MCP Designing and Implementing a Server Infrastructure (70-413) – another study guide

Article
08/12/2013

This blog post is a study guide to help you to prepare Microsoft MCP 70-413 : Designing and Implementing a Server Infrastructure

Now to prepare seriously this certification, here is a lot of content to read and understand !! Like every other Microsoft Certification, a technical background and experience on Microsoft Infrastructure (Windows Server 2003 –> 2012) is better to have.

Designing and Implementing a Server Infrastructure
https://www.microsoft.com/learning/en-us/exam-70-413.aspx
https://borntolearn.mslearn.net/certification/server/w/wiki/496.413-designing-and-implementing-a-server-infrastructure.aspx#fbid=AMleaZ90gRg

Exam prep: 70-413 and 70-414 - MCSE: Server Infrastructure
https://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/EXM05#fbid=WSaaPBvXrM5

****************************************

Plan and deploy a server infrastructure (20–25%)

****************************************

- Design an automated server installation strategy -
-> Design considerations including images and bare metal/virtual deployment; design a server implementation using Windows Assessment and Deployment Kit (ADK); design a virtual server deployment

Windows Deployment with the Windows ADK
https://technet.microsoft.com/library/hh824947.aspx

User State Migration Tool (USMT) Technical Reference : https://technet.microsoft.com/en-us/library/hh825256.aspx
Use the User State Migration Tool (USMT) to migrate user or application data from another version of Windows, to make the user data available on the destination computer
USMT 5.0 includes three command-line tools:
- ScanState.exe version 6.2
- LoadState.exe version 6.2
- UsmtUtils.exe version 6.2
USMT 5.0 also includes a set of three modifiable .xml files:
- MigApp.xml
- MigDocs.xml
- MigUser.xml

- Plan and implement a server deployment infrastructure -
-> Configure multicast deployment; configure multi-site topology and distribution points; configure a multi-server topology; configure autonomous and replica Windows Deployment Services (WDS) servers

Windows Deployment Services Overview : https://technet.microsoft.com/library/hh831764
AD DS is not required if the WDS server is configured in Standalone mode
To initialize the WDS server in Standalone mode, you need not be a member of the Domain Users group.
The Windows Deployment Services server service is not cluster-aware. However, you can run multiple WDS servers in a network to provide fault-tolerance and load balancing
You cannot use Windows Deployment Services with the Server Core installation option

WDSUTIL is a command-line utility used for managing your Windows Deployment Services server. To run these commands, click Start, right-click Command Prompt, and click Run as administrator

T1 Line -> 1.544 Mbit/s T3 line -> 44.736 Mbit/s

What's New for Windows Deployment Services for Windows Server https://technet.microsoft.com/en-US/library/hh974416
WDSclient.exe is a new standalone client that can perform Dynamic Driver Provisioning (DDP) queries, direct VHD application, and metadata queries

There are two types of multicast transmissions :
- Auto-Cast. This option indicates that as soon as an applicable client requests an install image, a multicast transmission of the selected image begins. Then, as other clients request the same image, they too are joined to the transmission that is already started.
- Scheduled-Cast. This option sets the start criteria for the transmission based on the number of clients that are requesting an image and/or a specific day and time. If you do not select either of these check boxes, the transmission will not start until you manually start

- Plan and implement server upgrade and migration -
-> Plan for role migration; migrate server roles; migrate servers across domains and forests; design a server consolidation strategy; plan for capacity and resource optimization

Install, Use, and Remove Windows Server Migration Tools

Administrators can use Windows Server Migration Tools to migrate server roles, features, operating system settings, and other data and shares to computers that are running Windows Server 2012 R2 Preview or Windows Server 2012

smigdeploy.exe
Powershell.exe -PSConsoleFile ServerMigration.psc1

Role you can migrate using the Windows Server Migration tools includes
- Hyper-V
- Network Policy Server
- Remote Access
- Print & documents services
- WSUS
- ADFS

Windows Server Migration Tools Cmdlets in Windows PowerShell
https://technet.microsoft.com/en-us/library/ee662315.aspx

Import-SmigServerSetting : Imports selected Windows features and operating system settings from a migration store identified in the Path parameter, and applies them to the local computer
https://technet.microsoft.com/en-us/library/ee662318.aspx

Export-SmigServerSetting : Exports selected Windows features and operating system settings from the local computer, and stores them in a migration store
https://technet.microsoft.com/en-us/library/ee662317.aspx

Receive-SmigServerData : Allows a destination server to receive shares, folders, files, and associated permissions and share properties that are migrated from a source server.

Send-SmigServerData : Migrates folders, files, and associated permissions and share properties from a source server to a destination server through port 7000.

- Plan and deploy Virtual Machine Manager services -
-> Design Virtual Machine Manager service templates; define operating system profiles; configure hardware and capability profiles; manage services; configure image and template libraries; manage logical networks

Glossary for System Center 2012 - Virtual Machine Manager
https://technet.microsoft.com/en-us/library/hh369961.aspx

Know the component associated with templates for hardware profiles and guest OS profiles

How to Discover Physical Computers and Deploy as Hyper-V Hosts in VMM
https://technet.microsoft.com/en-us/library/gg610577.aspx

How to Create a Host Profile in VMM
https://technet.microsoft.com/en-us/library/gg610653.aspx

About Hardware Profiles
https://technet.microsoft.com/en-us/library/bb740879.aspx

Capability Profiles in SCVMM 2012
https://social.technet.microsoft.com/wiki/contents/articles/4149.capability-profiles-in-scvmm-2012.aspx

- Plan and implement file and storage services -
-> Planning considerations include iSCSI SANs, Fibre Channel SANs, Virtual Fibre Channel, storage spaces, storage pools, and data de-duplication; configure the iSCSI Target server; configure the Internet Storage Name server (iSNS); configure Network File System (NFS); install Device Specific Modules (DSMs)

know how to configure iscsi target

iSCSI Target Block Storage, How To
https://technet.microsoft.com/library/hh848268.aspx

iSNS Server Overview
https://technet.microsoft.com/library/cc772568.aspx

Deduplication is used on NTFS volumes, but can't be used on boot/system volumes or CSV
ddpeval.exe tool

Configuring an iSCSI Target (few text in French but all screenshot in the step by step are US) https://blogs.technet.com/b/stanislas/archive/2013/01/03/monter-son-nas-san-personnel-sous-windows-server-2012-partie-5-la-cible-iscsi.aspx

****************************************************

Design and implement network infrastructure services (20–25%)

****************************************************

- Design and maintain a Dynamic Host Configuration Protocol (DHCP) solution -
-> Design considerations including a highly available DHCP solution including split scope, DHCP failover, and DHCP failover clustering, DHCP interoperability, and DHCPv6; implement DHCP filtering; implement and configure a DHCP management pack; maintain a DHCP database

Compact DHCP database
JETPACK.EXE <database name> <temp database name>

DHCP Policies in Windows Server 2012
https://blogs.technet.com/b/teamdhcp/archive/2012/08/22/granular-dhcp-server-administration-using-dhcp-policies-in-windows-server-2012.aspx

DHCP Server Cmdlets in Windows PowerShell
https://technet.microsoft.com/en-us/library/jj590751.aspx

Use the PowerShell DHCP Module to Simplify DHCP Management
https://blogs.technet.com/b/heyscriptingguy/archive/2011/02/14/use-the-powershell-dhcp-module-to-simplify-dhcp-management.aspx

- Design a name resolution solution strategy -
-> Design considerations including secure name resolution, DNSSEC, DNS Socket Pool, cache locking, disjoint namespaces, DNS interoperability, migration to application partitions, IPv6, Single-Label DNS Name Resolution, zone hierarchy, and zone delegation

Delegation
For a DNS server to answer queries about any name, it must have a direct or indirect path to every zone in the namespace. These paths are created by means of delegation. A delegation is a record in a parent zone that lists a name server that is authoritative for the zone in the next level of the hierarchy. Delegations make it possible for servers in one zone to refer clients to servers in other zones

Recursive name resolution is the process by which a DNS server uses the hierarchy of zones and delegations to respond to queries for which it is not authoritative.In some configurations, DNS servers include root hints (that is, a list of names and IP addresses) that enable them to query the DNS root servers. In other configurations, servers forward all queries that they cannot answer to another server. Forwarding and root hints are both methods that DNS servers can use to resolve queries for which they are not authoritative

Dnscmd.exe : A command-line interface for managing DNS servers
https://technet.microsoft.com/en-us/library/cc772069.aspx

Configure the Socket Pool
https://technet.microsoft.com/library/ee649174.aspx

Deploying a GlobalNames Zone
https://technet.microsoft.com/en-us/library/cc731744.aspx

Adding a Cross-Forest GlobalNames Zone
https://technet.microsoft.com/library/cc794961.aspx

DNS Cache Locking : Cache locking provides for enhanced security against cache poisoning attacks
https://technet.microsoft.com/en-us/library/ee683892(v=ws.10).aspx

How To Create a Child Domain in Active Directory and Delegate the DNS Namespace to the Child Domain
https://support.microsoft.com/kb/255248/en-us

Understanding stub zones
https://technet.microsoft.com/en-us/library/cc779197(v=ws.10).aspx

Contrasting stub zones and conditional forwarders
https://technet.microsoft.com/en-us/library/cc780434(v=ws.10).aspx

- Design and manage an IP address management solution -
-> Design considerations including IP address management technologies including IPAM, Group Policy based, manual provisioning, and distributed vs. centralized placement; configure role-based access control; configure IPAM auditing; migrate IPs; manage and monitor multiple DHCP and DNS servers; configure data collection for IPAM

IP Address Management (IPAM) Overview
https://technet.microsoft.com/en-us/library/hh831353.aspx

IPAM Terminology
https://technet.microsoft.com/en-us/library/jj878341.aspx

Invoke-IpamGpoProvisioning
https://technet.microsoft.com/en-us/library/jj553805.aspx

Set-IpamConfiguration
https://technet.microsoft.com/en-us/library/jj590816.aspx

**********************************************

Design and implement network access services (15–20%)

**********************************************

- Design a VPN solution -
-> Design considerations including certificate deployment, firewall configuration, client/site to site, bandwidth, protocol implications, and VPN deployment configurations using Connection Manager Administration Kit (CMAK)

Remote Access (DirectAccess, Routing and Remote Access) Overview
https://technet.microsoft.com/en-us/library/dn636119.aspx

Connection Manager Administration Kit
https://technet.microsoft.com/library/cc752995.aspx

Windows 8 and Server 2012 VPN Compatibility and Interoperability
https://go.microsoft.com/fwlink/?prd=12364&pver=1.0&plcid=0x409&os=27&clcid=0x409&ar=RRAS&sar=VPN

AD CS Migration: Migrating the Certification Authority
https://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx

- Design a DirectAccess solution -
-> Design considerations including topology, migration from Forefront UAG, DirectAccess deployment, and enterprise certificates

Plan to Enable DirectAccess
https://technet.microsoft.com/en-us/library/jj574167.aspx

Add DirectAccess to an Existing Remote Access (VPN) Deployment
https://technet.microsoft.com/en-us/library/jj574220.aspx

French articles, tutoriel and videos about DirectAccess
https://blogs.technet.com/b/stanislas/archive/tags/directaccess/

Configure Force Tunneling for DirectAccess Clients
https://technet.microsoft.com/en-us/library/ee649127(v=WS.10).aspx

- Implement a scalable remote access solution -
-> Configure site-to-site VPN; configure packet filters; implement packet tracing; implement multi-site Remote Access; configure Remote Access clustered with Network Load Balancing (NLB); configure DirectAccess

- Design a network protection solution -
-> Design considerations including Network Access Protection (NAP) enforcement methods for DHCP, IPSec, VPN, and 802.1x, capacity, placement of servers, firewall, Network Policy Server (NPS), and remediation network

RADIUS Client
https://technet.microsoft.com/en-us/library/cc754033.aspx

- Implement a network protection solution -
-> Implement multi-RADIUS deployment; configure NAP enforcement for IPSec and 802.1x; deploy and configure the Endpoint Protection client; create anti-malware and firewall policies; monitor for compliance

Network Policy and Access Services
https://technet.microsoft.com/en-us/network/bb545879.aspx

Network Policy Server
https://technet.microsoft.com/en-us/library/cc732912.aspx

Network Policy and Access Services Overview
https://technet.microsoft.com/en-us/library/hh831683.aspx

Migrate Network Policy Server to Windows Server 2012
https://technet.microsoft.com/en-us/library/hh831652.aspx

**************************************************************

Design and implement an Active Directory infrastructure (logical) (20–25%)

***************************************************************

- Design a forest and domain infrastructure -
-> Design considerations including multi-forest architecture, trusts, functional levels, domain upgrade, domain migration, forest restructure, and hybrid cloud services

Creating Forest Trusts
https://technet.microsoft.com/en-us/library/cc816810(v=ws.10).aspx

Understanding When to Create a Shortcut Trust
https://technet.microsoft.com/library/cc754538

Understanding Domain and Forest Functional Levels
https://technet.microsoft.com/library/cc771294.aspx

Upgrade Domain Controllers to Windows Server 2012
https://technet.microsoft.com/en-us/library/hh994618

Requirements for Active Directory Recycle Bin
https://technet.microsoft.com/en-us/library/dd379484(v=ws.10).aspx

ADMT 3.2 Supported OS and Target Domains
https://support.microsoft.com/kb/2753560

Operations master roles
https://technet.microsoft.com/en-us/library/cc773108(v=ws.10).aspx

- Implement a forest and domain infrastructure -
-> Configure domain rename; configure Kerberos realm trusts; implement a domain upgrade; implement a domain migration; implement a forest restructure; deploy and manage a test forest including synchronization with production forests

Domain rename : Rendom.exe, repadmin.exe, Gpfixup.exe
use GPFixup after a domain rename

Gpfixup : Fix domain name dependencies in Group Policy Objects and Group Policy links after a domain rename operation
https://technet.microsoft.com/en-us/library/hh852336.aspx

Configure Universal Group Membership Caching in Active Directory
https://technet.microsoft.com/en-us/magazine/ff797984.aspx

- Design a Group Policy strategy -
-> Design considerations including inheritance blocking, enforced policies, loopback processing, security, and WMI filtering, site-linked Group Policy Objects (GPOs), slow-link processing, group strategies, organizational unit (OU) hierarchy, and Advanced Group Policy Management (AGPM)

Dcgpofix : Recreates the default Group Policy Objects (GPOs) for a domain
https://technet.microsoft.com/en-us/library/hh875588.aspx

MCP Designing and Implementing a Server Infrastructure (70-413) – another study guide

Additional resources