Case Study: Woodgrove Bank

Overview 

Woodgrove Bank is a financial institution that operates in the Netherlands. The company’s primary business is providing residential and commercial mortgages. 

The Company wants to offer its customers secure Internet access to a mortgage management application. 

Physical Location 

The Company's main office is located in Amsterdam. The Company has two branch offices in the 

following Locations:  

• Utrecht 
  
• The Hague 
  

The Company has 200 local banks that are located throughout the Netherlands. The number of users in each location is shown in the following: 

Location Number of Users 

1. Amsterdam 2,500 

2. Utrecht 650 

3. The Hague 800 

4. Each Local Bank 10-100 

Planned Changes 

The Company wants to convert its mortgage management application to a multitier application named NewApp. 

To support this new environment, the company will upgrade its servers to Windows Server 2003. 

Business Processes 

The Amsterdam office and each branch office has its own IT staff in addition, most of the larger local banks have their own IT staff. 

Currently, Local bank employees have access to their local resources and to resources at the Amsterdam office. Each office uses it own instance of a business-critical mortgage application. 

The IT staff at the Amsterdam office includes a development team. The development team is responsible for developing and testing NewApp. 

Infrastructure 

Directory Services 

The Relevant portion of current domain structure is shown in the Existing Domain Model exhibit :

The Company has a Windows NT 4.0 environment that has more that 200 domains; each domain has a two-way trust relationship with the domain at Amsterdam office. 

Currently, Domain administrators manage their own domains. Each Location that has a local 

administrator currently manages its own users and resources. In addition, these administrators share responsibility for administrating ring locations that do not have an IT staff. 

Network Infrastructure 

Domain Controllers vary from single processor servers at 700Mhz to processor Quad server at 1.5 GHz. 

Client Computers run Windows 98, Windows NT Workstation 4.0 and Windows 2000 professional. There are also some Unix Client Computers. 

Managers are issued portable Computers that contain confidential business information. These portable computers are equipped with smart card readers. Managers use portable computers to establish VPN connections to the Amsterdam office when they travel. 

Problem Statements 

The following business problems must be considered: 

• Employees at local banks are often unable to serve customers because of failure of the mortgage application. The failure sometimes lasts many hours because there is nobody available to fix it. 
• The Development team has access to the occasionally, unapproved changes that are made to the application, resulting in unnecessary downtime. 
  
• Deployment of new operating systems takes a long time because network administrators have to each local bank. 
  

Chief Executive Officer 

I want Woodgroove bank to be visible on the Internet. I want NewApp to be easily accessible to our customers by using the Internet. 

The newly designed environment will help to minimize the amount of administrative effort for all IT-related operational tasks. 

For business reasons, I will not allow domain upgrades. 

Officer Worker 

Currently, it is sometimes difficult to access the information I need. For different information, I have to remember different passwords. In the new environment, I want to have one account and one password. 

Business Requirements 

Business Drivers 

The following business requirements must be considered: 

• Woodgroove Bank wants their company name to be visible on the Internet with. 
  
• Customers must be able to access mortgage information 24 hours a day, seven days a week. 
  
• The Company wants to reduce the costs of managing branch offices. 
  

Organizational Goals 

The following organizational requirement must be considered 

• Bank employees need to be able to make a secure connection from their homes to the corporate network. 
  
• The company currently has 1 million customers. About half of them have mortgages. In the next 5 years, the infrastructure must be able to accommodate at least 2 million customers, with about 1 million customers having mortgages. 
  

Security 

The following security requirement must be considered 

• Bank employees must have access to resources at the Amsterdam office, their local banks, and NewApp. 
  
• The Company must ensure that servers can be easily restored when one or more servers fail, with minimum loss of data and minimum downtime. 
  
• The Company needs the highest possible secure authentication method for all computers that contain confidential information. 
  

NewApp Requirements 

The following NewApp requirement must be considered 

• NewApp is a web-based application that contains tools that are used by customers and tools that are used by employees. 
  
• Employees from all locations will connect to the web servers to access NewApp. 
  
• NewApp stores customer information in Active Directory by using custom classes and attributes. 
  
• NewApp stores mortgage information in the NewApp database. 
  
• Developers need to be able to test the NewApp schema modifications without affecting any other servers. 
  
• NewApp must be available 24 hours a day, seven days a week. 
  
• Because of national legal requirements, the server that contains mortgage information requires several security settings that are different from those on the NewApp application servers. 
  

Technical Requirements 

Active Directory 

The following Active Directory requirement must be considered 

• Active Directory must be deployed to support NewApp. 
  
• All domain controllers in the new environment must run Windows Server 2003. 
  
• Administration of Active Directory will not be performed at the local banks. 
  
• Each user should be authenticated locally when possible. 
  
• Domain Controllers will be placed in all locations that support more than 50 users. 

Network Infrastructure 

The following Network Infrastructure requirement must be considered 

The planned network is shown in the planned Network Infrastructure exhibit. 

Network Infrastructure Exhibit: 

Planned Exhibit: 

Bandwidth between the Amsterdam office and the branch offices is not an issue. However, some local banks report that there are slow response times to the branch offices or to the Amsterdam office. 

The company uses some legacy applications that are heavily dependent on NetBios name resolution. These applications will also be used after the migration. 

The Company needs to use the smallest subnets possible in each location because of planned future expansion to include many additional branch offices. 

VPN servers will be placed at the Amsterdam office only. 

It is crucial to ensure 24-hour availability of the VPN servers. 

Dial-up servers exist in each branch office to allow network administrators to administer each branch office in the event of WAN link failure. 

Management of all remote access must be centralized. 

Woodgrove Bank (9 Questions) 

QUESTION NO 1: 

You are designing a forest structure to meet the business and technical requirements. How many forests should you create? 

A. One 

B. Two 

C. Three 

D. Four 

QUESTION NO 2 

You are designing an organizational unit (OU) structure to manage the New App servers. What should you do? 

A. Create one OU that includes both the web servers and the database servers. 

B. Create one OU that includes the web servers and one OU that includes the database servers. 

C. Create one OU that includes the web servers. Then Place the database servers in the Computer Containers. 

D. Place the web server and the database servers in the Domain Controller OU. 

QUESTION NO 3 

You are designing a new NETBIOS naming strategy for the corporate environment. Which domain name should you use? 

A. ad 

B. woodgrovead 

C. woodgrovebank 

D. woodgrovebank.com 

QUESTION NO 4 

You need to configure the security settings for the new app servers. Which two actions should you perform? (Each correct answer presents part of the solutions. (Choose two) 

A. Create a Group policy object (GPO) for the web servers. 

B. Create a Group policy object (GPO) for the database servers. 

C. Modify the Default Domain Policy. 

D. Modify the Default Domain Controllers Policy. 

QUESTION NO 5 

You are designing an Active Directory site infrastructure to meet the bussiness and technical requirements. What should you do? 

A. Create one site for each office and each local bank. 

B. Create one site for all offices. Create one site for all local banks. 

C. Create one site for Amsterdam. Create one site for all branch office and all local banks. 

D. Create one site for Amsterdam. Create one site for the Utercht brach office. Create one site for that Hague branch office. Place half the local banks in the utercht site and half the local banks in the Hague site. 

E. Create one site for Amsterdam. Create one site for the Utercht brach office. Create one site for each local bank that has more than 50 users. Place all the other local banks in the Amsterdam Site. 

QUESTION NO 6 

You are designing a strategy to ensure that DNS queries always take the most efficient route to get resolved. Which action or actions should you perform? (Choose all that apply) 

A. Configure conditional forwarding on the corporate DNS servers to point the development DNS servers. 

B. Configure conditional forwarding on the development DNS servers to point the corporate DNS servers. 

C. Configure conditional forwarding on the perimeter network DNS servers to point the corporate and development DNS servers. 

D. Configure forwarding on the corporate and development DNS servers to point the perimeter network DNS servers. 

E. Disable root hints on the perimeter network DNS Servers. 

QUESTION NO 7 

You are designing a remote access strategy to meet the business & technical requirements. Which authentication mechanism should you use? 

A. MS-CHAP v2. 

B. Internet Authentication service (IAS). 

C. Multilink & Bandwidth Allocation Protocol (BAP). 

D. Remote access policies on all servers running Routing & Remote Access. 

QUESTION NO 8 

You are designing the TCP/IP addressing scheme for the company. What should you do? 

To Answer, Drag the Appropriate subnet mask or masks to the correct location or locations in the work area. 

QUESTION NO 9 

You are designing a VPN Server strategy to meet the business and technical requirement. What should you do? 

A. Configure all client computers to point to a VPN server in Amsterdam. 

B. Configure all client computers to use Multilink Bandwidth Allocation Protocol (BAP). 

C. Create a network Load Balancing cluster of VPN servers. 

D. Create a shutdown script for the VPN servers to delete the host(A) resource record of the VPN sever from the DNS database when the VPN server are shutdown.