Options
Virtual PC / VM Ware practical experience (70-291)
mrx9000
Member Posts: 37 ■■□□□□□□□□
Hi Everyone,
Although I work in a fast paced IT department - I am really feeling the benefits of self training with Virtual PC.
Since my wife is sick of hearing about it, I thought I could bore you all
What do you think of this setup? Would you do it differently?
I have 3 virtual domain controllers and at least 3 clients (PC-0001 to PC-0003)
DC1 - Primary Domain Controller, Server 2003 SP1 - Net1 10.10.1.1 Net2 10.30.1.2
DC2 - Secondary Domain Controller, Server 2003 SP1 - Net1 10.20.1.1 Net2 10.10.1.2
DC3 - Secondary Domain Controller, Server 2003 SP1 - Net1 10.30.1.1 Net2 10.20.1.2
AD Sites and Subnets are configured
DFS share is created called UserData which replicates between servers
Using batch files created in Excel (concatenate) 50 user accounts and folders have been created
(The user profiles are on the DFS share - do you think that is a bad idea???)
Using DSMOD and XCACLS.VBS home folders and NTFS permissions have been created
Default user profile created in NETLOGIN folder
Group policy configured for standard desktop wallpaper - but with Active Desktop
Group policy configured to re-direct user "My Documents" to home folder (H:\) (refresh problem)
I am planning to:
Configure DNS zones / zone transfer
Add a server for WSUS and eventually configure for ISA
Create security groups for distribution of MSI installers
Apply group policy security templates and check conformity across domain
Configure DHCP and if I can in this class A environment DHCP relay (What do you think?)
Then... The challenge....
At my momma's place, create a 4th domain controller (DC4) and create a VPN over the internet back to the WSUS/ISA server here and employ IPSec security etc!
Other future plans include adding Exchange, possibly SharePoint and deployment using RIS.
This is primarily focused on training for 70-291 - can you think of anything I have missed??
Hope I have not bored you too much!
Although I work in a fast paced IT department - I am really feeling the benefits of self training with Virtual PC.
Since my wife is sick of hearing about it, I thought I could bore you all
What do you think of this setup? Would you do it differently?
I have 3 virtual domain controllers and at least 3 clients (PC-0001 to PC-0003)
DC1 - Primary Domain Controller, Server 2003 SP1 - Net1 10.10.1.1 Net2 10.30.1.2
DC2 - Secondary Domain Controller, Server 2003 SP1 - Net1 10.20.1.1 Net2 10.10.1.2
DC3 - Secondary Domain Controller, Server 2003 SP1 - Net1 10.30.1.1 Net2 10.20.1.2
AD Sites and Subnets are configured
DFS share is created called UserData which replicates between servers
Using batch files created in Excel (concatenate) 50 user accounts and folders have been created
(The user profiles are on the DFS share - do you think that is a bad idea???)
Using DSMOD and XCACLS.VBS home folders and NTFS permissions have been created
Default user profile created in NETLOGIN folder
Group policy configured for standard desktop wallpaper - but with Active Desktop
Group policy configured to re-direct user "My Documents" to home folder (H:\) (refresh problem)
I am planning to:
Configure DNS zones / zone transfer
Add a server for WSUS and eventually configure for ISA
Create security groups for distribution of MSI installers
Apply group policy security templates and check conformity across domain
Configure DHCP and if I can in this class A environment DHCP relay (What do you think?)
Then... The challenge....
At my momma's place, create a 4th domain controller (DC4) and create a VPN over the internet back to the WSUS/ISA server here and employ IPSec security etc!
Other future plans include adding Exchange, possibly SharePoint and deployment using RIS.
This is primarily focused on training for 70-291 - can you think of anything I have missed??
Hope I have not bored you too much!
Comments
-
Options
sprkymrk
Member Posts: 4,884 ■■■□□□□□□□
Sounds like quite a lab you've got there!
I don't understand your Net1 and Net2 though, do you have 2 NICs on each DC? That can make things complicated, but hey it is your lab.
I especailly like "mama's challenge", but to make it a realistic training event, you should play the part of the Enterprise Admin trying to talk the remote office HelpDesk staff (mama) how to do it over the phone.
If you can accomplish that, I'll send you a prize.
All things are possible, only believe. -
Optionsmrx9000
Member Posts: 37 ■■□□□□□□□□
>>>I don't understand your Net1 and Net2 though, do you have 2 NICs on each DC? That can make things complicated, but hey it is your lab.
Thinking about it you are right. I was originally trying to simulate three remote sites and the second NICs were to link the sites together - but in Virtual PC and with a class A network it is not much of a wide area simulation
I guess I could use different subnet masks but I did not really want to user the 2003 servers as routers - with CISCO being the real world routing king. The 2ad NICs were assumed connections provided by a fictional network infrastructure - but Virtual PC just meshes them all together.
It does make it confusing though, especially when I start the DNS/DHCP config
No wonder the DFS locations and replication patterns are weird!
It is a shame that there are no Virtual Routers for Virtual PC... -
Options
HeroPsycho
Inactive Imported Users Posts: 1,940
Why don't you use VMWare Server? You have separate virtual switches within it. Make the VPN over one virtual switch, and each DC connected on different LAN's on other virtual switches.Good luck to all! -
Optionsmrx9000
Member Posts: 37 ■■□□□□□□□□
Sounds good!
I did not realise VMware had switches, I not used it so much. Are these virtual switches layer 3 capable?
Although I would have to start again It would be nice if the servers were on different routed networks and it certainly would be easier working with the VPN.
Thank you for the info! -
Optionsmrx9000
Member Posts: 37 ■■□□□□□□□□
I have thought about it and I now that I have done half of the work in Virtual PC - I will carry on with it this time.
I am very interested in VMWare - especially ESX server and VMotion!
As a plan B, I am thinking of changing the IP addressing and using RRAS for routing:
DC1 - Net1(Subnet): 192.168.1.1 Net2(WANlink): 192.168.3.2
DC2 - Net1(Subnet): 192.168.2.1 Net2(WANlink): 192.168.1.2
DC3 - Net1(Subnet): 192.168.3.1 Net2(WANlink): 192.168.2.2
Subnet masks 255.255.255.0
Each server being connected to another, if a WAN link fails the data should flow both ways and hopefully DFS sties will work correctly.
Could I ask you - What do you think?? Do you think this could be a bit confusing with DNS??
All I really want to do is pass 70-291 and ultimately obtain an MCSE...