Free Essay

Active Directory Replication Strategy

In: Computers and Technology

Submitted By robbycollazo2
Words 2403
Pages 10
Active Directory Replication Strategy

Active Directory Replication Strategy
Explain how replication should be configured, implemented, maintained, and monitored in an Active Directory infrastructure.
Active Directory implements a replication topology that takes advantage of the network speeds within sites, which are ideally configured to be equivalent to local area network (LAN) connectivity. The replication topology also minimizes the use of potentially slow or expensive wide area network (WAN) links between sites. When you create a site object in Active Directory, you associate one or more Internet Protocol (IP) subnets with the site. Each domain controller in a forest is associated with an Active Directory site. A client workstation is associated with a site according to its IP address; that is, each IP address maps to one subnet, which in turn maps to one site. Active Directory uses sites to: 1. Optimize replication for speed and bandwidth consumption between domain controllers. 2. Locate the closest domain controller for client logon, services, and directory searches. 3. Direct a Distributed File System (DFS) client to the server that is hosting the requested data within the site. 4. Replicate the system volume (SYSVOL), a collection of folders in the file system that exists on each domain controller in a domain and is required for implementation of Group Policy.
And when it comes to monitoring my replication in active directory I would use the following command: dcdiag /test:replications, which will allow me to find issues in my replication.
Explain the factors that go into the decision for what data is being replicated, how often that is done, and how to ensure that it is functioning properly. When you decide which replication scope to choose, consider that the broader the replication scope, the greater the network traffic caused by replication. For example, if you decide to have AD DS integrated DNS zone data replicated to all DNS servers in the forest, this will produce greater network traffic than replicating the DNS zone data to all DNS servers in a single AD DS domain in that forest. Active Directory permits you to schedule replication so that you can control the amount of bandwidth consumed. This is important because bandwidth affects the efficiency of replication. The frequency of replication is a trade-off between bandwidth consumption and maintaining the AD DS database in an up-to-date condition. It would be best to do most replication after business hours.
Inbound or outbound replication failure causes Active Directory objects that represent the replication topology, replication schedule, domain controllers, users, computers, passwords, security groups, group memberships, and Group Policy to be inconsistent between domain controllers. Directory inconsistency and replication failure cause either operational failures or inconsistent results, depending on the domain controller that is contacted for the operation, and can prevent the application of Group Policy and access control permissions. Active Directory Domain Services (AD DS) depends on network connectivity, name resolution, authentication and authorization, the directory database, the replication topology, and the replication engine. When the root cause of a replication problem is not immediately obvious, determining the cause among the many possible causes requires systematic elimination of probable causes.

Detail three errors that can arise from Active Directory Replication and how they can be diagnosed as well as prevented.
Replication error 8606 insufficient attributes were given to create an object;
Diagnostic: DCDIAG reports that Active Directory Replications test failed with error status code (8614): "Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime."
System time on the destination DC moved, or "jumped," tombstone lifetime one or more number of days in the future since the last successful replication. This gives the appearance to the replication engine that the destination DC failed to inbound-replicate a directory partition for tombstone lifetime elapsed number of days.
Prevent: Check for nondefault values of tombstone lifetime, Check for DCs that failed inbound replication for TSL number of days, Check for time jumps.
Replication error 5 Access is denied;
Diagnostic: Antivirus software that uses a mini-firewall network adapter filter driver on the source or destination DC has been known to cause this issue. Some network adapters have a "Large Send Offload" feature that has been known to cause this issue.
Prevent: to prevent and fix this issue I would run DCDIAG on the destination DC, also DCDAIG /TEST:CheckSecurityErro and NETDIAG.

Replication error 1753 there are no more endpoints available from the endpoint mapper;
Diagnostic: error 1753 means that the RPC client (destination DC) was able to contact the RPC Server (source DC) over port 135 but the EPM on the RPC Server (source DC) was unable to locate the RPC application of interest and returned server side error 1753. The presence of the 1753 error indicates that the RPC client (destination DC) received the server side error response from the RPC Server (AD replication source DC) over the network.
Prevent: To prevent and fix this issue I would, verify that the Active Directory Domain Services service is running. Verify that RPC client (destination DC) connected to the intended RPC Server (source DC). Verify that the server application (Active Directory et al) has registered with the endpoint mapper on the RPC server (source DC). Verify that the startup value and service status for RPC service and RPC Locator is correct for OS version of the RPC Client (destination DC) and RPC Server (source DC). If the service is currently stopped or was not configured with default startup values, reset the default startup values, reboot the modified DC then retry the operation.
Describe and detail three tools that can aid in the replication process.
Dssite.msc: Active Directory Sites and Services * Sites container: Add new sites. * Site objects: Add new servers to a site. * NTDS Site Settings object: For each site, view the connection object schedule and enable Universal group membership caching. * Server object: View the NTDS Settings object and designate the server as a bridgehead server. * NTDS Settings object: View inbound connections for the server. View the connection object schedule and change the source server for the connection. * Inter-Site Transports container: Manage IP and SMTP site links. * Site link objects: Manage the site link properties for a set of sites. * Subnets container: Add, remove, and configure subnets with IP addresses. Associate subnets with sites.
Repadmin.exe: Repadmin
Repadmin is used to view the replication information on domain controllers. You can determine the last successful replication of all directory partitions, identify inbound and outbound replication partners, identify the current bridgehead servers, view object metadata, and generally manage Active Directory replication topology. You can use Repadmin to force replication of an entire directory partition or of a single object. You can also list domain controllers in a site.
The Active Directory Replication Status Tool (ADREPLSTATUS)
ADREPLSTATUS helps administrators identify, prioritize and resolve Active Directory replication errors on a single DC or all DCs in an Active Directory Domain or Forest. * Auto-discovery of the DCs and domains in the Active Directory forest to which the ADREPLSTATUS computer is joined * Errors only mode allows administrators to focus only on DCs reporting replication failures * Upon detection of replication errors, ADREPLSTATUS uses its tight integration with resolution content on Microsoft TechNet to display the resolution steps for the top AD Replication errors * Rich sorting and grouping of result output by clicking on any single column header (sort) or by dragging one or more column headers to the filter bar. Use one or both options to arrange output by last replication error, last replication success date, source DC naming context and last replication success date, etc.) * The ability to export replication status data so that it can be imported and viewed by source domain admins, destination domain admins or support professionals using either Microsoft Excel or ADREPLSTATUS
ADREPLSTATUs UI consists of a toolbar and Office-style ribbon to expose different features. The Replication Status Viewer tab displays the replication status for all DCs in the forest. The screenshot below shows ADREPLSTATUS highlighting a DC that has not replicated in Tombstone Lifetime number of days (identified here by the black color-coding).
List and describe some of the best practices for Active Directory Replication.
When in in a business setting it is a smart move to replicate your domain controllers. Say you have a site with let’s say seven domain controllers and you have a user that’s logging on to the network and types there password in, one of those domain controllers is going to authenticate the user, now let’s say that users logs off changes there password and then logs back in they would be then authenticated by a different one of the domain controllers. For this reason you want a replication with in a site to happen quickly. This is called Intrasite Replication (IR). With this type of replication windows active directory can use with no configuration. IR will take place 15 seconds after a change on the network is made. What this means is that when I change is made all seven domain controllers will receive the change in less than a minute. If you have 8 or more domain controllers in one site active directory can reduce the latency buy make additional connection between domain controllers. And again active directory does this automatically;
Now with Intersite Replication (IR2) this replication takes place between two different sites rather than just one site like Intrasite Replication. Say we have the original site with the seven domain controllers and we need to have a replication to another site out of state that has three domain controllers. Now as an administrator you will have to manually set up a Site Link. After that active directory will choose a domain controller from both sites, it creates 2 Bridgehead Servers (BHS) at each site. Now when a change is made at one site it will first replicate at that site and when it reaches the BHS then I will begin to replicate to the other BHS located at the other site. If the active BHS at one of the sites fail active directory will then choose another BHS automatically.
As a network admin you can also choose the domain controller you want act as the BHS manually. But be warned if you decide to this manually if that BHS you choose goes down active directory will not automatically choose another one for you and replication will not take place. Once the site link is finished you can now set up some awesome options, you can set up a Schedule of when you want the Intersite to replicate you may want to set it to replicate after business hours due to network traffic. Then you can set up a Cost which sets priority for which the site links to use. The last thing to consider with a site link is Site Transport there are two options to consider with Site Transport to use for the Site Link. First you have RCP over IP or SMTP. RCP over IP support everything active directory needs which is also the common route to use. Now with SMTP it supports everything but file replication it’s impossible to use SMTP on domain level, all the log in scripts and group policy will not be replicated (and that’s a no-no). The only things SMTP can replicate are active directory changes and the schema. SMTP is only good in my opinion when you have a unreliable network because it does not require a response back confirming the transmit (asynchronous). With RCP over IP it waits for a response from the recipient and if it does not receive one then it will stop communication (synchronous). So as you can see replication is very important to the world as we know it today, when adding new users, changes in group policies like file control and changes made throughout active directory, user passwords anything, if you’re in a company you’re going to want all these things to update in every domain controller, at every site.

Microsoft/TechNet (2011, April 25). Verify Active Directory replication: Active Directory. Retrieved April 18, 2013, from
Microsoft/TechNet (2012, July 12). Understanding DNS Zone Replication in Active Directory Domain Services. Retrieved April 18, 2013, from
Blog at (2011, June 22). How to Configure Active Directory Sites and Replication | Windows Management And Scripting Blog. Retrieved April 18, 2013, from
Itfreetraining (2012, April 15). MCITP 70-640: Active Directory Replication [Video file]. Retrieved from
Microsoft/TechNet (2012, December 10). Active Directory Replication Tools and Settings: Active Directory. Retrieved April 18, 2013, from
Microsoft/TechNet (2012, March 1). Replication error 1753 There are no more endpoints available from the endpoint mapper. Retrieved 18, 2013, from
Microsoft/TechNet (2012, March 1). Replication error 8456 or 8457 The source | destination server is currently rejecting replication requests. Retrieved April 18, 2013, from
Microsoft/Technet (2012, March 1). Replication error 5 Access is denied. Retrieved April 18, 2013, from
Microsoft/Technet (2012, December 17). Troubleshooting Active Directory Replication Problems: Active Directory. Retrieved April 18, 2013, from
Microsoft (n.d.). Troubleshooting AD Replication error 8614: "The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime". Retrieved April 18, 2013, from
Pyle, N. (2012, August 23). AD Replication Status Tool is Live - Ask the Directory Services Team - Site Home - TechNet Blogs. Retrieved April 18, 2013, from

Similar Documents

Free Essay

Ad Design Replication Scenario

...AD Design Replication Scenario Since the two new branch offices will be directly connected to main office you can configure hub and spoke topology and configure the replication schedule as per requirement. I would also recommend in hub site to have minimum two DC for redundancy. In the event of failure if second DC does not exist irrespective of OS version AD replication will be down totally. At least in the hub site you should have additional DC if not present. The first rule of Active Directory design is keeping it simple. Active Directory is very flexible. So flexible that you can design an Active Directory forest that is complex beyond imagination. All Windows Server 2003/08 R2 supports the Active Directory containers of forest, domain, site, and organizational unit (OU). With the only real restriction of one forest per namespace, you can deploy as many domains, sites, and OUs as you deem necessary. To run a replication topology in multisite network, it should be run off of Inter site Topology Generator. This will allow you to replicate between the two new offices. There are three attributes to control the behavior of replication traffic over the site link: cost, schedule, and frequency. Assigning a cost to a site link object allows the administrator to define the path that replication will take. The schedule of the site link object determines when the link is available to replicate information. A site link’s frequency determines how often information will be......

Words: 366 - Pages: 2

Free Essay

Week 4 – Active Directory Design Scenario

...Week 4 – Active Directory Design Scenario Since the two new braches office will be directly connected to main office you can configure hub and spoke topology. I would also recommend in hub site to have minimum two DC for redundancy. In the event of failure if second DC does not exist irrespective of OS version AD replication will be down totally. At least in the hub site you should have additional DC if not present. Branch 1 – For this site I would recommend setting up another line to the main hub to remove single point of failure. Also setting a backup for branch 1 located at main site and if possible at branch 2. A two way trust will need to be set up to support backup at main site/branch 2 if servers fail at branch 1. To support AD replication I would use two way trust network. Branch 2 – With branch 2 being located at a remote site I would recommend setting a VSAT system to remove the single point of failure. With the slow speed at this branch it would not make for a very good backup site. I would use two way trusts for replication of services. *Recommendations for Optimum Performance For Active Directory replication, a rule of thumb is that a given domain controller that acts as a bridgehead server should not have more than 50 active simultaneous replication connections at any given time in a replication window. (This was determined on a reference server that had four Pentium III Xeon processors with 2 gigabytes (GB) of RAM and 2 megabytes (MB) of L2 cache.)......

Words: 683 - Pages: 3

Free Essay

Nt1330 Unit 4 Assignment 1

...NT1330 Unit 4 Assignment 1. AD Design Replication Scenario AD Design Replication Scenario To whom it may concern: I am the IT Administrator for the company and I have been asked to give my recommendations for the Active Directory Replication Design of the two new Branches. The first I can recommend for you is that all the information that is needed for each new site is correctly documented and added to the Root Active Directory through the Active Directory sites and services. This is done because the Root AD automatically builds the inter-site replication topology based on the information provided about the new site connections. Each new site’s AD will have one each domain controller that is known as the inter-site topology generator and they are assigned to build the topology at their sites. To add two new branch offices we will need to find a strategy to design a replication process. To implement this we will need to use inter-site replication. Inter-site replication is needed when adding domain controllers located in different sites. We will also need a site link (Site link is a logical, transitive connection between two sites that allows replication to occur) protocol of Remote Procedure Call (RPC) over Internet Protocol (IP) which is the preferred choice for the replication process. This allows you to communicate with network services on various computers and also keep data secure when being transmitted by using both encryption and......

Words: 580 - Pages: 3

Free Essay

Active Directory

...Windows Server 2003 Active Directory Judith Che Strayer University of Maryland Author Note Judith Che, Strayer University of Maryland. Any questions regarding this article should be address to Judith Che. Strayer University Maryland, White Marsh, MD 21085. Company’s today relay on good networking in order for their business to grow and succeed. A system engineer requires the ability, knowledge, and skill to plan and manage today’s networking which faces an ever-increasing variety of applications. We need to be skilled and informed to manage a network running Windows Server 2003 Active Directory. Present day networking administrators have difficulties ensuring that network resources are available to users when access is needed and securing the network in such a way that available resources are accessible to the proper user with the proper permission. We will have to solve networking problems including troubleshooting, configuration, installation, administration, and managing element. Starting from choosing the best Windows Server 2003 Edition that will meet the company’s needs in terms of price, performance and features; work group woes, name resolution nightmares and DNS name conflicts to server security. These problems can be solved with proper planning, managing, and designing a day-to-day administration of an Active Directory domain within their Windows Server 2003 network environment. We predict that implementing a Windows Server 2003 Active Directory will......

Words: 5782 - Pages: 24

Free Essay

Active Dir

...Active Directory Design Guide Thursday, 25 February 2010 Version Baseline Prepared by Microsoft Prepared by Microsoft Copyright This document and/or software (“this Content”) has been created in partnership with the National Health Service (NHS) in England. Intellectual Property Rights to this Content are jointly owned by Microsoft and the NHS in England, although both Microsoft and the NHS are entitled to independently exercise their rights of ownership. Microsoft acknowledges the contribution of the NHS in England through their Common User Interface programme to this Content. Readers are referred to for further information on the NHS CUI Programme. All trademarks are the property of their respective companies. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. © Microsoft Corporation 2010. All rights reserved. Disclaimer At the time of writing this document, Web sites are referenced using active hyperlinks to the correct Web page. Due to the dynamic nature of Web sites, in time, these links may become invalid. Microsoft is not responsible for the content of external Internet sites. Page ii Active Directory – Design Guide Prepared by Microsoft, Version Last modified on 26 February 2010 Prepared by Microsoft TABLE OF CONTENTS 1 2 Executive Summary ..............................................................................................

Words: 43732 - Pages: 175

Free Essay

Comparative Operating Systems

...741 COMPARATIVE OPERATING SYSTEMS TERM PAPER SUMMER 2001 COMPARISON OF NETWORK OPERATING SYSTEMS BY MUKUNDAN SRIDHARAN COMPARISON OF NETWORK OPERATING SYSTEM S Abstract We are in a era of computing in which networking and distributed computing is the norm and not a exception. The ability of a operating system to support networking has become crucial for its survival in the market. In today’s picture there is no operating system, which doesn’t support networking. This paper tries to give a review of various network operating systems or the networking support of a operating system, in relevance to the modern operating systems. The emphasis is on basic design and architecture, not their specifications or services. The paper considers various operating systems like Novell Netware, the sun NFS, the Styx, CIFS/SMB and Microsoft Windows 2000 server. Again the concentration is on modern and evolving operating systems like the Novell Netware and Microsoft’s Windows 2000. The objective of the paper is to study and compare various operating systems and to bring out the inherent advantages and disadvantages in using them. 1.0 INTRODUCTION Individual computers are connected together to form computer networks. The operating system, protocols and services which help us in interconnecting the computers are collectively called Network Operating systems. The defines Network Operating Systems as follows: An operating system......

Words: 12519 - Pages: 51

Free Essay

It222 Midterm Review

...1. An object is defined in the ___ of active directory b. schema 2. When deploying Active Directory with third-party DNS, the DNS server d. SRV 3. ______ of Windows Server 2008 allows enterprises to mi a. functional levels 4. Active Directory uses ____ that allow users to access resources in a single domain forest or multiple domain forest. c. trust relationships 5. The first ___ installed in a new Active Directory forest will hold all the FSMO roles. d. DC 6. Each DC maintains a local value called an ___ that keeps track of changes that are made a teach DC. a. update sequences number (USN) pg 62 7. The ___ of Active Directory defines the logical grouping of Active Directory c. logical structure pg 60 8. Which of the following is used to keep track of the number of times Active Directory attribute has been d. Version ID pg 62 9. Active Directory ___ are the means by which administrators can control the replication traffic d. sites pg 60 10. Which of the following protocols should be only used when replicating between different a. Simple mail transfer protocol (SMTP) pg 70 11. The Primary Domain Controller (PDC) Emulator is not responsible for the following tasks: d. Managing objects by providing ease of accessibility and fault tolerance to GPOs pg 86 12. Each DC can have only ___ relative identifier (RID) master. a. one pg 85 13. Which of the following allows users to log on to domains across a forest by using a standardized......

Words: 502 - Pages: 3

Premium Essay

Server 2008 Paper 1

...Sever 2008 Research Windows Server 2008 is the latest server Operating System for Microsoft. It currently is available in six different versions.   The reason for the different versions is that each version has different features and different prices. Windows Server 2008 Foundation is a cost effective, entry-level technology foundation, good for use by small business owners.   This version is inexpensive, easy to deploy and very reliable.   Windows Server 2008 Standard is the toughest Windows Server operating system.   It has a built-in enhanced Web and Virtualization capabilities.   It was designed to increase the reliability and flexibility of your server infrastructure while helping save time and reduce cost. This version also has enhanced security features.   Windows Server 2008 Enterprise is an advanced server platform that provides more cost effective and reliable support for mission-critical workloads.   It offers new features for virtualization, power savings and manageability. It also makes it easier for mobile workers to access company resources.   Windows Server Data Center provides a base on which to build enterprise class virtualization and scale up solutions. It improves availability, enhance power management and integrate solutions for mobile and branch workers.   Windows Web Server 2008 is a web application and services platform.   It uses Internet Information Service (IIS) 7.5 and is designed exclusively as an Internet-facing server.   It has improved......

Words: 1722 - Pages: 7

Free Essay

Key Terms

...deploying Active Directory with third-party DNS, the DNS server must support _____ records. SRV What is the command-line utilities allows moving objects from one location to another? Dsmove Active Directory supports _____ FSMO roles and their functionality is divided between domain-wide and forest-wide FSMOs. five The _____________ command-line tool is a valuable tool for testing resource access permissions. Runas Which type of group can be used to grant or deny permissions to any resource located in any domain in a forest. Global group When a user logs on to Active Directory, an _________________ is created that identifies the user and all of the user's group memberships. Access Token The first ______________ installed in a new Active Directory forest will hold all of the FSMO roles. DC An object is defined in the ___________ of Active Directory. Schema Active Directory uses _____________ that allow users to access resources in a single domain forest or multiple domain forests. trust relationships ____________________ of Windows Server 2008 allows enterprises to migrate their down-level Active Directory domain controllers gradually. Functional levels Active Directory __________________ are the means by which administrators can control the replication traffic. sites Each DC maintains a local value called an _____________ that keeps track of changes that are made at each DC. update sequence number (USN) The _____________ of......

Words: 563 - Pages: 3

Premium Essay

Ms 70-640

...Microsoft 70-640 TS: Windows Server 2008 Active Directory, Configuring Version: 30.6 Microsoft 70-640 Exam Topic 1, Exam Set 1 QUESTION NO: 1 You work as the network administrator at The network has a domain named All servers on the network run Windows Server 2008. Only one Active-Directory integrated zone has been configured in the domain. has requested that you configure DNS zone to automatically remove DNS records that are outdated. What action should you consider? A. You should consider running the netsh /Reset DNS command from the Command prompt. B. You should consider enabling Scavenging in the DNS zone properties page. C. You should consider reducing the TTL of the SOA record in the DNS zone properties page. D. You should consider disabling updates in the DNS zone properties page. Answer: B Explanation: In the scenario you should enable scavenging through the zone properties because scavenging removes the outdated DNS records from the DNS zone automatically. You should additionally note that patience would be required when enabling scavenging as there are some safety valves built into scavenging which takes long to pop. Reference: QUESTION NO: 2 You work as the network administrator at The network has a domain named All servers on the network run Windows Server 2008. The

Words: 34198 - Pages: 137

Premium Essay

Windows Network Proposal

...Windows Network Proposal Travis Allan Parrish University of Maryland University College Shiv LLC will greatly benefit from using Windows Server 2012 to manage their network. Windows Server 2012 brings great updates to security and functionality over past editions of Windows. In this proposal, the major areas I will cover are Active Directory, Group Policy, DNS, File Services, Remote Services, and WSUS (Windows Server Update Services). These major roles have features that will make Shiv LLC Company’s infrastructure run smoothly. Active Directory Shiv LLC will have sites across a large geographic location. Because of this, a regional domain model should be used. Domains will be broken down into where users are working. For example, currently Shiv LLC has three locations, Los Angeles, Dallas, and Houston. This means there will be three domains, representing each of these cities. This strategy will make sure the network can be maintained by regional administrators, who will only worry about users in their area of the network. With this style of deployment, it can be difficult to decide what will be the forest root domain. The main staff for the company is in two cities, Dallas and Houston. This makes it difficult to make one of these sites the forest root domain. To make this decision neutral, a dedicated forest root domain can be suggested. This domain will be created only to function as the forest root. It will not contain and users, except for service administrator......

Words: 1905 - Pages: 8

Premium Essay

Building an Access Control System

...and a work cited section for the references used in your proposals. EVERYTHING SUBMITTED SHOULD DIRECTLY RELATE TO THE PRESENTED CASE STUDY AND NO COPYRIGHT MATERIAL! The recommended order to accomplish this proposal is as follows: Week 2 • LAN and WAN requirements – explain the LAN and WAN infrastructure of the doctor’s office network • Wiring – type of wire, length, cost, outside contractor, etc • Network Diagrams – current network infrastructure and proposed network • Network Hardware – routers, switches, racks, PC, etc. This is initial compiled list • Connectivity LAN-to-LAN – How each LAN is connected to other LANs • Network Services – DNS, DHCP, WINS, VPN, etc. All Microsoft network services. • Replications – Active Directory Replication, DNS Replication, etc. • Section 1 of business case Provide a breakdown of all hardware, software and communication equipment needed for the...

Words: 1078 - Pages: 5

Premium Essay

Server Questions set? 1.       automatic private IP address 2.       fixed IP address 3.       static IP address 4.       none of the above ques 6:- What is the minimum number of physical computers required to allow you to use a KMS key? 1.       20 Vista and ten Windows Server 2008 computers 2.       20 Vista and five Windows Server 2008 computers 3.       15 Vista and ten Windows Server 2008 computers 4.       25 Vista and five Windows Server 2008 computers Ques 7:- A striped volume uses which type of striping to interleave data across the disks? 1.       Raid 6 2.       Raid 4 3.       Raid 0 4.       Raid 5 Ques 8:- A computer running Server Core will allow you to launch which of the following consoles? 1.       Computer Management 2.       Active Directory Users and Computer 3.       Windows Registry Editor 4.       None of the above Ques 9:- BOOTP enables a TCP/IP workstation to retrieve settings for all of the...

Words: 4583 - Pages: 19

Premium Essay

Is3440 card transactions; and GLBA, because we are a financial institution. All of the regulations of these three compliancy laws must be met, while still maintaining the Confidentiality, Integrity, and Availability (CIA) triad. All security requirements for SOX, PCI-DSS, and GLBA can be achieved using Linux and open source infrastructure. Some examples of open source software that we might use are: Web Server - Apache Web Filtering - DansGuardian Network Firewall - Turtle Firewall VPN - Endian Firewall Community IDS/IPS - Suricata Database - MySQL File Server - Samba SMTP Server - hMailServer I would recommend that we use a "Defense in Depth" strategy, having multiple layers of access protection. We need to have an IDS/IPS on both sides of our edge firewall. The inside IDS/IPS will be used as additional protection for our network and the outside IDS/IPS will serve as an early warning system from attacks. We will also use the outside IDS/IPS for additional protection and to monitor what types of attacks are occurring. Our web server and mail server should be completely separated from the rest of our network in a...

Words: 3253 - Pages: 14

Premium Essay


...ITT TECHNICAL INSTITUTE NT1310 Physical Networking GRADED ASSIGNMENTS ------------------------------------------------- Student Professional Experience Project NSA SPE Project 1 (to be completed by the end of NT1310): Install, Configure, Test, Maintain and/or Document the Worksite Local Area Network and Its Components Purpose The purpose of the Student Professional Experience (SPE) project is to provide you an opportunity for work experience in your field or in a related field to add to your résumé. You may have an opportunity to serve your community or work for a local employer for a project that will take between 20 and 30 hours. Project Logistics Career Services will identify an employer with needs in the following areas: Network related tasks (mostly confined to the LAN and Microsoft Windows Server 2008 environments) Students are expected to practice various skills discussed in all the technical courses in Quarters 1 through 3 of the NSA program at an employer’s site on network related tasks (more confined to the LAN and Microsoft Windows Networking with Server 2008 environments) that would involve installation, configuration, testing, maintenance and documentation of the worksite network and its components, and to properly document the technical information in all involved activities. Such documentation will be used as the source material for Items 2 and 3 defined in the Deliverables section of this document. Possible example projects......

Words: 6762 - Pages: 28