Contents

Overview 1

Evaluating the Existing Configuration 2

Identifying the Essential Design Decisions 6

Providing Security 15

Enhancing the Availability and
Performance 19

Lab A: Creating Networking Solutions 28

Review 89Module 13: Networking
Service Designs Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only

Manufacturing Manager: Rick Terek (S&T OnSite)
Manufacturing Support: Laura King (S&T OnSite)
Lead Product Manager, Development Services: Bo Galford
Lead Product Manager: Ken Rosen
Group Product Manager: Robert Stewart

Other product and company names mentioned herein may be the trademarks of their respective
owners.
Module 13: Networking Service Designs iii Instructor Notes
This module provides students with the information needed to design
networking solutions that support applications based on the requirements of an
organization. Students will use the knowledge of networking services (in terms
of features, functions, functionality, security, availability, and performance of
the service) to design networking solutions for given scenarios.
At the end of this module, students will be able to:

Identify the characteristics of the scenario that influence the design
decisions.

Describe the essential design decisions required to provide networking
services.

Describe the design decisions for securing the networking services.



Read the review questions and be prepared to elaborate beyond the answers
provided in the text.

Presentation:
75 Minutes

Labs:
120 Minutes
iv Module 13: Networking Service Designs Module Strategy
Use the following strategy to present this module:

Evaluating the Existing Configuration
Tell the students that in this module, they will use their knowledge of
Microsoft Windows
®
2000 networking services to design networking
solutions. Point out that they will test their knowledge by working on an
organizational scenario.
In this section:
• Explain that students will design networking solutions for an investment
firm scenario. Tell them that before designing a solution, they must
identify the current status of the design project.
• Explain that the design requirements and limitations must be identified
when making design decisions.

Identifying the Essential Design Decisions


Module 13: Networking Service Designs v Lab Strategy
Use the following strategy to present this lab.
Lab A: Creating Network Solutions
In the design lab, students will design a network solution based on specific
requirements outlined in the given scenarios.
Students will review the scenarios and the design requirements and read any
supporting materials. They will use this information, and the knowledge gained
from the module, to develop detailed designs.
To conduct this lab:

Read through the lab carefully, paying close attention to the instructions and
to the details of the scenario.

Consider dividing the class into teams of two or more students.

Present the lab and make sure students understand the instructions and the
purpose of the lab.

Remind students to consider any functionality, security, availability, and
performance criteria provided in the scenario and how they will incorporate
strategies to meet these criteria in their design.

Allow some time to discuss the solutions after the lab is completed. A
solution is provided in your materials to assist you in reviewing the lab
results. Encourage students to critique each other’s solutions and to discuss
any ideas for improving their designs.

When combined with Microsoft Proxy Server and Internet Information Services
(IIS), the networking services in Windows 2000 can provide complete solutions
for the investment firm.
At the end of this module, you will be able to:

Identify the characteristics of the scenario that influence the design
decisions.

Describe the essential design decisions required to provide networking
services.

Describe the design decisions for securing the networking services.

Describe the design decisions for improving the availability and
performance of the networking services.

Slide Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will
examine an investment firm
scenario and the design that
provides a solution to the
business requirements of
the firm.
2 Module 13: Networking Service Designs
Current Project Status
New York
Router 4
London
Tokyo
200 Hosts
150 Hosts
100 Hosts
75 Hosts
175 Hosts
Router 1 Router 3
Router 2
Router 5
3 Hosts
250 HostsMany investment firms are increasing their presence on the Internet because of
electronic trading and online investments. These firms also connect branch
offices by using public networks such as the Internet. In addition, many of the
brokers and agents within investment firms require remote access to their
confidential client information.
A well-established investment firm is expanding operations to include a larger
online presence, and to provide remote access to broker and client information.
The existing connectivity between the New York, Tokyo, and London locations
is provided by:

Dedicated routers at each location.

56 kilobits per second (Kbps) dedicated lease-lines between locations.

investment firm, you must
first identify the current
status of the design project.
Delivery Tip
Ask the students to study
the slide and to list the
important points to be
considered for designing a
solution.
4 Module 13: Networking Service Designs Design Requirements and Limitations
New York
Router 4
London
Tokyo
200 Hosts
150 Hosts
100 Hosts
75 Hosts
175 Hosts
Router 1 Router 3
Router 2
Router 5
3 Hosts
250 HostsAn investigation of the current network, user traffic patterns, and future

requirements and limitations
of the investment firm that
influence the design
decisions.
Lead-in
To design a solution for the
investment firm, you must
first identify the design
requirements and
limitations.
Module 13: Networking Service Designs 5 Connectivity
The applications used by the investment firm require connectivity between the
offices. When creating the design for the investment firm, remember that your
design must provide:

Simultaneous access to private network resources for approximately 200
brokers connecting through the Internet by using a variety of operating
systems.

Simultaneous access to Web-based applications for approximately 1,500
brokers and customers who are connecting through the Internet by using a
variety of operating systems.

Access to management aspects of the Web-based applications that are
restricted to brokers and administrative staff.

Access to the Internet from all locations for all private network users.

types of clients, applications, connectivity between locations, and connectivity
for remote users. You must place the servers within the organization based on
the number of clients, the geographic locations, and the amount of traffic
between network segments.
To provide the essential networking services for the investment firm, you must:

Identify the networking services that are required at each location.

Determine the networking server placement and design options for New
York.

Determine the networking server placement and design options for Tokyo.

Determine the networking server placement and design options for London.

Slide Objective
To describe the decisions
that are essential to
providing the investment
firm solution.
Lead-in
You must identify which
networking services to
include and where to place
servers to provide essential
support for the investment
firm.
Module 13: Networking Service Designs 7
DHCP Automatic IP configuration for clients.
DNS Name resolution for Web-based applications.
Support for the Active Directory
™
directory service.
WINS Name resolution for Microsoft Windows 95, Microsoft
Windows 98, and Microsoft Windows NT
®
version 4.0 clients.
Microsoft Proxy
Server
Isolation between the private network and the Internet.
Different levels of security by creating screened subnets.
Caching of Internet requests.
Routing and Remote
Access
Connectivity between the various geographic locations within
the organization.
Connectivity for the brokers who connect to private network
resources through a virtual private network (VPN) connection
over the Internet.
Isolation between the private network and the Internet.

Slide Objective
To describe the decisions
involved in identifying the
appropriate networking
services to include in the
solution.
Lead-in

Router 1
Router 3
WINS
DHCP
DNS
Proxy
Server
Router 2
Internet
Internet
Subnet A
175 Hosts
Subnet C
250 Hosts
Subnet E
3 Hosts
Subnet B
7 Hosts
Firewall
VPN Remote
Access
Subnet D
2 HostsFor the New York location, determine where to place the servers and the
options necessary to support your design.
Placing Servers That Run the Networking Services
The following table lists the placement criteria for servers at the New York
location.

location.
Point out that all servers not
running networking services
and all client computers
have been removed from
the slide for clarity
purposes.
Module 13: Networking Service Designs 9 Specifying Networking Services Design Options
The following tables outline the options that you need to specify in your
network design for each of the servers in the New York location.
DHCP
Specify To

DHCP scope for Subnets A and C Provide automatic IP configuration for the
DHCP clients on Subnets A and C.
Bootstrap Protocol (BOOTP) forwarding
on Router 1 and Router 2
Enable the forwarding of DHCP packets
between Subnets A, B, and C.
DNS updates Register new DHCP clients with DNS.

DNS
Specify To

Active Directory integrated zone Use the existing Active Directory
infrastructure, and to act as the repository
for the DNS zone information.

remote access clients and the VPN remote
access server.
Microsoft Challenge Authentication
Protocol (MS-CHAP) authentication
Provide encrypted authentication and
support encryption by using MPPE.

10 Module 13: Networking Service Designs Proxy Server
Specify To

All users on the private network are
authorized
Enable Internet access through the proxy
server to users on the private network.
Reverse hosting for Web servers that host
the broker and trading applications
Enable access to the broker and trading
applications from users on the Internet.

Module 13: Networking Service Designs 11 Providing Networking Services at the Tokyo Location
Subnet F
100 Hosts
Internet
Internet
The DHCP, DNS, and WINS servers were placed on Subnet F because
Subnet F contains the majority of client computers at the Tokyo location.

Slide Objective
To describe the decisions
involved in placing the
appropriate servers within
the Tokyo location.
Lead-in
The Tokyo location is a
branch office consisting of
fewer computers than New
York and London; therefore,
it has different networking
services requirements.
Delivery Tip
Check the students’
understanding of content by
asking them why all of the
computers have been
placed on Subnet F.

Point out that all servers not
running networking services
and all client computers
have been removed from
the slide for clarity
purposes.

Burst handling Respond to a large number of
simultaneous WINS registration requests.
Replication with the New York server Ensure WINS resolution and registration
between locations.

Router
Specify To

Static Routing Provide routing between locations.
OSPF Automatically update routing table
information with existing routers.
IPSec tunnel Encrypt data between locations and to
authenticate the router.

Module 13: Networking Service Designs 13 Providing Networking Services at the London Location
Subnet H
200 Hosts
Internet
Internet
WINS
DHCP
DNS
Subnet I
150 Hosts
Firewall
Router 5


involved in placing the
appropriate servers within
the London location.
Lead-in
The London location is a
larger branch office
consisting of fewer
computers than New York;
therefore, it has different
networking services
requirements.
Point out that all servers not
running networking services
and all client computers
have been removed from
the slide for clarity
purposes.
Note
14 Module 13: Networking Service Designs The following tables list the related design options by networking service, and
the reason for specifying the options in your design.
DHCP
Specify To

DHCP scope for Subnets H and I Provide automatic IP configuration for the
DHCP clients on Subnets H and I.
DHCP Relay Agent on Router 5 Enable the forwarding of DHCP packets
between Subnets H and I.






Providing Security

Identifying Potential Security Risks

Preventing Potential Security RisksTo secure the networking solution, you must identify the potential security risks
and how to prevent those risks from occurring. You identify the security risks
based on the confidentiality of the data and the number of users that have access
to the data. You prevent unauthorized access to confidential data by encrypting
the data, and authenticating users or devices that transmit the data.
To provide security for the investment firm solution, you must:

Identify the potential security risks for the confidential data.

Identify the strategies for preventing the potential security risks at each
location.

Slide Objective
To describe the decisions to
secure the investment firm
solution.
Lead-in
To secure the investment

The following table lists the security risks and why the data is at risk.
Data is at risk Because there is a possibility that

Within each location Brokers can access other brokers’ clients.
Customers may connect to the network while in the
branch office and access others’ accounts.
Network administrative staff can access any of the
firm’s accounts and records.
Between locations Confidential data is transmitted between locations over
public networks.
From the Web-based
application
Brokers and customers can transmit confidential data
over the Internet.
Servers that host the Web-based applications are
accessible from the Internet.
From brokers accessing the
private network remotely
Brokers can transmit confidential data over public
networks.

Slide Objective
To describe how to identify
the potential security risks in
the investment firm solution.
Lead-in
If your network transmits
confidential data on a
private network or over
public networks, the data

Encrypting (by using IPSec) all confidential data transmitted within the
private network.

Authenticating all brokers by using Active Directory authentication.

Authenticating all customers when they access the Web-based application
while connecting to the network within each location.

Requiring HyperText Transmission Protocol Secure (HTTPS) for all
transactions on the Web-based application.

Between Locations
You can prevent the security risks between locations by:

Requiring the routers that connect locations transmit all data through a VPN
tunnel.

Encrypting the data by using 56-bit Data Encryption Standard (DES), which
is the strongest level of encryption that can be exported outside the U.S. and
Canada.

Authenticating the routers by using MS-CHAP v2 and IPSec.

Slide Objective
To describe the decisions
involved in preventing the
security risks for the
investment firm solution.
Lead-in
After identifying the security




Enhancing the Availability and Performance

Identifying the Essential Networking Services

Enhancing the Availability and Performance at the New
York Location

Enhancing the Availability and Performance at the Tokyo
Location

Enhancing the Availability and Performance at the
London LocationWithin the design, certain networking services are essential to the continued
operation of mission-critical applications. When these networking services are
unavailable or respond slowly, the applications that the services support will
also experience outages and slow performance.
You can enhance the availability and performance of the investment firm
solution by:

Identifying the essential networking services that require improved
availability and performance.

Identifying strategies for enhancing the availability and performance of the
networking services at the New York location.
