###BeginCaseStudy###
Case Study: 19
Consolidated Messenger
General Background
Consolidated Messenger is an international company with multiple regional offices, branch offices,
and data centers.
The company has an existing Microsoft Software Assurance for Volume Licensing subscription.
Infrastructure Background
The offices and data centers are described in the following table.
All offices and data centers are connected by a private routed network.
The environment includes a mix of physical servers and virtual machines (VMs).
All servers are backed up by using Microsoft System Center Data Protection Manager (DPM). The
DPM server in each data center has a replica partner in the other data center.
Branch Offices
The branch offices do not have secure locations in which to install network equipment or servers.
The six physical servers in the Montreal branch office are described in the following table.
Data Centers
The data centers contain Hyper-V failover clusters, as described in the following table.
The data centers share a Hyper-V geocluster with 16 nodes. Each site has 8 nodes. Replicated SAN
storage and a file share witness for the geocluster are located in the Ottawa regional office.
Each data center contains direct-attached storage (DAS) and multiple storage area network (SAN)
systems. Some SAN storage is replicated across the data centers.
The company has a single DHCP server that is located in the Toronto data center. All network
switches and routers are configured with DHCP Relay to the Toronto DHCP server. The DHCP server
is a physical server with DAS.
Domain Background
The company network contains an Active Directory Domain Services (AD DS) domain. Each location
is represented by an Active Directory site. All domain controllers run Windows Server 2008. The
domain controllers are described in the following table.
The Root.local domain only contains a limited number of administrative accounts. All other user
accounts are located in the User.Root.local domain.
Security Background
The Ethernet switches and Wireless Access Points (WAPs) are protected with 802. lx port security
using Windows username and password Protected Extensible Authentication Protocol (PEAP). Client
computers are authenticated by using a Network Policy Server (NPS). A health check is performed
before client computers are allowed onto the corporate network.
Application Background
Applications are deployed to client computers and Remote Desktop servers by using Microsoft
Application Virtualization (App-V). Each data center and branch office has an App-V Streaming
Server.
Several applications utilize Windows Server Failover Clustering within the Hyper-V environment. All
failover cluster servers run Windows Server 2008 R2.
A Customer Relationship Management (CRM) application is installed on a 32-bit virtual machine
(VM) in the Toronto data center that is not compatible with Windows on Windows (WoW). Users will
be granted remote access to the CRM application.
Business requirements
The company is planning to migrate its existing Microsoft Exchange Server environment to Microsoft
Office 365 with rich co-existence.
The company is planning to deploy 500 new retail locations. The retail locations must use a new
Active Directory infrastructure. Each retail location will have access to a set of services. These
services will be accessible only from a new perimeter network in both the Toronto and Vancouver
data centers. Each retail location will have a private network connection to the perimeter network.
The retail location client computers will be hardware-based thin clients that run Windows 7
Enterprise. The retail locations will use only network printers managed by printer location policies.
A consulting company will provide on-site consultants in multiple regional offices, branch offices,
and retail locations. The consulting company will supply the consultants with tablet computers. The
consultants will require access to the Internet and to some server resources.
Technical Requirements
You have the following general requirements:
• Each office must have at least one domain controller.
• All current and future branch office domain controllers must replicate AD information only
with domain controllers located in the data centers.
• Client computers and servers must always obtain the same IP address in the event of a DHCP
service failure.
• Remote access to the CRM application must be enabled through a CustomerService.msi file
distributed to users.
• Applications must be streamed from a local Streaming Server if one is available.
You have the following security requirements:
• Ensure that users in the retail locations cannot see or access any corporate domain
information or other corporate services.
• Permit user accounts on each branch office and retail location server only for users who
work in that location.
• Enable single sign-on (SSO) using the existing Active Directory user accounts for all external
applications.
• Consultant computers must be issued exemption certificates from a dedicated Active
Directory Certificate Services (AD CS) server.
• Ensure that all non-corporate computers pass a Health Check before being allowed on the
network, other than consultant computers that have passed a manual system audit.
• Minimize the attack surface an all servers.
###EndCaseStudy###
You need to recommend the necessary component for the retail location client computers. What
should you recommend?
A.
Microsoft Desktop Optimization Pack (MDOP)
B.
Windows Thin PC
C.
Windows Virtual Desktop Access (Windows VDA)
D.
Windows Virtual Enterprise Centralized Desktop (Windows VECD)
E.
Windows XP Mode