Design Doc Draft Creation

Introduction

The management of remote systems and updates for about 170 remote desktops/laptops requires Microsoft AD, PKI, and other servers to be implemented. The research will discuss the remote servers and their features in managing security groups. Active Directory Services (AD) is a solution from Microsoft that allows for combining network equipment into a single system (Al-Fedaghi & Alsharah, 2018). To implement them, a domain controller will be necessary; it will perform the functions of authenticating users and devices on the network and act as database storage.

Active Directory Features

Active Directory is the central node of the enterprise infrastructure, and thus, if it fails, all PCs and servers become unavailable. Therefore, to ensure the uninterrupted operation of the system, the management should consider the following:

Availability of a Duplicate Domain Controller: The entire database is kept on the Active Directory domain controller. Thus, it is crucial to remove the wrong piece of equipment and immediately implement the new one.

Regular Backups: A reliable backup system allows restoring the server’s functionality quickly. When using a single domain controller, backup does not avoid downtime, although it significantly reduces the time spent to restore the server.

Implementing Active Directory: The performance of AD services affects the ability to use the entire IT infrastructure of the company. Therefore, it is more rational to turn to qualified specialists, which will allow users to achieve maximum reliability (Al-Fedaghi & Alsharah, 2018).

PKI Components

The PKI components that will be utilized include the following:

1. A Certificate Authority (CA) is part of the public key system that issues a certificate to verify the rights of the users or systems that make the request (Karthikeyan & Heiss, 2018).
2. The Certificate Repository includes the storage of valid certificates and the revocation list (Certificate Revocation Lists (CRLs)) (Karthikeyan & Heiss, 2018).
3. A Key Recovery Server is a server that performs automatic key recovery if the service is installed.
4. PKI-Ready applications (PKI-Enabled Applications) are the apps that use PKI tools for security.
5. Registration Authority is a module responsible for registering users and accepting certificate requests.
6. Security Server manages user access, digital certificates, and trusted relationships in a PKI environment (Karthikeyan & Heiss, 2018).

Windows Server Update Services and System Center Configuration Manager

Windows Server Update Services (WSUS) is a service for updating Microsoft operating systems and products (Kulshreshtha et al., 2020). The program can be downloaded for free from the Microsoft website and installed on the Windows Server family server OS. The update server syncs with Microsoft, downloading updates to be distributed within the corporate LAN. System Center Configuration Manager (SCCM) is a product used to manage IT infrastructure based on Microsoft Windows and devices related to it (McClave et al., 2016). Configuration Manager provides the following basic features; update management, software and operating system deployment, NAP integration, hardware and software inventory, remote management, and the management of virtualized and mobile Windows-based systems.

Domain Name System (DNS) and Dynamic Host Configuration Protocol

A Domain Name System (DNS) is a computer-distributed system for obtaining information about domains (van Rijswijk-Deij, 2016). It is most often used to create an IP address by the hostname (computer or device), and acquire information about mail routing, and service nodes for protocols in the domain (SRV record). A distributed DNS database is maintained by a hierarchy of DNS servers that communicate over a specific protocol.

Dynamic Host Configuration Protocol (DHCP) is an application protocol that allows network devices to automatically obtain the IP address and other parameters necessary for operation in a TCP/IP network (van Rijswijk-Deij, 2016). This protocol works according to the “client-server” model; for automatic configuration, the client computer at the configuration stage of the network device accesses the so-called DHCP server and receives the necessary parameters from it.

Dell IDPA Appliance for Backups

Data security is essential regardless of where it is located; whether in the cloud or physical or virtual storage. According to IDC, up to 20% of backup operations do not fit into the allotted time, and 32% of data recovery attempts fail (Barclay, 2018). The data is often a company’s most valuable asset, although its protection remains a weak link for many of them.

The Dell EMC data protection product line offers users solutions for different kinds of businesses (Barclay, 2018). This strategy is based on Dell EMC Data Domain technologies. Data Domain is a high-performance and reliable system based on the x86 platform with an enterprise-class architecture. All elements within the system are backed up, and variable block size reduplication is supported. Using Data Domain products enables users to deal with traditional deployment of backup and disaster recovery systems, Isolated Recovery Solutions, integrated solutions for data protection, and converged infrastructures (Barclay, 2018). Wherever the company stores the data, it is completely protected.

A Server for SPLUNK, RSA, and McAfee EPO

Splunk is a log storage and analysis system; a Splunk server stores, indexes, and allows analyzing logs. There are working machines (servers) that create these logs and transmit them to the Splunk server (Diakun, 2016). With Splunk Enterprise for Windows, it will be possible to investigate security incidents in minutes, not hours or days as it was before. It will be necessary to track all Microsoft Windows server data, including the following:

1. Windows event logs;
2. Performance monitoring;
3. Monitoring the registry.

RSA Systems

RSA is a cryptographic system with a public key that generates two different keys, namely, public and secret. The public key is transmitted over an open (unsecured) channel and is used to encrypt the data (Patil et al., 2016). The secret key is intended to be used by the owner only and decrypts any data encrypted with the public key. The RSA system will enable the protection of software and digital signature schemes. It is also used in the open encryption system PGP and other encryption systems together with symmetric algorithms.

Backups to IDPA

Regular backups are a great way to minimize the risk of network viruses such as the WannaCry encryption virus. However, the data can be restored, as long as the backups are not affected. To protect the most critical information, last year, Dell EMC suggested the Isolated Recovery Solution, which provides for the isolation of the system where the “golden copy” of data is stored. The network connection is activated for a short time to synchronize the latest versions of files. To avoid compromise, each new “golden copy” is checked for integrity. If damage is detected, the system is blocked. If necessary, the recovery is performed in an isolated area.

Cloud-Based Disaster Recovery for IDPA

Dell EMC is considering the cloud as a deployment option; Dell EMC provides comprehensive data protection in the cloud, creating a new class of cloud solutions and services for data protection. This system has the following benefits:

1. It is cost-effective.
2. It has easy deployment and management.
3. It has simplified disaster recovery with full orchestration.

NOC desktops, VDI using VMware Horizon

VMware Horizon is a set of tools for building the infrastructure of virtual desktop PCs (or virtual desktops). They allow people to access the desktop from anywhere in the world from various devices at any time (if you have access to the Internet of both the client and the Horizon infrastructure (Ventresco, 2016). Depending on the availability of remote servers, a large number of options are possible for the company. They include local access to the table, fast deployment of new stations, and anonymous authentication mode flexible policies, among others.

Workstation virtualization can be divided into two large blocks:

1. Desktop virtualization;
2. Application Virtualization.

Virtual desktops, especially those created based on linked clones, are almost identical:

1. Virtual desktop hardware is the virtualized hardware of the server on which these desktops reside;
2. The same drivers are installed on the virtual systems;
3. Virtual systems have operating systems with the same patches and versions installed;
4. The same applications are created on the virtual desktops (Ventresco, 2016);
5. The update of the operating system or application is done centrally for the golden image and is applied simultaneously to all desktops;
6. The difference between virtual desktops is user data is stored separately from the system; thus, the problems that arise with virtual desktops are common.

In conclusion, the company needs to consider implementing various remote servers and operating systems in the work. This will enable better interaction between its co-workers and clients. One of the most important services will be Active Directory, which will foster the development and progress of the remote communication of the company. Thus, there is a need to create and maintain the management of remote programming systems.

References

Al-Fedaghi, S., & Alsharah, M. (2018). Modeling IT processes: A case study using Microsoft Orchestrator. In 2018 International Conference on Advances in Computing and Communication Engineering (ICACCE) (pp.394-401). IEEE.

Karthikeyan, G., & Heiss, S. (2018). Pki and user access rights management for opc ua based applications. In 2018 IEEE 23rd International Conference on Emerging Technologies and Factory Automation (ETFA) (pp.251-257). IEEE.

Kulshreshtha, K., Sharma, G., Bajpai, N., & Tripathi, V. (2020). What to offer to the newly emerged super consumers! A multimethod approach in the context of wealthy single urbanites (WSUs). Web.

McClave, S. et al. (2016). Guidelines for the provision and assessment of nutrition support therapy in the adult critically ill patient: Society of Critical Care Medicine (SCCM) and American Society for Parenteral and Enteral Nutrition (ASPEN). Journal of Parenteral and Enteral Nutrition, 40(2), 159-211.

van Rijswijk-Deij, R., Jonker, M., Sperotto, A., & Pras, A. (2016). A high-performance, scalable infrastructure for large-scale active DNS measurements. IEEE Journal on Selected Areas in Communications, 34(6), 1877-1888.

Barclay, B. (2018). The one team approach: How Dell EMC brought together competitive, disparate service providers across EMEA to create a united real estate and FM family. Corporate Real Estate Journal, 7(3), 202-214.

Diakun, J., Johnson, P., & Mock, D. (2016). Splunk operational intelligence cookbook. Packt Publishing Ltd.

Patil, P., Narayankar, P., Narayan, D., & Meena, S. (2016). A comprehensive evaluation of cryptographic algorithms: DES, 3DES, AES, RSA and Blowfish. Procedia Computer Science, 78, 617-624. Web.

Ventresco, J. (2016). Implementing VMware Horizon 7. Packt Publishing Ltd.