Lesson Plans Configuring Windows Server 2008 Network Infrastructure

(1)

Lesson Plans

Configuring Windows Server 2008

Network Infrastructure

(2)

Configuring Windows Server 2008 Network Infrastructure (70-642)

1

Course Overview

This course prepares students for the 70-642 Technology Specialist exam: Windows Server 2008 Network Infrastructure, Configuring. It focuses on the details of configuring the infrastructure of a network.

Module 0 – Introduction

This module introduces Microsoft’s recommendations of the technical experience a candidate should have before attempting the certification test. Students will become familiar with server and remote management tools. This module

provides the mathematical calculations of how to convert numbers from binary to decimal and hexadecimal. This mathematical foundation is necessary for

students to understand the IPv4 and IPv6 addresses they will be studying in the course.

Module 1 – IPv4

This module discusses the details of configuring IPv4 addressing and subnetting. This includes topics of converting IPv4 addresses from binary to decimal,

converting subnet masks to slant notation, identifying Ipv4 classes and ranges of IP addresses, and determining local and non-local hosts. Students will learn how to customize the number of subnets and hosts allowed on each subnet.

Module 2 – IPv6

In this module students will learn why it will become necessary to migrate to IPv6. They will learn the basic format of IPv6 addresses, identifying IPv6 address types, and configuring IPv6 addresses using the GUI and command line.

Interoperability strategies for implementing IPv4 and IPv6 are explored. Module 3 – DHCP

This module covers DHCP configuration, customization options, and advanced settings. Students will learn proper server placement to assure client

communication with the DHCP server, the rationale for creating superscopes and split scopes, and DHCPv6 options.

Module 4 – DNS

In Module 4 students will learn the details of how DNS translates host names to IP addresses and the process of DNS name resolution for both the client and server. Topics will also include; creating zone and zone transfers, creating or converting an Active Directory-integrated zone, creating and editing resource records, configuring client registration, automatically updating DNS using Dynamic DNS, resolving queries using stub zones and forwarding, using root hints and a root zone, managing zones through zone delegation, creating WINS-integrated zones and GlobalNames zones support, and implementing strategies and goals when designing a DNS solution.

(5)

Module 5 – Routing

Module 5 teaches the students the basics of routing and how to manage routing table entries. Students will become familiar with installing RRAS components, and configuring RIP, demand-dial routing, and ICS and NAT solutions.

Module 6 – Remote Access

Module 6 discusses the details of configuring remote access and network authentication. Topics include; configuring a Remote Access server to use Dial-up and VPN connections, configuring client connections, configuring a VPN using SSTP, and using CMAK to manage remote access.

Module 7 – Network Access and Security

In Module 7 students will learn several strategies for controlling network access and enhancing network security. These will include: controlling network location profiles, configuring a RADIUS client, server and proxy, configuring a DHCP server as an enforcement point, enforcing network authentication using Kerberos and NTLM, configuring a firewall, and configuring IPsec to protect IP packets during transmission.

Module 8 – File and Print

This module discusses managing network files and printing. Topics include: managing network file sharing and shared folders, controlling access using NTFS and share permissions, encrypting files and folders, protecting integrity of data through shadow copy, and backup and restore, restricting disk space using disk quotas and FSRM, and managing print services.

Module 9 – WSUS

In this module students will learn how to configure a WSUS server and client to manage the updating of software. They will also learn how to use MBSA to scan for security compliance.

Module 10 – Performance and Reliability

This module covers tools that are used to collect and monitor network data for performance and reliability. The Reliability and Performance Monitor provides network performance statistics. Event Viewer is used to monitor event logs. Network Monitor is used to gather information about network traffic. SNMP is used to manage network-attached devices.

Practice Exams

In Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification test.

(6)

5

Section 0.1: Introduction

Summary

This course prepares students for the 70-642 Technology Specialist exam: Windows Server 2008 Network Infrastructure, Configuring.

Microsoft recommends at least one year experience in the following underlying technologies:

 IP addressing and services

 Names resolution

 File and print services

 Network access and remote access

 Monitoring network services

This section introduces the instructor and the concepts that will be covered in this course. Video/Demo Time 0.1.1 Course Introduction 1:09 Total Time About 5 minutes

(7)

Section 0.2: Server Management

Summary

This section discusses a new management console, Server Manager, used to install and manage server components. Details include:

 Server Manager elements: o Role

o Role services o Feature

 Windows PowerShell cmdlets that support Server Manager in Windows Server 2008 R2

 The role of Server Core o Limited GUI support o Limited set of server roles

o Features available in Windows Server 2008 R2 o Other limitations:

 No windows Shell

 Limited managed code support

 Only MSI support for unattended mode installs o Managing a server core system

Students will learn how to:

 Configure and manage a server using the Server Manager.  Install roles on a Server Core server.

Configuring Server 2008 Network Infrastructure Objectives  102. Configure Dynamic Host Configuration Protocol (DHCP)  201. Configure a Domain Name System (DNS) server.

Lecture Focus Questions:

 What are the differences among roles, role services, and features?  How are dependencies handled during role installation?

 How does the server core installation differ from a standard server installation?

 What are the limitations of a server core installation? What are the advantages?

(8)

7 Video/Demo Time

0.2.1 Using Server Manager 6:39 0.2.3 Server Core 1:37 0.2.4 Installing Roles on Server Core 6:05

Total 14:21

Total Time About 20 minutes

(9)

Section 0.3: Remote Management

Summary

This section examines using the following remote management tools to manage a server:

 Remote Desktop

 Remote Desktop Gateway  MMC snap-ins

 Remote Server Administration Tools (RSAT)  Windows Remote Shell

 Enable Remote Desktop on a Server Core.  Enable remote management of the firewall.

 Open firewall ports to allow remote use of MMC snap-ins. Lecture Focus Questions:

 How do firewall ports affect your ability to remotely manage a server?  What firewall port must be opened for Remote Desktop connections?  What advantage does using TS Gateway have over using Remote

Desktop?

 What is the effect of enabling the Remote Administration exception in the firewall?

 What are the operating system requirements for RSAT?

 Which remote administration tools could you use if the firewall had only ports 80 and 443 open?

Video/Demo Time

0.3.1 Remote Management 4:06 0.3.2 Managing Server Core 14:45

Total 18:51

(10)

9

Section 0.4: Mathematical Foundations

Summary

This section explains the mathematical calculations to convert the following numbering systems:

 Base 2 - Binary  Base 10 – Decimal  Base 16 - Hexadecimal

For students to understand IPv4 and IPv6 addresses they will need to know how to convert from binary to decimal and hexadecimal.

Configuring Server 2008 Network Infrastructure Objectives  101. Configure IPv4 and IPv6 Addressing.

 How does the decimal form of the binary number 10000000 differ from 01000000?

 What formula can you use to find the decimal equivalent for the binary number 00010000?

 How can you determine the binary value of the decimal number 161?  What is the binary value for the hexadecimal value of E? What is E's

decimal value?

 How many hexadecimal digits replace a full binary octet? Video/Demo Time

0.4.1 TCP/IP Mathematics 12:13 Total Time

(11)

Section 1.1: IPv4 Addressing

Summary

In this section the students will learn how to convert IPv4 addresses and subnet masks from binary to decimal and how to convert subnet masks to slant notation. Students will learn:

 The five IPv4 classes of IP addresses with the range of IP addresses and the default subnet mask for each class.

 How to identify the Network ID, host ID, and the default gateway address to determine local and non-local hosts.

o Configure IP address options Lecture Focus Questions:

 What is the format of an IPv4 address?  What is the purpose of a subnet mask?

 What is the relationship between slash notation and the subnet mask?  What is the default address class of the IP address 132.11.166.5? Video/Demo Time

1.1.1 IPv4 Addressing 6:10 1.1.2 Classful IPv4 Subnetting 11:22

Total 17:32

(12)

11

Section 1.2: IPv4 Subnetting

Summary

This section discusses using IPv4 subnetting. Details include:

 Using a Variable Length Subnet Mask to vary the number of bits in the subnet mask to:

o Subnet a single network address into multiple smaller subnets. o Create a supernet which combines multiple network addresses into

a single larger subnet.

 Recommended subnetting tables for students to memorize: o Exponent values for powers of 2

o Binary subnet mask values and decimal equivalent values Students will learn how to:

 Given a network address and a custom mask, identify valid subnet addresses.

 Given a scenario with the desired number of hosts, choose a subnet address and mask.

 Given a subnet address and the subnet mask, identify valid host addresses on that subnet.

o Subnetting o Supernetting Lecture Focus Questions:

 How many hosts can you have if you use a subnet mask of 255.255.255.192?

 How is a supernet different from a subnet?

 How can a magic number help you identify the possible subnet addresses when using a custom subnet mask?

 What is the decimal mask value for a /27 mask?

 How many approximate and actual hosts can you have when using a mask value of /23?

(13)

Video/Demo Time

1.2.1 Variable Length Subnet Mask (VLSM) 17:19 1.2.3 IPv4 Subnetting Cheat Sheet 4:38

Total 21:57

Number of Exam Questions 4 questions

(14)

13

Section 1.3: IPv4 Host Configuration

Summary

This section explores IPv4 host configuration. Details include:  Configuration values: o IP address o Subnet mask o Default gateway o Host name o DNS server o WINS server o MAC address

 Methods used to configure IPv4 configuration settings: o Static (manual) assignment

o Dynamic Host Configuration Protocol (DHCP) o Automatic Private IP Addressing (APIPA) o Alternate IP configuration

 Commands to configure Windows host with IPv4 configuration parameters  TCP Chimney offloading

 Configure static and automatic IPv4 addressing.  Specify an alternate IPv4 configuration.

 Use the command line to configure IPv4 settings.

o Configure IP address options Lecture Focus Questions:

 What is the purpose of an alternate IPv4 configuration?  When is a static configuration advantageous?

 When does a Windows computer use APIPA? What are its limitations?  How can you tell when a computer has used APIPA to configure its IP

address?

(15)

Video/Demo Time

1.3.1 IPv4 Configuration 4:35 1.3.3 Configuring IPv4 Client Addressing 2:33 1.3.7 Using Netsh 7:32 1.3.9 Allowing Ping through the Firewall 3:45

Total 18:25

Lab/Activity

 Configure IP Settings

 Configure Automatic and Alternate Addressing  Configure a Subnetted Address

(16)

15

Section 2.1: IPv6

Summary

This section discusses the need to migrate from IPv4 to IPv6. IPv4 was developed in 1974 and due to the rapid Internet growth we are running out of IPv4 addresses. Students will become familiar with the new features in IPv6 that are designed for the long term health and security of networks.

 What are the reasons for the shift from IPv4 to IPv6?  How does IPv6 make route summarization more efficient?  How is IPsec treated differently in IPv6 than in IPv4?  Why is NAT not needed when using IPv6?

Video/Demo Time

2.1.1 IPv6 Concepts 3:47 Total Time

(17)

Section 2.2: IPv6 Addressing

Summary

Students will learn the basic format of IPv6 addresses. IPv6 is a 128 bit address in which the first 64 bits called the prefix identifies the network and subnet

address and the last 64-bits is the interface ID which identifies the network connection. They will also learn how to obtain the EUI-64 interface ID from the MAC address.

 Features of an IPv6 address  Address types for IPv6:

o Reserved o Multicast o Unicast  Global unicast  Link-local  Unique local o Anycast o Loopback o Unspecified

 Details of the IPv6 64-bit prefix

o Configure IP address options o Subnetting

o Supernetting Lecture Focus Questions:

 What is the format of an IPv6 address?

 How can you represent leading zeroes and groups of zeroes in IPv6?  Which type of IPv6 address uses the FC00::/7 prefix?

 How can you identify a link-local address?

 What does IPv6 use instead of a broadcast address?  How can you easily identify IPv6 multicast addresses?  What does the address ::1 represent?

 What is the purpose of the prefix length?

 What are the steps for deriving the EUI-64 interface ID from the MAC address?

(18)

2.2.1 IPv6 Addressing 3:57 2.2.3 IPv6 Address Types 8:42 2.2.5 IPv6 Prefix and Subnetting 11:54 2.2.7 IPv6 Interface ID 3:27

Total 28:00

(19)

Section 2.3: IPv6 Configuration

Summary

This section examines the following details about IPv6 configuration:  Methods to configure IPv6 information on a host:

o Static full assignment o Static partial assignment o Stateless autoconfiguration o DHCPv6

 The process to configure the IPv6 address for an interface  States of an autoconfigured IPv6 address:

o Tentative o Valid

 Preferred  Deprecated o Invalid

 Commands to configure Windows hosts with IPv6 configuration parameters

 Configure IPv6 addresses using the GUI and the command line.  Configure an advanced firewall rule to allow the ping command.

 Specify the IPv6 address and scope ID when using ping for a link-local address.

o Configure IP address options o Subnetting

 How does a host get its IPv6 address when using stateless autoconfiguration?

 What information does the DHCP server provide when using stateless DHCPv6?

 What address does a host use to request an address from a DHCP server?

 What is the difference between the M and O flags?

 What are the five states of an autoconfigured IPv6 address?  How is the interface ID determined in static partial assignment?

(20)

2.3.1 IPv6 Configuration Facts 4:54 2.3.2 IPv6 Autoconfigured Address States 3:58 2.3.5 Configuring IPv6 Addresses 8:24 2.3.6 Using IPv6 Ping 8:09

Total 25:25

(21)

Section 2.4: IPv6 Implementation

Summary

In this section students will learn various strategies for implementing IPv4 and IPv6 interoperability:

 Dual stack  Tunneling

o Manually configured tunnel

o Intra-site Automatic Tunnel Addressing Protocol (ISATAP) o 6-to4 tunneling

o Teredo tunneling  PortProxy

o Interoperability between IPv4 and IPv6 Lecture Focus Questions:

 How does IPv6 support differ on various Microsoft operating systems?  What limitations does ISATAP have for IPv6 implementation?

 Which IPv6 tunneling methods work through NAT?  When should you implement Teredo?

 When is 6to4 tunneling automatically configured in Windows Server 2008?  What technology allows an IPv4-only host to communicate with an

IPv6-only host?

Video/Demo Time

2.4.1 IPv4 and IPv6 Interoperability 9:46 2.4.2 IPv6 Implementation in Server 2008 1:49

Total 11:35

(22)

21

Section 3.1: DHCP Configuration

Summary

This section discusses how to configure a DHCP server to deliver IP addresses to clients. Details include:

 Methods to obtain an address from a DHCP server: o DHCP Discover (D)

o DHCP Offer (O) o DHCP Request (R) o DHCP ACK (A)  Authorizing a DHCP server

 Objects to configure a DHCP server to deliver IP addresses: o Scope

o Exclusion o Reservation

 The process to configure an existing server running server core for DHCP  Using link layer filter to control the issuance or denial of DHCP leases

based on MAC address for IPv4 Students will learn how to:

 Install and authorize a DHCP server.  Create and activate scopes.

 Configure exclusion ranges and reservations.

Configuring Server 2008 Network Infrastructure Objectives  102. Configure Dynamic Host Configuration Protocol (DHCP).

o DHCP options o Exclusions

o Authorize server in Active Directory o Scopes

 What are the steps a client uses to acquire an address from DHCP?  When must you authorize a DHCP server? What permissions do you need

to authorize a DHCP server?

 Why does a DHCP server shut down if its address is not found in Active Directory? What does this protect against?

 How are reservations different from exclusions?

 How can you change the subnet on a scope?

(23)

 What information is necessary to configure a reservation? Video/Demo Time 3.1.1 DHCP Concepts 5:16 3.1.3 Installing DHCP 3:25 3.1.5 Configuring DHCPv4 Scopes 4:28 3.1.9 Using DHCP MAC Address Filtering 4:11

Total 17:20

Lab/Activity

 Authorize DHCP Servers  Create a Scope

 Create Exclusion Ranges  Create Client Reservations Number of Exam Questions 10 questions

Time

(24)

23

Section 3.2: DHCP Options

Summary

In this section students will learn about DHCP options to deliver a wide range of TCP/IP configuration parameters. Details include:

 Common option that can be used to configure DHCP: o 003 Router

o 006 DNS Servers

o 015 DNS Domain Name o 044 WINS/NBNS Servers o 046 WINS/NBT Node Type

 Levels that the DHCP options can be set at: o Server

o Scope o Reservation Students will learn how to:

 Configure server, scope, and user/vendor class options.  Design DHCP options to customize configuration and minimize

administration.

o DHCP options Lecture Focus Questions:

 What are the most common DHCP options?  Where can you configure DHCP options?

 How can you determine which options take precedence?  How are DHCP options configured for IPv4 and IPv6?

(25)

Video/Demo Time 3.2.1 DHCPv4 Options 3:55 3.2.2 Create DHCP Options 6:43 Total 10:38 Lab/Activity

 Configure Server Options  Configure Scope Options  Design Scope Options  Design DHCP Options Number of Exam Questions 1 question

(26)

25

Section 3.3: Advanced DHCPv4 Settings

Summary

This section examines using advanced DHCPv4 settings to optimize DCHP server performance. Details include

 Advanced DHCPv4 settings: o Bindings

o Backup and Restore o Dynamic DNS o Conflict Detection

 The role of Bootstrap Protocol (BOOTP)  Components required by BOOTP

o Client workstation o DHCP server o TFTP server

 Steps to configure a DHCP server to support Bootstrap Protocol (BOOTP) clients for diskless network boot

Students will learn how to:  Configure server bindings.

 Backup or restore a DHCP server.

 Configure proxy settings for dynamic DNS updates.  Set the number of conflict detection attempts.

o Creating new options o PXE boot

 How does conflict detection work? How can this affect system performance?

 How can you transfer the DHCP configuration from one server to another?  Why would you configure BOOTP?

 Which options should you configure through the BOOTP table and not DHCP options?

 What should you do so that host names for computers running Windows NT 4.0 are automatically registered using DDNS?

(27)

Video/Demo Time

3.3.1 Advanced DHCPv4 Settings 2:00 3.3.2 Configuring Advanced Settings 2:49

Total 4:49

(28)

27

Section 3.4: Server Placement

Summary

In this section students will learn how DHCP server placement affects the ability of clients to communicate with the DHCP server. The following strategies to provide DHCP for multiple subnets are presented:

 DHCP server on each subnet  Multihomed DHCP server  BOOTP forwarding  DHCP relay agent Students will learn how to:

 Configure a DHCP relay agent.

Configuring Server 2008 Network Infrastructure Objectives  101 Configure IPv4 and IPv6 addressing.

o Multi-homed

 102. Configure Dynamic Host Configuration Protocol (DHCP). o DHCP relay agents

 How can you provide DHCP services to clients on subnets that do not have a DHCP server?

 What is a multihomed server, and how is it used with DHCP?  How does a DHCP relay agent differ from a router that has BOOTP

forwarding enabled?

 What are the advantages to having a DHCP server on every subnet?  How can BOOTP forwarding affect your network?

Video/Demo Time

3.4.1 DHCP Server Placement 4:16 3.4.3 Configuring a DHCP Relay Agent 1:27

(29)

Lab/Activity

 Configure a DHCP Relay Agent Number of Exam Questions 4 questions

(30)

29

Section 3.5: Superscopes and Split Scopes

Summary

This section discusses how and when to use superscopes and split scopes.  Superscopes are used to combine multiple address ranges into a single

logical range.

 Split scopes provide fault tolerance by two DHCP servers servicing a portion of each range for each subnet.

 Use the 80/20 rule to create a split scope.

o Scopes

 What are the reasons for deploying a superscope?

 When using multiple DHCP servers for a single scope, how should you configure the scope range for each server? Why do you configure an exclusion for a part of the address range?

 How should you configure the relay agent to ensure that the preferred server responds before the backup server in a split scope deployment?  How does a clustered server provide fault tolerance?

Video/Demo Time

3.5.1 Superscopes and Split Scopes 8:01 Lab/Activity

 Add a DHCP Server on Another Subnet Number of Exam Questions

3 questions Total Time About 15 minutes

(31)

Section 3.6: DHCPv6

Summary

This section examines configuring DHCPv6. Details include:  Methods to assign IPv6 addresses to clients:

o Stateless DCHPv6 o Stateful DHCPv6

 Messages exchanged between the client and the DHCP when stateful DHCPv6 is used:

o Solicit Packet (S) o Advertise Packet (A) o Request Packet (R) o Reply Packet (R) Students will learn how to:

 Create and activate an IPv6 scope using the global unicast prefix.  Include address range exclusions as part of an IPv6 scope.

o DHCPv6

 What configuration information is provided by IPv6 routers when using IPv6 autoconfiguration? How does this differ from using APIPA with IPv4?  What are the messages used to configure clients in stateful DHCPv6?  Under what circumstances do you use stateful DHCPv6? What are the

flag settings?

 What makes autoconfiguration of IPv6 hosts possible? Video/Demo Time

3.6.1 DHCPv6 4:01

3.6.2 Configuring DHCPv6 4:10

(32)

31 Number of Exam Questions

(33)

Section 4.1: DNS Concepts

Summary

In this section students will learn concepts of how the Domain Name System (DNS) translates host names to IP addresses.

 DNS is a distributed database with multiple servers holding different portions of the data.

 Components of the DNS hierarchy o .(dot) domain

o Top Level Domains (TLDs) (.com, .edu, .gov) o Second-level and additional domains

o Hosts

 Terms that relate to DNS:

o A fully qualified domain name (FQDN) o Forward lookup o Authoritative server o Referral o Recursion  Authoritative DNS zones: o Primary o Secondary o Active Directory-integrated  Zone types:

o Forward lookup zone o Reverse lookup zone  Common resource records:

o SOA (Start of Authority) o NS (name server) o A (host address) o AAAA (quad-A) o PTR (pointer)

o CNAME (canonical name) o MX (Mail Exchanger) o SRV (service locator)

o WINS and WINS-R resource records  The role of Dynamic DNS (DDNS)

 Secure DDNS

Configuring Server 2008 Network Infrastructure Objectives  201. Configure a Domain Name System (DNS) server.

 202. Configure DNS zones. o Zone types

(34)

33 o Secure DDNS

o Reverse lookup zones  203. Configure DNS records.

o Record types Lecture Focus Questions:

 What is the purpose of DNS?

 How does an FQDN identify a host?

 How is an Active Directory-integrated zone different from a primary zone?  How is secondary zone data changed?

 What is the difference between a forward lookup zone and a reverse lookup zone?

 What is the purpose of PTR records?

 How does DDNS simplify DNS management?

 What type of zone would you create if you wanted to use secure dynamic updates? Video/Demo Time 4.1.1 DNS Concepts 8:44 4.1.3 Authoritative Zones 8:28 4.1.5 Resource Records 4:52 4.1.7 Dynamic DNS 2:41 Total 24:45 Total Time About 30 minutes

(35)

Section 4.2: Name Resolution

Summary

This section examines the process of DNS name resolution for both the client and the server. Details include:

 On the client side, there are three checks a client can go through to resolve a DNS name to an IP address:

o Hosts file

o Local DNS cache o DNS server

 Command to view the local DNS cache (ipconfig /displaydns)  Command to clear the local DNS cache (ipconfig /flushdns)  The DNS name resolution process on the server:

Configuring Server 2008 Network Infrastructure Objectives  205. Configure name resolution for client computers.

 How does the DNS resolution process on a client differ from the resolution process on a server?

 Why are there two different DNS cache locations on a DNS server?  How do entries in the HOSTS file affect name resolution?

 What are root hints and how do they affect name resolution performed by a DNS server?

Video/Demo Time

4.2.1 DNS Client Name Resolution 9:41 4.2.2 DNS Server Name Resolution 3:54 4.2.3 Examining Name Resolution 7:26

Total 21:01

Number of Exam Questions 1 question

(36)

35

Section 4.3: Zone Configuration

Summary

In this section students will learn the basics of zone configuration.  Configuring the DNS server role

 The role of A zone transfer

 The role of a reverse lookup zone Students will learn how to:

 Add the DNS server role to a server.

 Create primary, secondary, and reverse lookup zones.

 Configure zone transfers between primary and secondary zones. Configuring Server 2008 Network Infrastructure Objectives

 201. Configure a Domain Name System (DNS) server. o Cache-only

 202. Configure DNS zones. o Reverse lookup zones  204. Configure DNS replication.

o DNS secondary zones o Securing zone transfer o SOA refresh

 How does a caching-only server reduce name resolution traffic?  How can a secondary zone provide security for a DNS domain?  What is the role of the SOA record during a zone transfer?

 What are the advantages to changing zone data through the dnscmd command rather than manually editing the zone file?

 Why would you choose a secondary server over a caching-only server?  What type of name resolution is performed by reverse lookup zones?

(37)

Video/Demo Time

4.3.1 Creating a Primary Zone 7:17 4.3.3 Creating Secondary Zones 8:12 4.3.6 Reverse Lookup Zones 6:14 4.3.7 Creating Reverse Lookup Zones 4:15

Total 25:58

Lab/Activity

 Create a Primary Zone  Create a Secondary Zone  Create a Reverse Lookup Zone Number of Exam Questions 19 questions

(38)

37

Section 4.4: Active Directory-integrated Zones

Summary

This section discusses how Active Directory-integrated zones can be used to manage zone information.

 Create an Active Directory-integrated zone and configure the replication scope.

 Convert a primary zone to an Active Directory-integrated zone. Configuring Server 2008 Network Infrastructure Objectives

 202. Configure DNS zones. o Active Directory integration  204. Configure DNS replication.

o Active Directory Integrated replication scopes Lecture Focus Questions:

 What are some of the benefits of Active Directory-integrated (AD-I) zones?  How is zone data for Active Directory-integrated zones replicated?

 Under which circumstances could you disable zone transfers for an AD-I zone? When would you need to continue using DNS zone transfers?  How do AD-I zones integrate with other zone types such as primary or

secondary?

 What are the four replication scopes of an AD-I zone?

Video/Demo Time

4.4.1 DNS Integration with AD 8:06 4.4.2 Managing Active Directory-integrated Zones 10:31

Total 18:37

Lab/Activity

 Create an Active Directory-integrated Zone  Convert a Zone

(39)

Total Time About 40 minutes

(40)

39

Section 4.5: Resource Records

Summary

This section provides information about creating and managing resource records. Students will learn how to:

 Create common resource records.  Adding or deleting a DNS record.

Configuring Server 2008 Network Infrastructure Objectives  203. Configure DNS records.

 What is the advantage to using DDNS to manage records?

 What record type would you use to add alternate names for a DNS host?  What records are used to identify and locate domain controllers?

 What happens if you create A and PTR records together if the reverse lookup zone doesn't exist?

 What happens when you create a CNAME record with a blank name? Video/Demo Time

4.5.1 Creating Resource Records 8:03 Lab/Activity

 Create a Zone and Add Records  Create A and CNAME Records  Troubleshoot Name Resolution 1  Troubleshoot Name Resolution 2 Number of Exam Questions

11 questions Total Time About 40 minutes

(41)

Section 4.6: Client Configuration

Summary

In this section students will learn how to configure DNS client settings. Students will learn how to:

 Configure a connection-specific suffix using advanced TCP/IP properties.  Specify a suffix search order.

 Manage DNS client registration.

Configuring Server 2008 Network Infrastructure Objectives  205. Configure name resolution for client computers.

o Suffix search order Lecture Focus Questions:

 What is the purpose of listing multiple DNS IP addresses on the client?  What are the differences between a primary suffix and a

connection-specific suffix?

 What is a parent suffix? How are they used during name resolution?  How do custom search suffixes differ from the default suffix search order? Video/Demo Time

4.6.1 DNS Client Settings 4:33 Lab/Activity

 Configure DNS Server Addresses  Configure Search Suffixes 1  Configure Search Suffixes 2  Configure DNS Client Registration  Configure DNS Group Policy Settings Number of Exam Questions

4 questions Total Time About 35 minutes

(42)

41

Section 4.7: Dynamic DNS

Summary

This section covers using Dynamic DNS to automatically update DNS records. Settings on the following components are used to configure Dynamic DNS:

 Client

 DHCP server  DNS server

 Enable dynamic updates on a DNS zone.

 Configure DHCP server settings to support dynamic updates. Configuring Server 2008 Network Infrastructure Objectives

 202. Configure DNS zones. o Secure DDNS

 203. Configure DNS records. Lecture Focus Questions:

 What is the relationship between DNS and DHCP when using dynamic updates?

 What are the DDNS settings you can configure on the DHCP server?  Which operating systems support dynamic updates?

 What are the restrictions on record creation when using secure dynamic updates? Which zone types support secure dynamic updates?

 How can DHCP be used to help the dynamic update process? Lab/Activity

 Enable Dynamic DNS Updates  Troubleshoot Dynamic DNS 1  Troubleshoot Dynamic DNS 2  Troubleshoot Dynamic DNS 3

(43)

Total Time About 25 minutes

(44)

43

Section 4.8: Stub Zones and Forwarding

Summary

This section discusses using stub zones and forwarding to resolve queries. Methods to control the server’s use of forwarders include:

 Secondary zone  Stub zone

 Conditional forwarder Students will learn how to:

 Create a stub zone.

 Configure forwarders and conditional forwarding.

o Conditional forwarding  204. Configure DNS replication.

o DNS secondary zones o DNS stub zones

o Active Directory Integrated replication scopes o Securing zone traffic

 How does conditional forwarding differ from standard forwarding?  How does a stub zone differ from a secondary zone?

 How do conditional forwarders differ from stub zones?

 What records are copied to the zone when you create a stub zone?  Why isn't a stub zone authoritative for the zone?

Video/Demo Time

4.8.1 Stub Zones and Conditional Forwarding 10:05 4.8.2 Configuring Forwarding and Stub Zones 11:16

(45)

Lab/Activity

 Configure a Stub Zone

 Configure Conditional Forwarding Number of Exam Questions

(46)

45

Section 4.9: Root Hints and Root Zone

Summary

This section provides an overview of root hints and the root zone. Students will learn how to:

 Configure or delete a root zone.

 Configure other DNS servers to point to your server via root hints. Configuring Server 2008 Network Infrastructure Objectives

 201. Configure a Domain Name System (DNS) server. o Root hints

 Why would you want to create a zone named . (dot)?  What is the purpose of the root hints file?

 Why would you delete the root hints?

 What is the name and location(s) of the root hints file on a Windows 2008 server?

Video/Demo Time

4.9.1 Root Hints 4:26 Lab/Activity

 Configure Root Hints  Create a Root Zone Number of Exam Questions 5 questions

(47)

Section 4.10: Zone Delegation

Summary

This section explores using zone delegation to divide DNS namespace into separate zones.

 Manage zones through delegation.

Configuring Server 2008 Network Infrastructure Objectives  202. Configure DNS zones.

o Zone delegation Lecture Focus Questions:

 Why might you decide to use zone delegation?  What does a delegation identify?

 What records are created when you delegate a domain? Video/Demo Time 4.10.1 DNS Zone Delegation 5:12 4.10.2 Delegating a Domain 5:21 Total 10:33 Lab/Activity  Delegate Domains  Create a Delegated Zone Number of Exam Questions 1 question

(48)

47

Section 4.11: DNS Features

Summary

This section discusses the following DNS features:  Aging and Scavenging

 Methods for performing load balancing through DNS: o DNS Round Robin

o Netmask Ordering o Record Weighting

o Network Load Balancing (NLB)

 Windows Server 2008 R2 command-line tools Students will learn how to:

 Configure DNS Round Robin.

 Manage DNS from the command line.

o Zone scavenging

 204. Configure DNS replication. o Round robin

 How do stale records affect DNS server performance?  How does the no-refresh interval affect scavenging?  When is a DNS record considered stale?

 What is the difference between DNS Round Robin and Network Load Balancing?

 How does convergence make NLB a dynamic solution? Video/Demo Time

4.11.1 DNS Refresh and Scavenging 2:58 4.11.3 DNS Round Robin 3:23 4.11.6 DNS Command-line Tools 12:21

(49)

Lab/Activity

 Configure DNS Round Robin Number of Exam Questions 9 questions

(50)

49

Section 4.12: New DNS Features

Summary

This section discusses new features for Windows Server 2008 and Windows 2008 R2:

 Link-Local Multicast Name Resolution (LLMNR)  Background zone loading

 IPv6 DNS Support

 Read-only Domain Controller (RODC)  GlobalNames Zone

 Global Query block List  Conditional Forwarding  Domain controller search  DNSSEC

 Devolution  Cache Locking  Socket Pool  Auditing

 Configure DNS Devolution.  Configure DNS Cache Locking.  Configure DNS Socket Pools.

o Conditional forwarding o Socket pooling

o Cache locking  202. Configure DNS zones.

o GlobalNames

o DNS Security Extensions (DNSSEC)

 205. Configure name resolution for client computers. o Link-Local Multicast Name Resolution (LLMNR) o DNS devolution

(51)

 How does background loading have a positive effect on name resolution?  How can you ensure that a DNS response is from a valid server?

 How does DNS Devolution simplify name resolution?  How can you defend against cache poisoning attacks?

 What is the effect of enabling cache locking on Dynamic DNS?  What advantage is to be gained by using a larger DNS socket pool? Video/Demo Time

4.12.1 New 2008 DNS Features 4:11 4.12.2 DNS Devolution 3:46 4.12.3 Configuring DNS Devolution 4:16 4.12.4 Cache Locking and Socket Pools 3:06 4.12.5 Configuring DNS Cache Locking 5:47 4.12.6 Configuring Socket Pool 3:12 4.12.7 DNS Security (DNSSec) 4:36

Total 28:54

(52)

51

Section 4.13: Single-label Name Resolution

Summary

In this section students will learn how to configure a GlobalNames zone. Details include:

 Strategies to provide single-label name resolution: o GlobalNames zone

o Link-Local Multicast Name Resolution (LLMNR) o HOSTS file

 Managing the GlobalNames zone Students will learn how to:

 Enable GlobalNames zone support.

 Create a GlobalNames zone and add CNAME records to support single-label name resolution.

o GlobalNames

 205. Configure name resolution for client computers o Configuring HOSTS file

o Link-Local Multicast Name Resolution (LLMNR) Lecture Focus Questions:

 When would you use the GlobalNames zone?

 What type of records do you create in the GlobalNames zone?  How can you extend the GlobalNames zone across multiple forests?  Which strategies can you use to provide single-label name resolution for

IPv6 hosts?

 When will a Windows client use LLMNR? What limitations does relying on LLMNR have?

Video/Demo Time

4.13.1 GlobalNames Zones and LLMNR 2:06 4.13.2 Configuring the GlobalNames Zone 8:50

(53)

Lab/Activity

 Configure a GlobalNames Zone Number of Exam Questions

(54)

53

Section 4.14: DNS Design

Summary

In this section students will learn the strategies and goals for designing DNS namespace. They will also learn a variety of configuration options to use and security considerations when designing a DNS solution. Details include:

 The goals of Namespace design:

o Allow internal users to access internal resources. o Allow external users to access external resources. o Allow internal users to access external public resources. o Prevent external users from accessing internal resources.  Methods to accomplish these goals:

o Same internal and external domain name o Different internal and external domain names o External domain name with an internal subdomain  DNS configuration options:

o Primary zone o Secondary zone o Reverse lookup zone

o Active Directory-integrated zone o Caching-only server o Zone delegation o Forwarders o Conditional forwarding o Stub zone o Root zone o Root hints o Dynamic DNS o WINS-integrated zone o GlobalNames zone

o Link-Local Multicast Name Resolution (LLMNR) o HOSTS file

 Goals for designing security for DNS  Methods to improve DNS security

o Conditional forwarding o Root hints

o Cache-only

 202. Configure DNS zones. o Zone types

(55)

o Active Directory integration

o Dynamic Domain Name System (DDNS) o GlobalNames

o Zone delegation o Reverse lookup zones  204. Configure DNS replication.

o DNS stub zones

o Securing zone transfer

 205. Configure name resolution for client computers o Link-Local Multicast Name Resolution (LLMNR) Lecture Focus Questions:

 When using internal and external DNS, what are the three possible scenarios for the DNS namespace?

 What are the advantages and disadvantages of each of the three methods?

 What are the goals of any split namespace design?

 When should you use conditional forwarding instead of a standard forward?

 When should you use a WINS server instead of configuring a GlobalNames zone?

 How do Active Directory-integrated zones improve security and fault tolerance of DNS data?

 What type of zones should you use on DNS servers exposed to the public network?

Video/Demo Time

4.14.1 DNS Namespace Design 7:40 Number of Exam Questions

(56)

55

Section 5.1: Routing

Summary

In this section students will become familiar with routing concepts and the commands to manage routing table entries. Details include:

 NPAS includes the following role services: o Network Policy Server (NPS)

o Remote Access Service o Routing

o Health Registration Authority (HRA)

o Host Credential Authorization Protocol (HCAP)  Routing terminology: o Router o Static Route o Route metric o Default route o Persistent route

 Commands to manage routing table entries  Multicast routing details

 Install the RRAS components of the Network Policy and Access services.  Add and modify IPv4 and IPv6 routes through the command line or GUI. Configuring Server 2008 Network Infrastructure Objectives

 103. Configure Routing. o Static routing

o Choosing a default gateway Lecture Focus Questions:

 Which role do you install on a Windows Server 2008 server to get the routing component?

 What is the purpose of a default route?

 Under what circumstances can you most effectively use static routes?  What is the route add switch that allows you to make a route permanent?  What routes are automatically added to the routing table when routing is

(57)

Video/Demo Time

5.1.2 Routing Concepts 10:27 5.1.3 Installing Routing and Remote Access 2:07 5.1.4 Configuring Static Routes 13:52

Total 26:26

Lab/Activity

 Enable LAN Routing  Add Static Routes

(58)

57

Section 5.2: RIP

Summary

This section provides an overview of RIP dynamic routing protocols. Details include:

 Key features of RIP that can be configured: o Packet protocol o Authentication o Route Filters o Neighbors o Timers o Clean-up updates o VLSM support Students will learn how to:

 Configure RIP by adding the RIP protocol and adding interfaces to run RIP.

 Configure RIP sending and receiving protocols, filters, and neighbor lists. Configuring Server 2008 Network Infrastructure Objectives

 103. Configure Routing.

o Routing Internet protocol (RIP) o Maintaining a routing table Lecture Focus Questions:

 What is the difference between static and dynamic routing?  What routing protocols does Windows Server 2008 support?

 What is the difference between RIP version 2 and RIP? Why has RIP version 2 become the standard?

 What is Silent RIP and how does it affect learning and sharing routes?  What affect does configuring neighbors have on RIP broadcasts and

multicasts?

(59)

Video/Demo Time 5.2.1 Dynamic Routing 4:20 5.2.2 Configuring RIP 3:16 Total 7:36 Lab/Activity

 Configure RIP Routing Number of Exam Questions 9 questions

(60)

59

Section 5.3: Demand-dial Routing

Summary

This section discusses the processes to establish demand-dial routing to connect two networks through a link that is available on demand. Details include:

 The process to establish a demand-dial link  Details about using demand-dial connections  Features of demand-dial routing:

o Demand-dial filters o Packet filters o Auto-static routing

 Configuring and enabling demand-dial routing Students will learn how to:

 Use the Routing and Remote Access wizard to configure demand-dial routing.

 Configure auto-static routing for RIP.

Configuring Server 2008 Network Infrastructure Objectives  103. Configure Routing.

o Demand-dial routing  301 Configure remote access.

o Packet filters Lecture Focus Questions:

 How is a demand-dial link established?

 What is the difference between dial-in and dial-out credentials?  How do demand-dial filters differ from packet filters?

 Which filter type would you configure to prevent a specific traffic type from using a demand-dial link?

(61)

Video/Demo Time

5.3.1 Demand-dial Routing 4:17 5.3.2 Configuring Demand-dial Routing 6:59

Total 11:16

Lab/Activity

 Configure Demand Dial Routing  Configure Auto-static Routing Number of Exam Questions 5 questions

(62)

61

Section 5.4: ICS and NAT

Summary

In this section students will learn the basics of using Internet Connection Sharing (ICS) and Network Address Translation (NAT) to share an Internet connection with an internal private network.

 NAT allows you to connect a private network to the Internet without obtaining registered addresses for every host.

 Configuring NAT Students will learn how to:

 Configure a server as a NAT router.

 Configure a NAT router to provide DHCP and DNS proxy services.  Configure address and port mappings in NAT.

Configuring Server 2008 Network Infrastructure Objectives  301. Configure remote access.

o Network Address Translation (NAT) Lecture Focus Questions:

 What does a NAT router do?

 What are the address ranges you can use when you deploy NAT?  How can NAT provide security for a private network?

 What changes take place automatically to the TCP/IP settings when you enable ICS on an interface?

 What are the limitations of using ICS over NAT? When would ICS be a good choice? When must you use NAT instead of ICS?

Video/Demo Time

5.4.1 ICS and NAT 6:18 5.4.2 Configuring NAT 6:26

(63)

Lab/Activity

 Configure NAT

(64)

63

Section 6.1: Remote Access Concepts

Summary

Students will learn concepts of the Remote Access process. Details include:  Remote access connections

o Point-to-point (PPP) for a dial-up connection

o Virtual Private Network (VPN) use a tunneling protocol that wraps and protect packets in transit

o VPN protocols supported by Windows Server 2008 and Vista  Point-to-Point Tunneling Protocol (PPTP)

 Layer Two Tunneling Protocol (L2TP)  Secure Socket Tunneling Protocol (SSTP)  Authentication protocols:

o Password Authentication Protocol (PAP)

o Challenge Handshake Authentication Protocol (CHAP)

o Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)

o Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)

 The role of remote access authorization

 Remote access is allowed or denied based on components of network policies:

o Conditions o Constraints o Permissions o Settings

o Remote Access Policy

o VPN protocols such as Secure Socket Tunneling Protocol (SSTP) and IKEv2

o RAS authentication by using MS-CHAP, MS-CHAPv2, EAP Lecture Focus Questions:

 Which VPN protocols does Windows Server 2008 support?  Which authentication protocols support smart card use?  What makes CHAP vulnerable to security breaches?

 What is the difference between authorization and authentication?  What is the server's response to a connection that doesn't match the

(65)

 What is the difference between constraints and conditions? How are they similar?

 What happens to a connection that matches the policy conditions but not the policy constraints? How many other policies will be checked in this scenario?

 Where does the server find the permissions for a connection?  What must occur before settings are applied?

Video/Demo Time

6.1.1 Remote Access Connections 3:35 6.1.3 Remote Access Authentication 4:39 6.1.5 Remote Access Authorization 2:59

Total 11:13

(66)

65

Section 6.2: Dial-up and VPN

Summary

This section explores configuring a Remote Access server to use Dial-up and VPN connections. Details include:

 Configuration tasks on the server to allow a remote client to connect to a remote access server:

o Enable remote access o Configure ports o Configure addressing o Configure network policies

 Comparison of configuration settings for dial-up and VPN client connections: o General tab o Options tab o Security tab o Networking tab o Sharing tab Students will learn how to:

 Enable remote access on a Windows Server 2008 server.  Configure VPN ports on a server.

 Control remote access by configuring network access policies.  Create a client dial-up connection.

 Configure a client VPN connection.

o Dial-up

o VPN reconnect Lecture Focus Questions:

 Which setting must you configure in Routing and Remote Access to allow remote clients to access the private network, and not just the resources on the remote access server?

 What object in Routing and Remote Access identifies a logical connection to the remote access server?

 What are the ways that you can configure a remote access client to get an address for the remote access connection?

(67)

 What role do network policies play when you configure the remote access server?

 How do network policy constraints differ from conditions? When would you use the same setting in a constraint instead of a condition?

 Why does the policy application order affect whether or not clients can connect to a remote access server?

 When viewing the properties of a network connection, when will the Sharing tab be visible?

Video/Demo Time

6.2.1 Configuring a Remote Access Server 14:52 6.2.9 Creating Client Connections 9:57

Total 24:49

Lab/Activity

 Configure a Remote Access Server  Reconfigure a Server for Remote Access  Configure a VPN Server

 Configure VPN Ports

 Create a Network Access Policy 1  Create a Network Access Policy 2 Number of Exam Questions

(68)

67

Section 6.3: SSTP

Summary

This section examines using Secure Socket Tunneling Protocol (SSTP) to establish a VPN connection. Details include:

 SSTP features

 SSTP client requirements  SSTP server requirements Students will learn how to:

 Request a server certificate for SSTP.

 Configure a remote access server to allow SSTP connections.  Configure a VPN connection on a client computer to use SSTP. Configuring Server 2008 Network Infrastructure Objectives

 301. Configure remote access.

o VPN protocols such as Secure Socket Tunneling protocol (SSTP) and IKEv2

 What advantages does using SSTP have over using either PPTP or L2TP for a VPN connection?

 What ports must you open in a firewall to allow SSTP?

 How can you ensure that the SSTP client trusts the SSTP server certificate?

 What client and server operating systems support SSTP? Video/Demo Time

6.3.1 SSTP 1:56

6.3.2 Configuring SSTP 5:56

(69)

Lesson Plans Configuring Windows Server 2008 Network Infrastructure

Lesson Plans

Configuring Windows Server 2008

Network Infrastructure

Table of Contents

Course Overview

Section 0.1: Introduction

Section 0.2: Server Management

Section 0.3: Remote Management

Section 0.4: Mathematical Foundations

Section 1.1: IPv4 Addressing

Section 1.2: IPv4 Subnetting

Section 1.3: IPv4 Host Configuration

Section 2.1: IPv6

Section 2.2: IPv6 Addressing

Section 2.3: IPv6 Configuration

Section 2.4: IPv6 Implementation

Section 3.1: DHCP Configuration

Section 3.2: DHCP Options

Section 3.3: Advanced DHCPv4 Settings

Section 3.4: Server Placement

Section 3.5: Superscopes and Split Scopes

Section 3.6: DHCPv6

Section 4.1: DNS Concepts

Section 4.2: Name Resolution

Section 4.3: Zone Configuration

Section 4.4: Active Directory-integrated Zones

Section 4.5: Resource Records

Section 4.6: Client Configuration

Section 4.7: Dynamic DNS

Section 4.8: Stub Zones and Forwarding

Section 4.9: Root Hints and Root Zone

Section 4.10: Zone Delegation

Section 4.11: DNS Features

Section 4.12: New DNS Features

Section 4.13: Single-label Name Resolution

Section 4.14: DNS Design

Section 5.1: Routing

Section 5.2: RIP

Section 5.3: Demand-dial Routing

Section 5.4: ICS and NAT

Section 6.1: Remote Access Concepts

Section 6.2: Dial-up and VPN

Section 6.3: SSTP