Internship Project Course TitleIT Network Security courseProject TitleProvide data protection in small and midsizebusinessesPages12Version1.2VDate13 October 2020 ContentsI. INTRODUCTION ……………………………………………………………………………………………………………………. 3II. OBJECTIVES …………………………………………………………………………………………………………………………. 3III. MATERIALS REQUIRED ………………………………………………………………………………………………………….. 3IV. WHAT TO SUBMIT …………………………………………………………………………………………………………….. 3V. Scenario ………………………………………………………………………………………………………………………………. 41. Scenario, problem statement, and goals ……………………………………………………………………………… 42. Scenario …………………………………………………………………………………………………………………………… 43. Problem statement …………………………………………………………………………………………………………… 54. Organizational goals ………………………………………………………………………………………………………….. 55. What is the recommended design for this solution? ……………………………………………………………… 56. Tasks: ………………………………………………………………………………………………………………………………. 77. Why are we recommending this design? ……………………………………………………………………………… 88. Windows Server Essentials Dashboard ………………………………………………………………………………… 89. Storage Spaces …………………………………………………………………………………………………………………. 910. Server Folders ………………………………………………………………………………………………………………. 911. Users and groups management ………………………………………………………………………………………. 912. Device management ……………………………………………………………………………………………………. 1013. Group Policy settings in Windows Server Essentials ………………………………………………………… 1014. Windows Server Backup ………………………………………………………………………………………………. 1115. Client computer backups ……………………………………………………………………………………………… 1116. File History backups …………………………………………………………………………………………………….. 1117. What are the steps to implement this solution? ……………………………………………………………… 12I. INTRODUCTIONThe project will involve installing and configuring one Active Directory forest domainsand. You will implement your setup using two Windows Server 2012 virtual machines.This project describes how you can protect your small to midsize business against data loss (suchas through hardware theft or a natural disaster) and unauthorized access, so that you can savetime and money.The project describes a tested, prescriptive design and implementation solution that can help youprotect your business data by backing it up on-premises and in the cloud, by centralizing datastorage, and by restricting data access permissions.II. OBJECTIVESThe objectives of this project are to: Implement a two Forest Active Directory domain structure Configure DNS Server to provide communication between the two forest domains. Create Active Directory Sites Trust and Manage replication Create Active Directory Organizational Units, Users, and Groups Implement Group Policy ObjectsIII. MATERIALS REQUIREDTo complete this project, you require: Two virtual machines running Windows 2012 R2 Server Windows Server 2012 R2 softwareIV. WHAT TO SUBMITYour project must contain: Your project report document which should includeo An introductiono Project spec with snapshots of every step and the solutions you have chosen andyour servers specifications and configurationso A conclusion as to what have you learn from the entire courseSpecial noteApplies To: Windows Server 2012 Essentials, Windows Server 2012 R2, Windows Server 2012R2 Essentials, Windows Storage Server 2012 R2 EssentialsV. ScenarioThe following diagram illustrates the problem and scenario that this solution guide addresses.Problems associated with data storage, access, and protection1. Scenario, problem statement, and goalsThis section describes the scenario, problem, and goals for an example organization.2. ScenarioThe organization is a small to midsize business with up to 100 users and 200 devices, and it islooking for a way to secure its company data. Currently, each user is saving data on their localcomputers, and data is shared through print copies and emails or by creating local sharedresources.Data backups are created inconsistently, depending on a user’s individual backup schedules.Some users are working on laptop devices, and as a result, critical data is leaving officepremises. When a computer’s hardware fails, a lot of the company’s critical data is lostpermanently due to lack of backups, and tremendous time is spent re-creating a new desktop withall its files and line-of-business applications installed.3. Problem statementThe organization wants to address the following problems: Files with business-critical data are being exposed to unintended users.Expanding storage capacity on existing computers in the network involves largeadministrative and cost overheads.Network users are saving company’s data on multiple devices (for example, on aPC when at work, and on their laptop when remote). This is leading to multiple fileversions that are hard to track and locate.Not all users are backing up their computers and data consistently. As a result, if acomputer crashes, sometime there is no backup from which to restore the computerand data.The company’s backup data is at risk because it resides in a single location. 4. Organizational goalsYour organization is looking for a solution that allows it to: Store the company’s data on-premises in a single centralized location so that all itsnetwork users can easily access it and so your administrator can more easily applyaccess restrictions on the data.Easily expand the storage capacity of the server as the organization grows in size.Restrict permissions to shared folders so that only select users can access the data.Define a backup schedule so that backups happen automatically instead ofmanually.Completely restore servers and client computers from backups in the event ofhardware failure.Create backups on-site and online to provide an additional layer of data protection. 5. What is the recommended design for this solution?The following diagram illustrates how to store, protect, and securely access data from a serverrunning Windows Server 2012 R2 Essentials or the Standard and Datacenter editions ofWindows Server 2012 R2 with the Windows Server Essentials Experience role installed (referredto as Windows Server Essentials Experience in the remainder of the document).Solution design for protecting, centralizing, and providing secure access to dataWindows Server 2012 R2 Essentials (appropriate for use for up to 25 users and 50 devices) orWindows Server Essentials Experience (appropriate for use for up to 100 users and 200 devices)provide a solution for small to midsize business partners and owners to protect their data bycentralizing data storage, restricting access to data, and backing up data on-premises and in thecloud.The following table lists the technologies that are included in Windows Server 2012 R2Essentials and Windows Server Essentials Experience that are part of this solution design anddescribes the reason for the design choice.6. Tasks:Reproduce this solution with all the technical configurations required. You can use any IPaddressing and name you want.a. Create a storage space on the server.T A B L E 1 Solution designelementWhy is it included in this solution?Windows ServerEssentialsDashboardUse the Dashboard to perform all administrative tasks in your network, such as creating useraccounts, granting access permissions, setting up server and client backups, creating storage spacesand server folders, and integrating with Microsoft Azure Backup.Storage SpacesUse Storage Spaces for storing your company’s data. With Storage Spaces, you can expandstorage as your organization grows, ensure that you are providing high availability for your data,and provide a cost-effective solution. You do not need to spend money on hardware upfront, andyou can scale up based on your business needs.Server FoldersStore and share your organization’s files and folders in server folders that you create on yourserver rather than sharing them from individual user’s PCs. This enables you to consolidate yourdata in one central location that all network users can access. When you store your data in serverfolders, you can protect it against total server failure by using Windows Server Backup and AzureBackup.User managementCreate user accounts and user groups to control access to your company’s data and devices. Whenyou create a user group, you can provide the same access level to network resources for allmembers.DevicemanagementJoin your client computers to the network so that you can easily manage all the client computers inthe network through the Windows Server Essentials Dashboard.Group PolicysettingsProtect client computers from network attacks and keep the software and operating system on yourcomputers up-to-date by implementing Windows Server Essentials Group Policy settings. Formore informationWindows ServerBackupUse Windows Server Backup to back up the files and folders that are stored on your server. Fromthe backup files, you can restore files and folders on your server or perform a full system restore ofyour server.Client ComputerBackupUse Client Computer Backup to back up all the clients in your network. The data that is located onthe clients is backed up on a server that is running Windows Server 2012 R2 Essentials orWindows Server Essentials Experience. From the backup files, you can restore files and folders onthe clients, or perform a full system restore of a client in the network.File HistoryFile History provides a supplemental mechanism for client computer backups. File Historybackups are stored in the File History folder, which is located on a server that is running WindowsServer 2012 R2 Essentials or Windows Server Essentials Experience. From the File Historybackups, network users can restore versions of files from a specific point-in-time. In addition,network users can restore the files without asking for help from the administrator. b. Create server folders for various departments or data types as needed.c. Create user groups and user accounts.d. Assign user access permissions for the server folders.e. Connect all the client computers in the network to the server.f. Implement Group Policy settings.g. Set up Windows Server Backup.h. Set up the client computer backup.i. Set up File History backup settings.j. Set up your server for online backup with Azure Backup (Not required tocomplete for this internship).After you complete Steps 1 through 10, all your organization’s goals as listed in this documentare met as follows: Your organization’s data is now stored in a central location on a server runningWindows Server 2012 R2 Essentials or Windows Server Essentials Experience sothat all network users can easily access it.You have created a storage space to use as your destination for creating serverfolders, which allows you to easily expand the storage capacity of your server.You have set access permissions for user accounts in your network, so onlyselected users can access server folders and the data in them as needed.You have defined a schedule for creating backups by using Windows ServerBackup, which solves the problem of inconsistent manual backups.In the event of hardware failure, you can restore a client computer or server from itsbackup.If the on-site backups are unavailable, you can restore your files and folders from your online backups stored in Azure. (Not required to complete for thisinternship).7. Why are we recommending this design?This section explains the details of the design considerations and the decisions that were madethat led to the final solution design. It also provides the recommended configuration or usage ofeach feature that is used this solution.8. Windows Server Essentials DashboardThe Windows Server Essentials Dashboard in Windows Server 2012 R2 Essentials and WindowsServer Essentials Experience helps you quickly access key information and the managementfeatures of your server instead of using multiple native Windows Server Administration tools. Byusing the Dashboard, you can create and manage user accounts, manage devices and backups,and manage access and settings for server folders.Recommendation: Use the Windows Server Essentials Dashboard to perform a majority ofadministrative tasks in your network. You can run tasks and wizards from the Dashboard tooptimally configure the features that are included in your server.9. Storage SpacesOptions for providing high availability and resilient storage for your company’s data includeusing the built-in RAID controller that comes with common server hardware. This storage optionwill provide the storage availability and resiliency you need, but it can be relatively complex andcostly.In contrast, you can use the Storage Spaces feature to create low-cost, resilient, and dynamicallyexpandable data volumes to store your business data, rather than storing it on standard harddrives. Storage Spaces are virtual hard disk drives (VHDs) that appear on the Hard Drives tab ofthe Dashboard. Storage Spaces helps you save files to two or more drives so that your filesremain safe even when a drive fails. With Storage Spaces, you can virtualize your server’sstorage by grouping industry standard hard drives into storage pools, and then create VHDs(called storage spaces) from the available capacity in the storage pools. You can use thesestorage spaces to store your company’s data in one central location instead of all users savingdata on their PCs.Recommendation: For small businesses with fewer than 10 users, use at least three SAS orSATA drives—one drive to be used to back up the operating system, and the other two to beused for storage spaces. We recommend that you create a storage space by using at least twodrives with mirrored resiliency.For small businesses with more than 10 users, or midsize businesses with up to 100 users,configure at least three SAS drives with Storage Spaces—one drive to be used to back up theoperating system, and the other two to be used for storage spaces. We also recommend providinga server chassis that supports adding more drives for expansion.10. Server FoldersBy using server folders, you can store files that are located on client computers to a centrallocation instead of users storing files on their PCs.Storing files in server folders ensures that your files are easy to back up and easy to access. Theyare located in a place that is always accessible from every client. Files are secure becauseaccessing them requires using authenticated network credentials.Recommendation: Create server folders on a Storage Space drive and create separate serverfolders for departments or projects. For example, if you have an accounting department, you cancreate a folder called “Accounting.” Creating the server folder on a Storage Space driveincreases data availability (due to mirroring). We also recommend that you set a quota for yourserver folders so that you are alerted when a server folder is about to reach its capacity. Whenyou are alerted, you can delete files in the server folder to increase available space for storage, oryou can add more space to the server folder and adjust its quota settings.11. Users and groups managementUser and user group accounts help you specify permissions that allow users to access yourcompany data. This protects your company data from unintended user access. You can easilymanage access to your network resources by creating user accounts for all your network usersfrom the Users tab of the Windows Server Essentials Dashboard.In addition, you can create user group accounts, and make the user accounts as its members. Allmembers of a user group account share the same security access level to server resources. Groupmembership simplifies resource management because you can specify permissions for a group ofusers on one UI page. This is in contrast to opening property pages for each user in the networkto assign relevant folder permissions.Recommendation: Create user accounts that include members of various user groups, based onthe departments that exist in your company or the various projects that people work on withinyour company. When you create a user group, you can assign a set of permissions to the groupthat will be applicable to all its members. For example, if you have group of users who areworking in Department A, you can create a user group account called “Department A UserGroup,” and then add the relevant user accounts to this group. Next, you can assign permissionsfor the “Department A User Group” to access the server folder named “Accounting.”12. Device managementTo enable users to access server folders from computers in the network, you must connect theusers’ computers to the server. Connecting computers to the server provides the followingadvantages: Enables network users to securely access data that is stored on the server by usingtheir user accounts.Enables you to manage client computers from the Dashboard.Protects client computers in the network by using Group Policy.Backs up data on client computers regularly.Monitors the health of the client computers. Recommendation: Connect all the computers (local or remote) that you want to administer tothe server so that you can manage them from the Devices tab of the Windows Server EssentialsDashboard instead of using the native server tool, Active Directory Users and Computers.13. Group Policy settings in Windows Server EssentialsUsing the Implement Group Policy Wizard in Windows Server 2012 R2 Essentials or WindowsServer Essentials Experience keeps your data centralized by turning on Folder Redirection. Inaddition, it helps keep your network secure by enforcing that Windows Update, WindowsDefender, and the Windows Firewall remain turned on for all the client computers in thenetwork. This eliminates relying on end users to turn on these settings on their PCs.Recommendation: We recommend that you do not turn off the Group Policy settings inWindows Server Essentials.14. Windows Server BackupYou can use Windows Server Backup to back up all volumes on your server, selected volumes,the system state, or specific files or folders. You can also create a backup that you can use forbare metal recovery. Instead of using native server tools, you can easily create and administeryour backups from the Devices tab on the Windows Server Essentials Dashboard. For moreinformation, see Manage server backup in Windows Server Essentials.NoteOnly servers running Windows Server 2012 R2 Essentials or Windows Server EssentialsExperience are automatically backed up. Other servers running the Window Server operatingsystem can also be joined to these servers. They will be displayed on and can be monitored fromthe Dashboard, but automatic and centralized backups for these servers are not supported.Recommendation: Use removable storage devices for your backups. For cost effectiveness andhigh-performance, we recommend using a USB 3.0 device rather than an IEEE 1394 interface(also known as FireWire). You should use at least two removable storage devices, and ensurethat they have a large enough capacity to store the server backups. Using multiple removablestorage devices also provides a backup rotation.15. Client computer backupsBy default, all computers that are connected to a server running Windows Server 2012 R2Essentials or Windows Server Essentials Experience will have their entire system and databacked up instead of relying on end users to back up their computers, or using non-Microsoftbackup tools. These computer backups are stored in the Client Computer Backups server folderon a server that is running Windows Server 2012 R2 Essentials or Windows Server EssentialsExperience. This feature enables the recovery of individual files and folders, and a bare metalrecovery of an entire client computer to a previous state. However, only the domainadministrator can recover the data, and this feature does not scale beyond 75 client computers.For more information, see Manage client computer backup in Windows Server Essentials.Recommendation: To conserve resources, you should only back up critical client computers andthe most important data as your organization grows.16. File History backupsFile History is a supplemental mechanism to use for client computer backups. The File Historybackups are stored in the File History server folder, which is located on a server that is runningWindows Server 2012 R2 Essentials or Windows Server Essentials Experience. From the FileHistory backups, network users can restore versions of files from a specific point-in-time. Inaddition, network users can restore the files without asking for help from the administrator.Recommendation: By default, all users with connected clients running Windows 8.1 orWindows 8 will have their profile data backed up to the server running Windows ServerEssentials. We recommend that you change the settings for File History backups (such as backupretention) per your company’s needs. For example, if your users save large data files on theircomputers, you may want to reduce the frequency of File History backups and the backupretention time.17. What are the steps to implement this solution?You can follow the steps in this section to implement this solution. Make sure to verify thecorrect deployment of each step before proceeding to the next step.NoteThe following steps make the assumption that there is already a server in the network that isrunning Windows Server 2012 R2 Essentials or Windows Server Essentials Experience. Forinformation about installing Windows Server 2012 R2 Essentials or the Windows ServerEssentials Experience role, see Install and Configure Windows Server 2012 R2 Essentials.
- Assignment status: Already Solved By Our Experts
- (USA, AUS, UK & CA PhD. Writers)
- CLICK HERE TO GET A PROFESSIONAL WRITER TO WORK ON THIS PAPER AND OTHER SIMILAR PAPERS, GET A NON PLAGIARIZED PAPER FROM OUR EXPERTS
