs).
All servers are backed up by using Microsoft System Center Data Protection Manager (DPM). The
DPM server in each data center has a replica partner in the other data center.
Branch Offices
The branch offices do not have secure locations in which to install network equipment or servers.
The six physical servers in the Montreal branch office are described in the following table.
Data Centers
The data centers contain Hyper-V failover clusters, as described in the following table.
The data centers share a Hyper-V geocluster with 16 nodes. Each site has 8 nodes. Replicated SAN
storage and a file share witness for the geocluster are located in the Ottawa regional office.
Each data center contains direct-attached storage (DAS) and multiple storage area network (SAN)
systems. Some SAN storage is replicated across the data centers.
The company has a single DHCP server that is located in the Toronto data center. All network
switches and routers are configured with DHCP Relay to the Toronto DHCP server. The DHCP server
is a physical server with DAS.
Domain Background
The company network contains an Active Directory Domain Services (AD DS) domain. Each location
is represented by an Active Directory site. All domain controllers run Windows Server 2008. The
domain controllers are described in the following table.
The Root.local domain only contains a limited number of administrative accounts. All other user
accounts are located in the User.Root.local domain.
Security Background
The Ethernet switches and Wireless Access Points (WAPs) are protected with 802. lx port security
using Windows username and password Protected Extensible Authentication Protocol (PEAP). Client
computers are authenticated by using a Network Policy Server (NPS). A health check is performed
before client computers are allowed onto the corporate network.
Application Background
Applications are deployed to client computers and Remote Desktop servers by using Microsoft
Application Virtualization (App-V). Each data center and branch office has an App-V Streaming
Server.
Several applications utilize Windows Server Failover Clustering within the Hyper-V environment. All
failover cluster servers run Windows Server 2008 R2.
A Customer Relationship Management (CRM) application is installed on a 32-bit virtual machine
(VM) in the Toronto data center that is not compatible with Windows on Windows (WoW). Users will
be granted remote access to the CRM application.
Business requirements
The company is planning to migrate its existing Microsoft Exchange Server environment to Microsoft
Office 365 with rich co-existence.
The company is planning to deploy 500 new retail locations. The retail locations must use a new
Active Directory infrastructure. Each retail location will have access to a set of services. These
services will be accessible only from a new perimeter network in both the Toronto and Vancouver
data centers. Each retail location will have a private network connection to the perimeter network.
The retail location client computers will be hardware-based thin clients that run Windows 7
Enterprise. The retail locations will use only network printers managed by printer location policies.
A consulting company will provide on-site consultants in multiple regional offices, branch offices,
and retail locations. The consulting company will supply the consultants with tablet computers. The
consultants will require access to the Internet and to some server resources.
Technical Requirements
You have the following general requirements:
• Each office must have at least one domain controller.
• All current and future branch office domain controllers must replicate AD information only
with domain controllers located in the data centers.
• Client computers and servers must always obtain the same IP address in the event of a DHCP
service failure.
• Remote access to the CRM application must be enabled through a CustomerService.msi file
distributed to users.
• Applications must be streamed from a local Streaming Server if one is available.
You have the following security requirements:
• Ensure that users in the retail locations cannot see or access any corporate domain
information or other corporate services.
• Permit user accounts on each branch office and retail location server only for users who
work in that location.
• Enable single sign-on (SSO) using the existing Active Directory user accounts for all external
applications.
• Consultant computers must be issued exemption certificates from a dedicated Active
Directory Certificate Services (AD CS) server.
• Ensure that all non-corporate computers pass a Health Check before being allowed on the
network, other than consultant computers that have passed a manual system audit.
• Minimize the attack surface an all servers.
###EndCaseStudy###
You need to plan the Active Directory infrastructure for the new retail locations.
What should you recommend? (Each correct answer presents part of the solution. Choose three.)
Which NAP enforcement method should you recommend?
###BeginCaseStudy###
Case Study: 20
Jazzy Records
COMPANY OVERVIEW
Jazzy Records has a main office and 10 branch offices.
PLANNED CHANGES
Jazzy Records plans to implement the following changes:
Assign IPv6 addresses to all client computers.
Deploy domain controllers in the branch offices.
Provide VPN access to all of the users in both forests.
Deploy Network Access Protection (NAP) in the jazzyrecords.com forest.
Ensure that only the users in the funkslam.com accounting department can access the resources in
jazzyrecords.com.
EXISTING ENVIRONMENT
The network contains a Microsoft Exchange Server 2010 organization.
Jazzy Records has many departments, including an accounting department.
Business Goals
New software and hardware solutions must be implemented by using the minimum amount of
administrative effort.
Existing Active Directory Environment
The network contains two Active Directory forests named jazzyrecords.com and funkslam.com. Each
forest contains one domain.
All of the domain controllers in jazzyrecords.com run Windows Server 2008 R2. All of the domain
controllers in funkslam.com run Windows Server 2003.
The forests and the domains are configured as shown in the following table.
Existing Network Infrastructure
Each office is on a separate IPv4 subnet.
All of the domain controllers are located in the main office. REQUIREMENTS
Technical Requirements
Jazzy Records must meet the following technical requirements:
• Ensure that client computers do not require certificates.
• Prevent certain users from printing confidential documents and forwarding the documents
by e-mail.
• Prevent administrator passwords from being replicated to the domain controllers in the
branch offices.
• Control remote access to client computers that use static IP addresses and dynamicallyassigned IP addresses.
• Quarantine the local client computers and the remote client computers that do not have the
latest Windows updates installed.
• Ensure that the users in tailspintoys.com can only access the shares in jazzyrecords.com to
which they have explicit permissions.
• Ensure that all of the users who run Microsoft Office Outlook can perform global address list
(GAL) lookups on a server in their local office.
###EndCaseStudy###
You need to recommend a NAP enforcement method forjazzyrecords.com that meets the company’s
security requirements. Which NAP enforcement method should you recommend?