1 / 28

Logical and Physical Network Design

Logical and Physical Network Design. Objects. Active Directory. Printers. Printer1. Attributes. Printer Name Printer Location. Printer2. Printers. Printer3. Attribute Value. Users. Attributes. Don Hall. First Name Last Name Logon Name. Suzan Fine. Users.

kyria
Télécharger la présentation

Logical and Physical Network Design

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Logical and Physical Network Design

  2. Objects Active Directory Printers Printer1 Attributes Printer Name Printer Location Printer2 Printers Printer3 Attribute Value Users Attributes Don Hall First Name Last Name Logon Name Suzan Fine Users Active Directory Objects • Objects Represent Network Resources (Users,Groups,Computers,Printers) • Attributes Store Information About an Object

  3. Active Directory Schema Objects Class Examples Active Directory Schema Is: • Dynamically Available • Dynamically Updateable • Protected by DACLs Attribute Examples Computers Attributes of Users Might Contain: List of Attributes accountExpires department distinguishedName middleName accountExpires department distinguishedName directReports dNSHostName operatingSystem repsFrom repsTo middleName … Users Printers

  4. Active Directory Components • Logical components of the Active Directory • Provide a way to design and administer the hierarchical, logical structure of the network • Include • Domains and organizational units • Trees and forests • A global catalog

  5. Active Directory Components (Continued) • Windows Server 2008 domain • Logically structured organization of objects that • Are part of a network, and • Share a common directory database • Each domain • Has a unique name • Is organized in levels • Is administered as a unit with common rules and procedures • Is defined by an IP address on the Internet

  6. Active Directory Domains Boundary of Policies Boundary of Authentication CONTOSO.COM Boundary of Replication

  7. Seattle New York Chicago Los Angeles Characteristics of Multiple Domains • Separate Administrative Control • Geographic basis • Large number of objects Reduce Replication Traffic Maintain Separate and Distinct Security Policies Between Domains

  8. Active Directory Components (Continued) • An organizational unit (OU) • A logical container used to organize objects within a single domain • Benefits of using OUs • Easier to locate and manage the Active Directory objects • Define more advanced features by applying Group Policy to an OU • Delegate administrative control over OUs

  9. An Active Directory Domain and OU structure

  10. Active Directory Components (Continued) • Trees and forests • Forest root domain • First Active Directory domain created in an organization • Tree • Hierarchical collection of domains that share a contiguous DNS namespace

  11. What Is a Tree? Parent Tree Root Domain & Forest Root Domain Parent Domain a two-way, transitive trust relationship contoso.msft Child Child Domain sales.contoso.msft New Domain Contiguous Namespace sales.contoso.msft

  12. Active Directory Components (Continued) • Whenever a child domain is created, a two-way, transitive trust relationship is automatically created between the child and parent domains • Transitive trust • All other trusted domains implicitly trust one another

  13. Active Directory Components (Continued) • Forest • Collection of trees that do not share a contiguous DNS naming structure • The trees in a forest share a single Active Directory schema • Enterprise Admins • Special user group • Allows members to manage objects throughout the entire forest

  14. Example of an Active Directory forest

  15. The Forest Root Domain Is the First Domain Created in a Forest contoso.msft Forest Root Domain Global Catalog Forest nwtraders.msft Configuration and Schema Tree Root Domain Tree Tree Enterprise Admins Schema Admins marketing.nwtraders.msft sales.contoso.msft What Is the Forest Root Domain?

  16. Active Directory Components (Continued) • Global catalog • Index and partial replica of the objects and attributes most frequently used throughout the entire Active Directory structure • Replicated to any server within the forest that is configured to be a global catalog server • The first domain controller in Active Directory automatically becomes a global catalog server • Additional domain controllers can also be configured to be global catalog servers

  17. Subset of the Attributes of All Objects Domain Domain Domain Domain Global Catalog Domain Domain Global Catalog Server Global Catalog Queries Group membership when user logs on

  18. Active Directory Physical Structure • Relates to the actual connectivity of the physical network • Domain Controllers • Sites

  19. Domain Controller • A domain controller is a server containing a copy of the Active Directory. • All domain controllers are peers, and maintain replicated versions of the Active Directory for their domains. • The domain controller plays an important role in both the logical and physical structure of the Active Directory. • It organizes all the domain's object data in a logical and hierarchical data store. • It also authenticates users, provides responses to queries about network objects, and replicates directory services. (The physical structure provides the means to transmit this data through well-connected sites.)

  20. Domain Controllers roles

  21. Domain User1 User2 User1 User2 Replication Domain Controller Domain Controller Domain Controllers • Reasons for Creating Multiple Domain Controllers: • it is recommended that each domain and each site have more than one domain controller to provide logical and physical structure redundancy and fault tolerance. = A Writeable Copy of the Active Directory Database

  22. Seattle New York Chicago Los Angeles Site IP subnet IP subnet Sites WAN Link • Combination of one or more Internet Protocol (IP) subnets connected by a high-speed connection Sites: • Optimize replication traffic • Enable users to log on to a domain controller by using a reliable, high-speed connection

  23. Active Directory Physical Structure (Continued) • Aims regarding replication • Make sure that any modification to the Active Directory database is replicated as quickly as possible between domain controllers • Make sure that replication does not saturate the available network bandwidth

  24. Active Directory Physical Structure (Continued) • A site link • A configurable object that represents a low-bandwidth or unreliable/occasional connection between sites • Can be adjusted for • Replication availability • Using the Schedule onSite Links • Bandwidth costs • Higher Cost Numbers Represent Lower Priority Replication Paths • Replication frequency • by Setting the Number of Minutes Between

  25. The site structure of Dovercorp.net

  26. Domains & sites • No formal relationship exists between the boundaries of a site or domain. • sites and domains do not have to maintain the same namespace. • Sites Can Contain • All domain controllers in a single domain • Some of the domain controllers in a single domain • Domain controllers from different domains

  27. Sites and Domains Site A US.CONTOSO.COM CONTOSO.COM Site B

  28. References • Hands-On Microsoft Windows Server 2003 Administration, Dan DiNicolo • InformIT: Understand Active Directory partIII, http://www.informit.com/articles/article.aspx?p=26866 • Microsoft TechNote, Active Directory Structure and Storage Technologies, http://technet.microsoft.com/en-us/library/cc759186(WS.10).aspx • Microsoft TechNote,Introduction to Active Directory, http://download.microsoft.com/download/3/5/4/35415b82-399d-4ba3-a24f-ea151742611e/Introduzione_a_Active_Directory.PPT • Active Directory Fundumentals, http://winserver.members.winisp.net/Active%20Directory%20Content/Active%20Directory%20Fundamentals/ITPROADD-01%2075%20minute%20version.ppt . • And much more..

More Related