Partager via


Creating and Testing Functional Designs

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The next step in the deployment planning process is creating the actual design, or functional specification, for the Windows Server 2003 features that you intend to implement in your organization. The process of creating the functional specification and testing your implementation of Windows Server 2003 begins in the MSF planning phase and continues through the developing and stabilizing phases.

In the functional specification, describe the operating system features that you will implement, and how they will be configured and deployed. Many features of Windows Server 2003 are interrelated, particularly for implementations that include Active Directory. For this reason, create a dependencies matrix by using the information provided in the tables in this section, and include it in your functional specification.

Also describe the different types of computer users in your organization, the key tasks they perform, how these tasks are currently performed, and how performance can be improved in the new network environment. If yours is a large organization with multiple sites, or an international organization, include geographical concerns in your functional specification.

Creating a functional specification is an iterative process. As you develop your functional specification, test your proposed implementation in your test lab. Testing your functional specification helps you determine the best way to use Windows Server 2003 features to meet your project objectives. For information about creating a test lab to test your deployment of Windows Server 2003, see "Designing a Test Environment" in this book.

The following tables describe the contents of each chapter in this kit. Use these tables to find the information that you need to create your functional specification and plan your deployment.

Each table contains the following information:

  • Chapter title, along with a brief description of the topics addressed in the chapter.

  • Prerequisites for reading the chapter. Prerequisites may include one or all of the following:

    • Tasks. Occasionally you must perform certain tasks before you design or implement the feature or technology described in the chapter. For example, most Windows Server 2003 deployments will include Active Directory and DNS. Organizations that also will deploy Remote Installation Services (RIS) will need to take RIS into account when creating their Active Directory and DNS designs.

    • Reading. Your network designers should consult other chapters in the kit before creating their functional specifications.

    • Technical background. Your network designers should understand certain technological concepts and issues before deploying the technology described in the chapter.

Table 1.5 and Table 1.6 describe the chapters in Deploying Network Services, which is divided into two parts.

Table 1.5   "Part 1: Core Network Infrastructure"

Chapter Prerequisites

Designing a TCP/IP Network

Describes how to design a TCP/IP infrastructure for a new environment or for an existing environment. Explains the fundamental design decisions that you need to make about your networking infrastructure, addressing such issues as routing, addressing, multicasting, security, and introducing IP version 6 (IPv6) in your IP version 4 (IPv4) network.

Technical Background

General knowledge of TCP/IP.

Tasks

Might require changes to your Internet Protocol security (IPSec) design.

Reading

"Deploying DHCP"

"Deploying Domain Name System (DNS)"

"Deploying WINS"

"Deploying IPSec"

"Designing the Active Directory Logical Structure" in Designing and Deploying Directory and Security Services

Deploying DHCP

Describes DHCP server design considerations, and explains how to integrate DHCP with other services, define and activate scopes for your DHCP clients, and implement your DHCP solution.

Technical Background

Familiarity with your organization’s DNS and WINS design.

Deploying Domain Name System (DNS)

Describes planning and designing your DNS infrastructure (DNS namespace, DNS server placement, DNS zones, and DNS client configuration). Also explains how to plan the level of integration with Active Directory that you require and how to identify security, scalability, and performance requirements, which is a concern for those who are integrating DNS with Active Directory.

Technical Background

Familiarity with your organization’s DHCP and WINS design.

Tasks

Might require changes to your organization’s cross-forest trusts in your Active Directory installation.

Reading

"Designing the Active Directory Logical Structure" in Designing and Deploying Directory and Security Services

Deploying WINS

Describes how to develop a server strategy, design a replication strategy, secure your WINS solution, integrate WINS with other services, and implement your WINS solution.

Technical Background

Familiarity with your organization’s DNS and DHCP design.

Reading

"Deploying DHCP"

"Deploying Domain Name System (DNS)"

Deploying ISA Server

Describes how to identify the most appropriate deployment mode (cache, firewall, or integrated) for your organization and how to integrate Microsoft Internet Security and Acceleration (ISA) Server with other components in your network. Other topics include security considerations and implementing your deployment design.

Tasks

You must deploy your network infrastructure first.

Might require simultaneously designing your remote access server deployment.

Reading

"Deploying Dial-up and VPN Remote Access Servers"

"Connecting Remote Sites"

Deploying IPSec

Describes the design decisions that you must make and the planning tasks you must perform to use Internet Protocol security (IPSec) for end-to-end secure networks. Topics include determining where and how you must secure computers on your network, and deciding which policy provides the security measures you require.

Technical Background

Familiarity with your organization’s public key infrastructure (PKI) design and IP design.

Tasks

Usually requires deployment of Group Policy.

Might also require deployment of Active Directory.

Reading

"Designing a TCP/IP Network"

Table 1.6   "Part 2: Network Access Infrastructure"

Chapter Prerequisites

Deploying Internet Authentication Service (IAS)

Describes how to decide what role Internet Authentication Service (IAS) should play in your network infrastructure, how to configure connection request and remote access policies that allow users to access the network, and how to secure and optimize the deployment of Windows Server 2003.

Reading

"Deploying Dial-up and VPN Remote Access Servers"

"Designing a Public Key Infrastructure" in Designing and Deploying Directory and Security Services

"Deploying a Wireless LAN"

Deploying Dial-up and VPN Remote Access Servers

Describes dial-up and virtual private network (VPN) remote access and helps you to decide which solution will best serve your organization. Also describes the network infrastructure needed to support your remote access server design.

Reading

"Designing a Public Key Infrastructure" in Designing and Deploying Directory and Security Services

"Deploying Internet Authentication Service (IAS)"

"Deploying ISA Server"

Deploying Remote Access Clients Using Connection Manager

Provides information about remote access clients and describes how to provide phone book support, how to implement Connection Manager, and how to customize Connection Manager for your organization using the Connection Manager Administration Kit (CMAK).

Technical Background

Familiarity with your organization’s security practices, such as smart card usage.

Tasks

You must first deploy an authentication service, such as IAS, to enable authentication, authorization, and auditing.

Reading

"Deploying Dial-up and VPN Remote Access Servers"

"Deploying Internet Authentication Service (IAS)"

Connecting Remote Sites

Describes how to choose the remote site connection type and its configuration options, which security features to use, and how to integrate the remote site connection into your existing network infrastructure. Also describes how to deploy your remote site connection after all the design decisions have been made.

Reading

"Deploying Dial-up and VPN Remote Access Servers"

"Deploying a Public Key Infrastructure" and "Designing the Site Topology" in Designing and Deploying Directory and Security Services

Deploying a Wireless LAN

Describes how to design and deploy a secure, manageable wireless local area network (WLAN) in an enterprise environment.

Tasks

You must deploy your network infrastructure first. In addition, to provide authorization and authentication for wireless users, automatic IP address assignment, and name resolution, your networking infrastructure should include the following components and services:

  • Active Directory

  • Remote Authentication Dial-In User Service (RADIUS) servers and proxies

  • A certificate infrastructure (also known as a public key infrastructure, or PKI)

  • DHCP services

  • DNS services

Table 1.7 and Table 1.8 describe the chapters in Designing and Deploying Directory and Security Services, which is divided into two parts.

Table 1.7   "Part 1: Designing and Deploying Directory Services"

Chapter Prerequisites

Planning an Active Directory Deployment Project

Provides the planning information necessary to help you determine your Active Directory deployment strategy, which will vary depending on your existing network configuration. Also provides a roadmap of the rest of "Part 1: Designing and Deploying Directory Services" to help you identify your next steps in the Active Directory deployment process.

Technical Background

Familiarity with all applications in your organization that use Active Directory, such as Microsoft Exchange Server.

Designing the Active Directory Logical Structure

Provides detailed information on designing an Active Directory logical structure for organizations that have no Active Directory structure and for those that want to change their current Active Directory deployment.

None

Designing the Site Topology

Provides information on designing a site topology for your environment, including information on how to sufficiently route query and replication traffic in ways that minimize both cost and administrative effort. Also explains how to determine which locations require domain controllers and where you need to create sites, site links, and site link bridges.

Reading

"Designing the Active Directory Logical Structure"

Planning Domain Controller Capacity

Provides guidelines for planning domain controller hardware needs and placement in a Windows Server 2003 environment, with an emphasis on monitoring needs.

Technical Background

General knowledge of your organization’s logical structure and site topology.

Reading

"Designing the Active Directory Logical Structure"

"Designing the Site Topology"

Enabling Advanced Windows Server 2003 Active Directory Features

Provides information about Active Directory functional levels and the features that are enabled at each functional level. Also describes the process for raising functional levels in a Windows Server 2003 environment.

Reading (especially for new deployments):

"Designing the Active Directory Logical Structure"

"Designing the Site Topology"

"Planning Domain Controller Capacity"

Deploying the Windows Server 2003 Forest Root Domain

Describes the process for deploying a forest root domain in an environment that has no Active Directory structure. Steps include reviewing the Active Directory designs created in preceding chapters and configuring DNS for the root domain.

Reading

"Designing the Active Directory Logical Structure"

"Designing the Site Topology"

"Planning Domain Controller Capacity"

"Enabling Advanced Windows Server 2003 Active Directory Features"

Deploying Windows Server 2003 Regional Domains

Describes the process for deploying Windows Server 2003 regional domains. Also includes steps for reviewing your regional domain design and for delegating the DNS domain for the new regional domain.

Reading

"Designing the Active Directory Logical Structure"

"Designing the Site Topology"

"Planning Domain Controller Capacity"

"Enabling Advanced Windows Server 2003 Active Directory Features"

"Deploying the Windows Server 2003 Forest Root Domain"

Upgrading Windows NT 4.0 Domains to Windows Server 2003 Active Directory

Provides detailed steps for upgrading from Windows NT 4.0 to an existing forest or to a single domain forest. Also describes tasks that need to be performed prior to and after upgrading.

Reading

"Deploying the Windows Server 2003 Forest Root Domain"

"Deploying Windows Server 2003 Regional Domains"

If you plan to upgrade some Windows NT 4.0 domains and restructure others, you also should read "Restructuring Windows NT 4.0 Domains to an Active Directory Forest"

Upgrading from Windows 2000 Domains to Windows Server 2003 Domains

Provides detailed steps for upgrading from Windows 2000. Also describes tasks that need to be performed prior to and after upgrading.

Reading

"Enabling Advanced Windows Server 2003 Active Directory Features"

If you plan to change your current Active Directory structure, also read "Designing the Active Directory Logical Structure" and "Designing the Site Topology"

Restructuring Windows NT 4.0 Domains to an Active Directory Forest

Describes how to complete the necessary planning and preparation tasks, and how to migrate Windows NT 4.0 Server accounts and resources to an Active Directory domain or domains using the Active Directory Migration Tool (ADMT v2).

Reading

"Deploying the Windows Server 2003 Forest Root Domain"

"Deploying Windows Server 2003 Regional Domains"

If you plan to upgrade some domains and restructure others, also read "Upgrading Windows NT 4.0 Domains to Windows Server 2003 Active Directory."

Restructuring Active Directory Domains Between Forests

Describes how to complete the necessary planning and preparation tasks, and how to migrate accounts and resources between Active Directory domains in two different forests using ADMT v2.

Reading (if you plan to change your existing Active Directory structure):

"Designing the Active Directory Logical Structure"

"Designing the Site Topology"

"Enabling Advanced Windows Server 2003 Active Directory Features"

"Designing and Deploying File Servers" in Planning Server Deployments (for potential issues related to File Replication service [FRS])

Restructuring Active Directory Domains Within a Forest

Describes how to complete the necessary planning and preparation tasks, and how to migrate accounts and resources between Active Directory domains located in the same forest by using ADMT v2.

Reading (if you plan to change your existing Active Directory structure):

"Designing the Active Directory Logical Structure"

"Designing the Site Topology"

"Enabling Advanced Windows Server 2003 Active Directory Features"

"Designing and Deploying File Servers" in Planning Server Deployments (for potential issues related to FRS)

Table 1.8   "Part 2: Deploying Distributed Security Services"

Chapter Prerequisites

Planning a Secure Environment

Provides an overview of the security-related solutions discussed throughout this kit. Introduces the components of a secure Windows Server 2003 environment, explains how to securely address user needs, and describes how to establish a secure common infrastructure.

None

Designing an Authentication Strategy

Describes how to create an authentication strategy that includes account management, authentication protocol selection, and configuration options. The strategy you devise enhances the security of the authentication process.

Technical Background

Familiarity with your organization’s implementation of Microsoft® Outlook® messaging and collaboration client and Microsoft Exchange Server.

Reading

"Planning a Smart Card Deployment" (if you plan to use smart cards in your organization)

"Designing the Active Directory Logical Structure"

Designing a Resource Authorization Strategy

Provides background information on security groups and domain and forest functional levels. Also describes how to develop a strategy for using security groups to effectively manage access to resources, and how to delegate security group maintenance.

Task

You must deploy Active Directory first.

Reading

"Designing the Active Directory Logical Structure"

"Restructuring Windows NT 4.0 Domains to an Active Directory Forest"

"Deploying Windows Server 2003 Regional Domains"

Designing a Public Key Infrastructure

Describes how to create an infrastructure of certification authorities, for the purpose of issuing and managing certificates for a variety of purposes. Steps include defining your certificate requirements, creating a design for your infrastructure, creating a certificate management plan, and deploying your PKI solution.

Task

You must deploy Active Directory first, if your organization uses Active Directory. You do not need Active Directory to deploy a PKI; however, the capabilities of the Windows Server 2003 PKI are greatly enhanced by Active Directory.

Planning a Smart Card Deployment

Describes how to develop specifications and management protocols that make it possible to secure various user activities through the use of smart cards.

Reading

"Designing a Public Key Infrastructure"

"Deploying Remote Access Clients Using Connection Manager" in Deploying Network Services

"Designing an Authentication Strategy"

Table 1.9 describes the contents of Planning Server Deployments.

Table 1.9   Planning Server Deployments

Chapter Prerequisites

Planning for Storage

Provides an overview of Windows Server 2003 storage solutions and discusses how to determine application and organizational storage requirements, and how to plan for storage scalability, storage area network (SAN) deployment, fault tolerance, and disaster recovery.

None

Designing and Deploying File Servers

Provides an overview of new file server features in Windows Server 2003 and discusses how to identify file service goals, design Distributed File System (DFS) namespaces, plan file server availability by using server clusters or File Replication service (FRS), design a standard file server configuration, and secure and deploy file servers.

Task

You must deploy Active Directory first.

Reading

"Designing and Deploying Server Clusters"

"Designing a Resource Authorization Strategy" in Designing and Deploying Directory and Security Services

Designing and Deploying Print Servers

Describes the processes for inventorying your current print environment, identifying and resolving client print driver compatibility issues, creating a standard print server hardware design, designing your new print environment, increasing your print server availability, and deploying Windows Server 2003 print servers.

Task

You must deploy Active Directory first.

Reading

"Designing and Deploying Server Clusters"

"Designing a Resource Authorization Strategy" in Designing and Deploying Directory and Security Services

Hosting Applications with Terminal Server

Describes how to create an application hosting plan, how to plan network and hardware resources for Terminal Server, and how to design user and domain configurations for Terminal Server.

Task

You must design your Windows Server 2003 domain infrastructure first.

Planning for Remote Server Management

Helps you determine which servers to manage and whether to manage them remotely or locally. Explains how to identify the appropriate tools to use for management. Describes the required supporting hardware components and configurations. Also discusses network and security considerations and remediation, and whether and how to deploy Windows Server 2003 remotely.

Technical Background

Knowledge of your organization’s server configurations, such as server location and role.

Knowledge of the availability requirements for the servers you plan to manage remotely and who the administrators are.

Planning for High Availability and Scalability

Introduces IT practices and hardware solutions that can increase the availability of your Windows Server 2003 servers. Also introduces the two clustering technologies available in Windows Server 2003: server clusters and Network Load Balancing (NLB).

None

Designing and Deploying Server Clusters

Describes how to plan and deploy server clusters. Includes discussions of application analysis and deployment strategies, failover strategies, network configuration, data storage considerations, and security considerations. Also explains how to start planning geographically dispersed clusters.

Reading

"Planning for High Availability and Scalability"

"Designing and Deploying File Servers"

"Designing and Deploying Print Servers"

Designing Network Load Balancing

Describes how to create designs that include NLB clusters. Topics include how to determine the number of clusters required, how to determine the number of cluster hosts required, the use of virtual clusters, securing the administration of the cluster, scaling applications and services by using NLB, and improving the availability of services by using NLB.

Reading

"Planning for High Availability and Scalability"

Deploying Network Load Balancing

Describes how to deploy the design created in the previous chapter without affecting existing services. Includes information about how to install a new NLB cluster, upgrade an existing NLB cluster, or migrate an existing NLB cluster.

Reading

"Planning for High Availability and Scalability"

"Designing Network Load Balancing"

Table 1.10 describes the content of Designing a Managed Environment.

Table 1.10   Designing a Managed Environment

Chapter Prerequisites

Planning a Managed Environment

Describes how to define the scope of your project, assess your current environment, determine your requirements for change and configuration management technologies, and design managed solutions.

None

Designing a Group Policy Infrastructure

Describes how to design your organizational unit (OU) structure, define the scope of the application of Group Policy, test your design, and deploy it.

Reading

"Planning a Managed Environment"

"Designing the Active Directory Logical Structure" in Designing and Deploying Directory and Security Services

Staging Group Policy Deployments

Describes the process for staging Group Policy, which includes creating a staging environment that mimics the production environment, testing new Group Policy settings, and deploying those settings in the production environment.

Reading

"Designing a Group Policy Infrastructure"

Deploying Security Policy

Provides specific instructions for using Group Policy to secure your managed environment. Includes information about how to assess potential security risks, how to analyze the consequences of security breaches and how to develop countermeasures for them, and how to plan a security strategy with Group Policy.

Reading

"Designing a Group Policy Infrastructure"

"Staging Group Policy Deployments"

All of the chapters in "Part 2: Deploying Distributed Security Services" in Designing and Deploying Directory and Security Services (see

Table 1.8)

Deploying Software Update Services

Describes using Software Update Services (SUS) to manage security updates for your clients and servers. Topics include how to design the SUS server configuration, how to deploy the SUS server component, and how to deploy the Automated Updates feature.

None

Migrating User State

Describes how to migrate user state, including identifying the best methods for collecting, storing, and restoring user state data and deciding which user data and settings should be migrated. Other topics include preparing a migration plan that addresses storage and security requirements; potential registry, drive, and domain changes; and training users.

None

Implementing User State Management

Describes how to use IntelliMirror® management technologies to ensure that a user’s data, applications, and settings remain constant throughout the user’s environment. This process includes defining your objectives for managing user data and settings, determining which IntelliMirror technologies meet the needs of your users and your organization, and testing your designs in a controlled environment.

Reading

"Planning a Managed Environment"

"Designing a Group Policy Infrastructure"

"Staging Group Policy Deployments"

Deploying a Managed Software Environment

Describes the process of deploying a managed software environment. Topics include how to prepare and deploy applications, how to migrate applications to a managed environment, and how to update, upgrade, and remove applications.

Reading

"Planning a Managed Environment"

"Designing a Group Policy Infrastructure"

"Staging Group Policy Deployments"

Deploying a Simple Managed Environment

Provides an end-to-end deployment scenario based on the information presented in this book. The scenario covers deploying your network infrastructure, preparing your logical infrastructure, creating shared folders, publishing software, configuring user data and settings, using RIS to deploy Windows XP Professional, testing your deployment, and backing up a domain controller.

Reading

All of the chapters in this book

Table 1.11 describes the contents of Deploying Internet Information Services (IIS) 6.0.

Table 1.11   Deploying Internet Information Services (IIS) 6.0

Chapter Prerequisites

Overview of Deploying IIS 6.0

Describes the high-level processes for deploying IIS Web servers in your organization.

None

Deploying ASP.NET Applications in IIS 6.0

Describes how to deploy ASP.NET applications and individual application files to a Web server.

Task

You must first deploy Windows Server 2003 with the default options, and enable IIS 6.0 with the default settings.

Securing Web Sites and Applications

Describes how to configure IIS 6.0 to provide optimal security for Web sites and applications hosted on the Web server. Topics include reducing the attack surface of the Web server, preventing unauthorized access, and configuring user authentication.

Task

You must first deploy Windows Server 2003 with the default options, and enable IIS 6.0 with the default settings.

Reading

The other chapters in this kit that address security concerns

Ensuring Application Availability

Information in this chapter describes how to achieve high application availability by setting availability goals, how to configure IIS to achieve those goals, and how to test your applications to ensure that they perform to meet the availability goals you have set.

Task

You must first deploy Windows Server 2003 with the default options, and enable IIS 6.0 with the default settings.

Reading

"Securing Web Sites and Applications"

Upgrading an IIS Server to IIS 6.0

Describes how to upgrade existing Web servers running IIS 4.0 on Windows NT 4.0 and IIS 5.0 on Windows 2000 to IIS 6.0 on Windows Server 2003. Topics include how to prepare for the upgrade, how to perform the upgrade, and how to further customize the configuration of IIS 6.0 after performing the upgrade.

None

Migrating IIS Web Sites to IIS 6.0

Describes how to migrate Web sites and applications from existing Web servers running Internet Information Services (IIS) 4.0 or IIS 5.0 to a freshly installed Web server running IIS 6.0 and Windows Server 2003 manually or by using the IIS Migration Tool. Explains how to prepare for and perform the migration and how to further customize the configuration of IIS 6.0 after migration is complete.

Reading

The documentation for the IIS Migration Tool, which is installed with the tool. To find the documentation, on the Start menu, point to All Programs, point to IIS Resources, and then click IIS 6.0 Tools Documentation.

Migrating Apache Web Sites to IIS 6.0

Describes how to migrate Web sites from existing Web servers running Apache on Linux to a freshly installed Web server running IIS 6.0 and Windows Server 2003 by using the Apache to IIS 6.0 Migration Tool.

Reading

The documentation for the Apache to IIS 6.0 Migration Tool, which is installed with the tool. To find the documentation, on the Start menu, point to All Programs, point to IIS Resources, and then click IIS 6.0 Tools Documentation.

Table 1.12 describes the contents of Automating and Customizing Installations.

Table 1.12   Automating and Customizing Installations

Chapter Prerequisites

Choosing an Automated Installation Method

Provides guidelines for choosing which automated installation solution is best for a particular large-scale operating system rollout. Three automated installation solutions are evaluated: unattended installation, image-based installation with the System Preparation (Sysprep) tool, and Remote Installation Services (RIS) installation.

Task

You must first design your network, Active Directory, and servers (such as file servers, terminal servers, or print servers).

Designing Image-based Installations with Sysprep

Describes how to plan and design disk-imaging deployment solutions, including how to use Sysprep to perform large-scale operating system rollouts. Also explains how to assess your current environment, define disk image requirements, and design the overall deployment process.

Task

You must first design your network, Active Directory, and servers (such as file servers, terminal servers, or print servers).

Designing Unattended Installations

Describes how to plan and design unattended installation solutions for large-scale operating system rollouts. Explains how to perform unattended clean installations from CD or from a distribution folder, and how to perform unattended upgrade installations. Also describes how to assess your current environment, decide whether to upgrade or to perform clean installations, and design the overall deployment process.

Task

You must first design your network, Active Directory, and servers (such as file servers, terminal servers, or print servers).

Designing RIS Installations

Describes how to plan and design RIS deployment solutions for large-scale operating system rollouts. RIS solutions that are image-based (Riprep solutions) and solutions that are distribution-folder-based (Risetup solutions) are both discussed.

Task

You must first design your network, Active Directory, and servers (such as file servers, terminal servers, or print servers).

Reading

"Deploying DHCP" in Deploying Network Services

Migrating User State

Describes how to migrate user state, including identifying the best methods for collecting, storing, and restoring user state data and deciding which user data and settings to migrate. Other topics include preparing a migration plan that addresses storage and security requirements; identifying potential registry, drive, and domain changes; and educating users.

None