Windows Server 项目作业

项目背景Introduction

SpaceSys is a compagny which produce tools for astronomy like
telescop and refracting telescope.

All your collaborator lose their PC during the fire, and they agree to
work with their personal computer in anticipation of arrival of new
laptop ( which will arrive in 1 or 2 month )

You and your IT Team, decide to setup a VDI ( Virtual Desktop
Infrastructure
https://www.lebigdata.fr/vdi-virtual-desktop-infrastructure (链接到外部网站。)
) to permit to your collaborators to work with their personal
computer; However, collaborator won’t make their computer joined to
the Active Directory and wont install some software or respect
company privacy.

This Infrastructure have to be Highly Available because you will not
have the possibilities to lose more money …

任务

配置一个VDI setup a VDI ( Virtual Desktop Infrastructure

Require

• 使用个人电脑permit to your collaborators to work with their personal
  computer;
• 个人电脑不加入Active Directory，只下载部分软件However, collaborator won’t make their computer joined to the Active Directory and wont install some software or respect company privacy.
• This Infrastructure have to be Highly Available because you will
  not have the possibilities to lose more money …

网络核心组件 Network Core Component

You must prepare your network to permit you to have a dynamic
network configuartion.

You shouldn’t use automatic network configuration for Servers ( this
can save you from many network issues 😉 )

You must provide a Windows Server CORE able to manage routing between
your LAN and your WAN.

得分点：DHCP 和 routing work
要求：

1. 允许使用动态网络DNC（？？？）
2. 服务器不能使用自动网络（automatic network）
3. 管理路由的 Windows Server CORE

Virtual Desktop Infrastrure

To permit high availability of client’s machine, you will setup a Hyper-V Cluster with at least 2 nodes. And your cluster should be able to host many Virtual Machines running on Windows 10 Professional edition ( then, your Hyper-V nodes will need a litlle bit memory 😉 )

2MSCA - Subject - HYPER - V.png

You have a representation of your objective above.

Active Directory

To permit user/right/group centralisation, you decide to setup a Active Directory, your domain must be: spacesys.lan.

User management

HR departement retrieve a list of employee and their associated group in a CSV file, develop a script to permit automatic creation of OU, Group, User and their password.

Each line of the CSV file contain in this order: 2MSCA - Subject - Data.csv

1. OU
2. Group
3. User
4. Password

After imported your CSV in your ADDS, your forest should look like:

2MSCA - Subject - ADDS.png

Here is a list of group which will be used later in the subject.

Group Name
IT_Developper
IT_SysAdmin
HR_Consultat
HR_HeadHunter

Group Policy

Each computer must have theses softwares installed:

• Microsoft Edge Insider (https://www.microsoft.com/en-us/edge/business/download (链接到外部网站。) )to permit automatic logon on Active-Directory based authentication ( like O365 for example )
• Notepad++
• Microsoft Teams

TIPS: Microsoft Edge Insider ( insider mean beta-testing version ) is based on Chromium ( that’s why it looks like Chromium ), it will replace the good old Edge on January 16 2020.

You have to allow IT users and HR users to access to VM via Remote Desktop.

For security reason, please make sure that:

1. All password are Complex ( not easily findable 😉 ) All theses
2. passwords must be changed every month to ensure security. Local
3. Administrator Account must be disabled and all SysAdmin’s member
   must be administrator

Recently NSA revealed a security breach in all Windows ( including Windows Server ) which permit to anyone to connect to inject malicious Software and mark them as “Approved Editor” ! Your IT team won’t spend time to ask employees to update their Virtual Computer, then please make sure every computer are automatically updated at 3H AM.

Finally, each shared storage ( explained in the next part ) must be mounted on a drive letter like “Z:” or “Y:” ( because our loved Germaine will never understand how to type: \yourshare\hr ! )

File Sharing

To permit data to be stored like customer’s invoice, team’s photos, you must create dedicated storage for each group, to permit users to store photo on their group’s share.

IT SysAdmin must have full access on ALL shares.

Please consider criticity of theses files and then, make sure that storage are safe !

Automatic Deployment

Your team is composed of 24 collaborators ( then you should have 24 VM to create, for this Project, please do only 2 VM for this POC ) but you won’t setup manually all theses Virtual Machine and you won’t setup a template, because you will in a nearly future, setup physical computer.

Then, you decide to setup a PXE Server ( with WDS - Windows Deployment Services ) and prepare a customized Windows 10 Professional Edition, this custom windows 10 should Automatically join your domain.

2MSCA - Subject - WDS.png

Windows Update Services

Your corporation is growing up quickly but your new datacenter only have a ADSL uplink, then you’re bandwith is limited to 10MB/s and to avoid bandwith saturation, you decide to implemenent a Server dedicated to run a WSUS services which will act as a proxy cache for updates.

All WSUS storage must be redundant.

Please store only Windows 10 Update and updates for Windows Server 2019.

2MSCA - Subject - WSUS.png

BONUS: Internet Website

To improve your visibility on the web, marketing’s team want to have a Wordpress running a windows server,

This WordPress should be available only on “spacesys.lan” on port 80 ( because at this time, we don’t have any SSL certificate )

(链接到外部网站。)You can retrieve last Wordpress archive from https://wordpress.org/ (链接到外部网站。).

This service must be highly available and setup as VM in your Hyper-V Cluster, feel free to setup a dedicated server for MySQL Database.

Virtual Desktop Infrastrucure is required for this part.

Rules

Only servers running with Windows Server 2019 will be accepted, others servers will not be considerered in the notation !

The maximum size of a group is 2 persons, each additionnal person will impact on your notation -3 POINTS / Additional MEMBER!

Each item of the barems is divided in three parts:

• Demonstration ( show it works ) - 50%
• Documentation ( explain how it works ) - 25%
• Presentation ( what is the benefit for the compagny ) - 25%
  For example, the following item “Raid Array is correct on Storage server (2 points)” :

We have:

• Demonstration: 1 points.
• Documentation: 0.5 points.
• Presentation: 0.5 points.

Item	Points
DHCP and routing work	2
Network Core use a Windows Server with GUI	-2
Hyper-V Cluster is correctly setup and highly Available	6
Users and groups are correctly created via Powershell Script	1
Group policy	2
Filesharing and mount	2
Automatic Deployment	4
They are a local windows update sever	3
A wordpress have been setup	2
Show quality ( dress code + oral quality + quality of documents )	2
TOTAL	22

Delivery

You must put on Canvas, your technical documentation and your VISIO ( or equivalent ) scheme and all scripts you create during the subject ( account importing, … )

good luck.gif