who do i go about implementing a design based on this requirement WWTC Active Di

Question

who do i go about implementing a design based on this requirement WWTC Active Directory Design WWTC office at New York is largely autonomous and few IT personnel to take care of day-to-day IT support activities such as password resets troubleshoot virus problems. You are concerned about sensitive data store in this location. You want to deploy a highly developed OU structure to implement security policies uniformly through GPO automatically at all domains, OU, and workstations. At this location Windows Server 2016 is required providing the following AD features: • Use BitLocker encryption technology for devices (server and Work station) disc space and volume. • Enables a BitLocker system on a wired network to automatically unlock the system volume during boot (on capable Windows Server 2016 networks), reducing internal help desk call volumes for lost PINs. • Create group policies settings to enforce that either Used Disk Space Only or Full Encryption is used when BitLocker is enabled on a drive. • Enable BranchCache in Windows Server 2016 for substantial performance, manageability, scalability, and availability improvements • Implement Cache Encryption to store encrypted data by default. This allows you to ensure data security without using drive encryption technologies. • Implement Failover cluster services • Implement File classification infrastructure feature to provide automatic classification process. • IP Address Management (IPAM) is an entirely new feature in Windows Server 2016 that provides highly customizable administrative and monitoring capabilities for the IP address infrastructure on a corporate network. • Smart cards and their associated personal identification numbers (PINs) are an increasingly popular, reliable, and cost-effective form of two-factor authentication. With the right controls in place, a user must have the smart card and know the PIN to gain access to network resources. • Implement Windows Deployment Services to enables you to remotely deploy Windows operating systems. You can use it to set up new computers by using a network-based installation. Deliverables Deliverables • Create Active directory infrastructure to include recommended features • Create OU level for users and devices in their respective OU • Create Global, Universal, Local group.. Each global group will contain all users in the corresponding department. Membership in the universal group is restrictive and membership can be assigned on the basis of least privileged principle. (For design purpose, you can assume that WTC as a Single Forest with multiple domains). • Create appropriate GPO and GPO policies and determine where they will be applied.

Explanation / Answer

Foundation Information for World-Wide Trading Company

Overall Trading (WWTC) is a vast online representative firm in the Hong Kong. The exchanging organization has a staff of 9,000 who are scattered the world over. Because of forceful development in business, they need to set up a territorial office in New York City. They rented the whole floor of an expanding on Wall Street. You were contracted as the executive of the IT Department. The President of the organization requesting that you set up the best in class arrange by end of this current year. He shared with you the authoritative structure and a rundown of the staff. You enlisted an expert to test the organize framework and power prerequisite at WWTC office space.

The specialist announced that the system framework is strong and gigabit system can be set up on existing system wiring. Additionally, the current power supply will meet their present and future request. The President has repeated these business objectives. Business and Technical Goals Increase income from 10 billion to 40 billion out of three to four years Decrease the working expense from 30 to 15 percent in a few years by utilizing an computerized framework for purchasing and offering.

Give secure methods for client buy and installment over Internet.

Enable representative to connect their scratch pad PCs to the WWTC system and Internet administrations.

Give cutting edge VoIP and Data Network

Give speedier Network administrations

Give quick and secure remote administrations in the entryway and two huge meeting rooms

(100x60) On the premise of these business objectives, you arranged a RFP to request a proposition for outlining and executing a quick, dependable and secure system.

The reason for this Request for Proposal is to request from qualified merchants proposition for a secure and quick system to guarantee legitimate operation of the system.

To set up an outline for a cutting edge organize at the Wall Street area of World-Wide Exchanging.

Propose a Network plan that tackles the present security review issues (see security segments), to meet business and specialized objectives.

Give a measured, adaptable and arrange.

Give excess at building center layer and building dissemination layer and access layer and at workstation level to stay away from disappointment at a certain point. For Building Access layer give repetitive uplinks association with Building Distribution layer.

Select fitting Cisco switch display for each piece of your endeavor grounds show plan from the Cisco Products Link, and utilize the accompanying suppositions in your determination procedure. Choosing the Access layers switches:

a. Give one port to every gadget

b. Make arrangement for 100% development

Server cultivate switches Assume 6 NIC cards in every server and one NIC card utilizes one port of switch Dual processors and double power supply Propose an IP tending to upgrade that advances IP tending to and IP directing (counting the utilization of course rundown). Give movement arrangement to IPv6 convention in future.

Propose a High Level security intends to secure key applications and servers however encryption of all application is not worthy. Create security arrangement to quit sniffing and man-in-the-center

assault. Your security design must be founded on current industry principles. Multilayer security or protection inside and out.

Incorporate voice and information system to diminish cost. For dialing outside, the World-Wide Trading Organization proposes an arrangement for 100% availability with a base number of outside lines. For phone prerequisites, see the Organization Chart and Telephone Equipment Table.

Give total steering conventions hierarchal IP conspire.

Bring together all administrations and servers to make the system less demanding to oversee and more practical.

Give LAN speed least 100 MB and Internet speed least 54 MB.

Give remote system access to arrange clients and visitor clients in restricted range (Lobby and Gathering room). In meeting room and the hall, the client will get a base 54 Mbps of data transfer capacity. (You can expect that site study is done and no wellsprings of impedance or RF were found.)

Give arrangements to video gathering and multicast administrations.

Institutionalize on TCP/IP conventions for the system. Macs will be open just on visitor scratch pad however should utilize TCP/IP conventions or the Apple Talk Filling Protocol (AFP) running to finish everything of TCP.

Give additional limit at switches so approved clients can append their note pad PCs to the organize

Introduce DHCP programming to help scratch pad PCs The World-Wide Trading Company will utilize the accompanying applications: Microsoft Office 2014 Sending and accepting email Surfing the Web utilizing Netscape or Microsoft?s Internet Explorer applications to get to data, take part in visit rooms, and utilize other common Web administrations Getting to the library card-inventory Document Server application. Partner will utilize the accompanying Custom Applications Market Tracking Application. This application will give continuous status of stock also, security market to dealers and their customers. Stock and Bond Analytical Application. This application will give investigation of stock also, Bond to Brokers as it were.

On Line Trading. The Company wishes to prepare new customers in internet exchanging to pull in new client. The Company will join new customer to get spilling video and

guidelines 2. Expect any data (with legitimate avocation) which you believe is missing andbasic to the advancement of the outline.

WWTC Security:

In spite of the fact that WTC has solid security prerequisites at different areas (see organize graph beneath), you should move to an essentially more secure system than WTC right now has accessible.

At different spots, absence of solid confirmation, information privacy and partitions between inside secured server and open server are key ranges that need to enhance at this area.

Review consequences of different areas recognized the accompanying issues E-mail had been improperly utilized now and again to impart Business delicate data. Secret business data and open information were associated with the same physical organize. End clients frameworks had improperly housed classified information ought to have dwelled as it were on servers. What's more, a portion of the end-client frameworks were observed to be tablets, which had left the office in clear infringement of security arrangements.

Some intelligent control frameworks were found to depend on username and secret key blends as it were. Some delicate business data was observed to be transmitted in clear content between server and customer. With a specific end goal to address these review discoveries, you chose to solidify security approaches in these regions.

Web Connectivity

Web availability and some other unclassified system must be physically discrete

from the system

Grouped Network

The grouped system must be physically secure to keep any entrance to the arranged network?s information. Control ought to be set up to keep neighborhood clients from expelling information from the frameworks in any capacity. This incorporates removable media, AV recorders, pen and paper, and any type of printer.

All information transmitted on the ordered system must be cryptographically ensured all through the system. Every single grouped datum must be midway put away and secured in a physically separate zone from the unclassified system.

WAN Connectivity

Notwithstanding the cryptographic assurances of the information inside the arranged system, all information crossing wide-territory connections ought to experience another layer of cryptographic assurance

for example, IPSec/VPN/SSL.

Open Servers

Every single open server must arranged HTTPS associations and acknowledge all demands that are on legitimate IP locations and go through firewall. Server must solicit some character from the interfacing party.

Site-to-site VPN burrows

All gadgets must be commonly verified and cryptographic insurance ought to be

given.

PSTN dial-up

Dial-up customer must confirm with username and OTP

Customer Education

All customers should encounter incidental customer care getting ready program on mastermind risks moreover, awesome security sharpens.

Expectations

These are just suggestions on the general approach you may take for this venture. 1.

2.

3.

4.

5.

6. Decide the most imperative resources of the organization, which must be secured

Decide general security engineering for the organization

Build up a rundown of 12specific strategies that could be connected.

Compose particular subtle elements alongside the justification for every arrangement

Coordinate and review the last form of the Security Policy Document for submittal

Build up a High accessibility secure plan for this areas tending to above

contemplations and alleviating 4 essential systems assaults classes said underneath. The Four Primary Attack Categories: Reconnaissance assaults: An interloper endeavors to find and guide frameworks, administrations, and vulnerabilities. Access assaults: An interloper assaults systems and frameworks to recover information, or get entrance, or, on the other hand raise get to benefits Denial of Service assaults: An interloper assaults your system in a way that harms or adulterates your PC framework or denies you and others access to your systems, framework, or, on the other hand benefits. Worms, infections, and Trojan steeds: Malicious programming is embedded onto a host so as to harm a framework, degenerate a framework, recreate itself, or refuse any assistance or access to systems, framework or administrations.

The accompanying are the rules for security arrangements.

Security Policies: Policies characterizing satisfactory utilize Policies overseeing associations with remote system Polices sketching out the affectability level of the different sorts of data held inside an association Policies ensuring the protection of the network?s client and any client information Policies characterizing security baselines to be met by gadgets before interfacing them to the arrange. Makes a reason for legitimate activity if fundamental. The key parts of security approaches: Statement of expert and extension: Define the name of security specialist and territories cover under that announcement Identification and confirmation strategy Create Network get to arrangement: How the client will utilize the company?s information foundation

Remote access strategy

Episode dealing with strategy: This theme determines how the organization will make an occurrence reaction group and the technique to be utilized amid and after an occurrence WWTC Active Directory Design

WWTC office at New York is to a great extent self-ruling and few IT faculty to deal with day-today IT bolster exercises, for example, secret key resets investigate infection issues. You are worried about delicate information store in this area. You need to send an exceedingly created OU structure to execute security approaches consistently through GPO consequently at all spaces, OU, and workstations.

At this area Windows Server 2014 is required giving the accompanying AD includes: Use BitLocker encryption innovation for gadgets (server and Work station) plate space and volume.

Empowers a BitLocker framework on a wired system to naturally open the framework volume amid boot (on able Windows Server 2014 systems), decreasing interior enable work area to call volumes for lost PINs.

Make amass approaches settings to uphold that either Used Disk Space Only or Full Encryption is utilized when BitLocker is empowered on a drive.

Empower BranchCache in Windows Server 2014 for generous execution, reasonability, versatility, and accessibility enhancements Execute Cache Encryption to store scrambled information as a matter of course. This enables you to guarantee information security without utilizing drive encryption advancements.

Execute Failover bunch administrations

Execute File grouping foundation highlight to give programmed characterization process.

IP Address Management (IPAM) is a completely new element in Windows Server 2012 that gives very adjustable authoritative and checking capacities for the IP address framework on a corporate system.

Brilliant cards and their related individual distinguishing proof numbers (PINs) are an inexorably prominent, dependable, and financially savvy type of two-factor confirmation. With the correct controls in put, a client must have the savvy card and know the PIN to access arrange assets.

Execute Windows Deployment Services to empowers you to remotely convey Windows working frameworks. You can utilize it to set up new PCs by utilizing a system based establishment. Expectations

Expectations Create Active registry framework to incorporate prescribed elements Create OU level for clients and gadgets in their individual OU

Make Global, Universal, Local gathering.. Each worldwide gathering will contain all clients in the comparing office. Enrollment in the all inclusive gathering is prohibitive and enrollment can be alloted on the premise of slightest advantaged guideline. (For outline reason, you can expect that WTC as a Single Forest with numerous spaces). Make proper GPO and GPO approaches and figure out where they will be connected. Reference:

WWTC Organization Chart VP OPR, VP NW USA, VP SW USA, VP NE USA, VP SE USA, VP M USA

Table:- 1 Equipment Inventory

Subnet

Workplaces

VP OPR

VP OPR Office

President IT

President FIN

President HR

President IT?s Staff

President FIN?s Staff Telephone

2

2

2

2

2

2 Devices

1

1

1

1

1

1 Comment

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations CEO HR?s Staff 2 1 Work Stations VP NW USA, VP Office

Director 1

Director 2

Representative 1

Representative 2

Representative 3

Representative 4

Staff 2

2

2

2

2

2

2

2

2

2

2

2

2

2

2 Work Stations

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations VP SW USA VP SW Office

Director 1

Director 2

Representative 1

Representative 2

Representative 3

Representative 4

Staff 2

2

2

2

2

2

2

2

2

2

2

2

2

2

2 Work Stations

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations VP NE USA VP NE Office

Director 1

Director 2

Representative 1

Representative 2

Representative 3

Representative 4

Staff 2

2

2

2

2

2

2

2

2

2

2

2

2

2

2 Work Stations

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations VP SE USA VP SE Office

Administrator 1

Administrator 2

Specialist 1

Specialist 2

Specialist 3

Specialist 4

Staff 2

2

2

2

2

2

2

2

2

2

2

2

2

2

2 Work Stations

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations

Work Stations VP M USA VP M Offices

Administrator 1

Administrator 2

Specialist 1

Specialist 2

2

2

2

2

2

2

2

2 Work Stations

Work Stations

Work Stations

Work Stations

Work Stations Broker 3

Specialist 4

Staff 2

2

2

2

2 Work Stations

Work Stations

Work Stations Printer 20 Server 40 At different workplaces.

Correct area to be

decided.

These does not

incorporate DNS,

DHCP, Domain

Controller. Need to be controlled by planner Note: WWTC is opening an office just at New York area. If it's not too much trouble try not to befuddle Office holder?s title (VP NW USA) with the area.

WLC and AP requesting Guide

Table 4. Requesting Information for Cisco Wireless LAN Controllers Product Features Customer

Prerequisites Part Number ? For moderate size to

expansive

organizations ? AIR-WLC440212-K9

? AIR-WLC4402-Wireless LAN Controllers

Cisco 4400

Arrangement

Remote LAN ? Measured help of 12, 25,

50, or 100 Cisco Aironet

get to focuses Controller ? The Cisco 4402 with 2

Gigabit Ethernet ports

bolsters designs for

12, 25, and 50 get to focuses

? The Cisco 4404 with 4

Gigabit Ethernet ports bolsters designs for 100 access focuses

? IEEE 802.1D Spanning

Tree Protocol for higher accessibility

? IPSec encryption

? Modern review resistance to electromagnetic impedances (EMI) ? High

accessibility 25-K9

? AIR-WLC440250-K9

? AIR-WLC4404100-K9

See the Cisco

Remote LAN

Controllers Data

Sheet for additional

data. Cisco 2100

Arrangement

Remote LAN

Controller ? Backings up to 6, 12 or 25

Cisco Aironet get to focuses

? Eight Ethernet ports, two of

which can give control

specifically to Cisco APs

? Work area mountable ? For retail,venture

branch workplaces,or, on the other hand SMB

arrangements ? AIR-WLC2106K9

? AIR-WLC2112K9

? AIR-WLC2125K9

See the Cisco

2106 Wireless

LAN Controller

Information Sheet for more data. Cisco

Impetus? 6500

Arrangement/7600

Arrangement

Remote

Administrations

Module

(WiSM) ? Remote LAN Controller for Cisco Catalyst 6500 or Cisco 7600 Series Router

? Backings 300 Cisco Aironet

get to focuses

? IPSec encryption

? Modern review resistance

to electromagnetic

impedances (EMI)

? Intrachassis and

interchassis failover

? Interoperable with Cisco

Impetus 6500 Series

Firewall and IDS administrations

modules ? Inserted

framework for the

Cisco Catalyst

6500 Series and

Cisco 7600

Arrangement Router

framework

? For huge scale

arrangements

? High accessibility ? WS-SVC-WISM1-K9

? WS-SVC-WISM1-K9= (save)

See the Cisco

Impetus Wireless

Administrations Module Information Sheet for more data. Cisco Catalyst

3750G

Coordinated

WLAN

Controller ? Cisco Catalyst 3750G

Arrangement Switch with remote

LAN controller capacities? Measured help of 25 or

50 Cisco Aironet get to

focuses per change (and up to

200 access focuses per stack*)

? IPSec encryption

? Mechanical review resistance

to electromagnetic ? For average size to expansive organizations? High

accessibility ? WS-C3750G24WS-S25

? WS-C3750G24WS-S50

See the Cisco

Impetus 3750G

Coordinated

Remote LAN

Controller Data

Sheet for more impedances (EMI)

Cisco Wireless

LAN

Controller

Module for

Cisco

Coordinated

Administrations Switches data. ? Remote LAN controller

coordinated into Cisco coordinated administrations switches

? Backings 6, 8, 12, or 25

Cisco Aironet get to focuses ? Implanted

framework for Cisco

2800/3800

Arrangement and Cisco

3700 Series

switches

? For retail,

little to medium-sized arrangements or

branch workplaces ? NME-AIRWLC6-K9

? NME-AIRWLC6-K9= (save)

? NME-AIRWLC8-K9

? NME-AIRWLC8-K9= (save)

? NME-AIRWLC12-K9

? NME-AIRWLC12-K9=

(save)

? NME-AIRWLC25-K9

? NME-AIRWLC25-K9=

(save)

See the Cisco

WLAN Controller

Modules Data

Sheet for additional information.

If it's not too much trouble allude to the Cisco Wireless LAN Controller Ordering Guide supplement to realize when to include the accompanying SKUs to track the arrangement of voice and setting mindful versatility applications. Table 2. Cisco Aironet Indoor Rugged, Indoor, Wireless Mesh, and Outdoor Rugged Access Points Item Features Customer

Necessities Part Number ? Intended for both office

also, difficult RF situations

? Particularly useful for

situations with the

following attributes:

? Testing RF

situations (forcase, producing plants, stockrooms,clinical situations)

? Data transfer capacity concentrated

applications (for instance,

advanced imaging, record

exchanges, organize Access point

stage with preinstalled radio

modules:

? AIR-AP1252AGx-K9: 802.11a/g/ndraft 2.0 2.4/5-GHz

Particular

Independent Access

Point; 6 RP-TNC

? AIR-AP1252G-xK9: 802.11g/n-draft

2.0 2.4-GHz

Measured

Self-sufficient Access Indoor Rugged Access Points

Cisco

Aironet

1250

Arrangement ? Industry's first

business-class get to

point in view of the IEEE

802.11n draft 2.0

standard

? Gives dependable and

unsurprising WLAN

scope to enhance the

end-client encounter for

both existing

802.11a/b/g customers and

new 802.11n customers

? Offers consolidated information

rates of up to 600 Mbps

to meet the most thorough data transfer capacity

necessities Cisco

Aironet

1240AG

Arrangement reinforcement)

? Ongoing, latencysensitive applications

for example, voice and video

? Need to help existing

802.11a/b/g and new

802.11n remote customers Point; 3 RP-TNC

? AIRLAP1252AG-x-K9:

802.11a/g/n-draft

2.0 2.4/5-GHz

Measured Unified

Access Point; 6 RPTNC

? AIR-LAP1252Gx-K9: 802.11g/ndraft 2.0 2.4-GHz

Measured Unified

Access Point; 3 RPTNC

See the Cisco

Aironet 1250

Arrangement Ordering

Guide for additional

data. ? Second-era

802.11a/g double band

indoor rough access point

? 2.4-GHz and 5-GHz

recieving wire connectors for

more prominent range or

scope flexibility and

more adaptable establishment

alternatives utilizing the wide

choice of Cisco

radio wires accessible ? Perfect for testing

indoor RF situations

? Suggested for

workplaces and comparable

situations

? Perfect for arrangements

above suspended roofs

? Suggested for

outside when sent in a weatherproof

NEMA-evaluated walled in area ? AIR-AP1242AGx-K9: 802.11a/g

Nonmodular Cisco

IOS SoftwareBased Access Point;

RP-TNC

? AIRLAP1242AG-x-K9:

802.11a/g

Nonmodular

LWAPP Access

Point; RP-TNC

See the Cisco

Aironet 1240AG

Arrangement 802.11a/b/g

Information Sheet for

more data. Perfect for workplaces and

comparable situations ? AIR-AP1131AG*X-K9

See the Cisco

Aironet 1130AG

Arrangement Ordering

Guide for additional data. ? Perfect for outside ? AIR-Indoor Access Points

Cisco

Aironet

1130AG

Arrangement Low-profile,endeavor class

802.11a/g get to point with coordinated reception apparatuses for simple

organization in workplaces

furthermore, comparative RF

conditions Wireless Mesh Access Points

Cisco ? Cutting edge Aironet

1520

Arrangement open air remote work get to point? Coordinated double band

802.11 a/b/g radios,

Ethernet, fiber and link

modem interface

? Gives simple and

adaptable arrangements for

outside remote

organize

? Accessible in a

lightweight form just ? Suggested for

mechanical organizations also, nearby government,open wellbeing, and travel

offices LAP1522AG-X*K9:

See the Cisco

Aironet 1520

Arrangement Lightweight

Outside Mesh

Access Point

Requesting Guide

for additional

data. Cisco

Aironet

1500

Arrangement ? Work get to point that

empowers practical,

adaptable arrangement of

secure outside remote

LANs for metropolitan

systems or undertaking grounds? Accessible in a lightweight form just ? Perfect for outside? Suggested for giving remote administrations and applications to nearby government,

open wellbeing, and travel

offices ? AIRLAP1510AG-*XK9:

? Cisco Aironet

1510AG

Lightweight

Outside Mesh

Access Point, FCC

arrangement

See the Cisco

Aironet 1500

Arrangement Ordering

Guide for additional

data. ? AIR-BR1410A*X-K9: With incorporated recieving wire? AIR-BR1410A-AK9-N: With N-Type

connector for utilize with outside recieving wires

See the Cisco

Aironet 1400

Arrangement Bridge Data

Sheet for additional

data. Outside Rugged Access Points

Cisco

Aironet

1400

Arrangement ? Rapid, highperformance outside spanning answer for iewable pathway applications? Offers reasonable contrasting option to rented line administrations? Accessible in aindependent form just ? Fast building-tobuilding or groundsavailability? Offer LAN/Internet

access between two ormore locales

? Quick establishment Cisco

Aironet

1300

Arrangement Outdoor access point/connect offers fast and costeffective remote availability between different settled orversatile systems andcustomers Ideal for open air ranges, ? AIR-BR1310G-XK9: With coordinated

arrange associations

reception apparatus

inside a grounds range,

brief systems for ? AIR-BR1310G-XK9-R: With RPportable or military

TNC connector for

operations, or open air

foundation for versatile use with outer

recieving wires

systems

? AIR-BR1310G-A-K9-T: For

transportation

applications

See the Cisco

Aironet 1300

Arrangement Ordering

Guide for additional

data.

*X = administrative space

(Source: Curtsy Cisco Web webpagehttp://cisco.com/en/US/push/insurance/remote/ps5679/ps6548/prod_brochure0900aecd80565e00_ps2706_Products_Brochure.html) WLC and AP Placement Templates

Recommended Placement Table Wireless Network

Building

Access Point

Remote LAN

Necessities

Controller

Necessities

Building

Entryway

Cafeteria

Meeting

room Suggested Product Table (WLC)

WLC

Cisco Part Number

Cisco 2100 Series

Remote LAN

Controller AIR-WLC2106-K9 Suggested Product Table (AP)

AP

Cisco Part Number

Cisco Aironet 1250

Arrangement AIR-AP1252AG-x-K9:

802.11a/g/n-draft 2.0

2.4/5-GHz Modular

Self-ruling Access

Point; 6 RP-TNC Total AP Total WLC Quantity

2 Cost Quantity

20 Cost

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.