MCP Implementing an Advanced Server Infrastructure (70-414) – another study guide
Exam 70-414 Implementing an Advanced Server Infrastructure
============================================================
This blog post is a study guide to help you to prepare Microsoft MCP 70-414 : Implementing an Advanced Server Infrastructure
Now to prepare seriously this certification, here is a lot of content to read and understand !! Like every other Microsoft Certification, a technical background and experience on Microsoft Infrastructure (Windows Server 2003 –> 2012, Cluster and System Center) is better to have.
Official link on Microsoft Web site : https://www.microsoft.com/learning/en-us/exam-70-414.aspx
********************************************
Manage and maintain a server infrastructure (25–30%)
********************************************
- Design an administrative model -
-> Design considerations including user rights, built-in groups, and end-user self-service portal; design a delegation of administration structure for Microsoft System Center 2012
How to Create a Delegated Administrator User Role in VMM
https://technet.microsoft.com/en-us/library/hh356037.aspx
Creating User Roles in VMM
https://technet.microsoft.com/en-us/library/gg696971.aspx
- Design a monitoring strategy -
-> Design considerations including monitoring servers using Audit Collection Services (ACS), performance monitoring, centralized monitoring, and centralized reporting; implement and optimize System Center 2012 – Operations Manager management packs; plan for monitoring Active Directory
Agentless Monitoring in Operations Manager
https://technet.microsoft.com/en-us/library/hh212910.aspx
Well-known security identifiers in Windows operating systems (Event Log Readers group)
https://support.microsoft.com/kb/243330/en-us
Creating Data Collector Sets
https://technet.microsoft.com/en-us/library/cc749337.aspx
SQL Server Reporting Services (SSRS)
Defining a Service Level Objective Against an Application
https://technet.microsoft.com/en-us/library/hh230719.aspx
- Design an updates infrastructure -
-> Design considerations including Windows Server Update Services (WSUS), System Center 2012 – Configuration Manager, and cluster-aware updating; design and configure Virtual Machine Manager for software update management; update VDI desktop images
WSUS topology designs
- Single WSUS server
- Multiple independent WSUS servers
- Multiple internally synchronized WSUS Servers (1 upstream and multiple downstream servers)
- Disconnected WSUS Servers
Deploy Replica when you want a server to inherit update approvals from a central server
Choose a WSUS Management Style
https://technet.microsoft.com/en-us/library/cc708500(v=ws.10).aspx
Windows Internal Database Feature or SQL Server 2008 (or >)
How to Add an Update Server to VMM
https://technet.microsoft.com/en-us/library/gg675116.aspx
--> Add WSUS Console to VMM Server
- Implement automated remediation -
-> Create an Update Baseline in Virtual Machine Manager; implement a Desired Configuration Management (DCM) Baseline; implement Virtual Machine Manager integration with Operations Manager; configure Virtual Machine Manager to move a VM dynamically based on policy; integrate System Center 2012 for automatic remediation into your existing enterprise infrastructure
Overview of Desired Configuration Management
https://technet.microsoft.com/en-us/library/bb680553.aspx
Local Storage vs Remote Storage
WSUSUtil tool to configure SSL if used with SCCM
How to Install a WSUS Server for VMM
https://technet.microsoft.com/en-us/library/gg675099.aspx
If you install WSUS on a remote server, you must install a WSUS Administration Console on the VMM management server and then restart the VMM service.With a highly available VMM management server, you must install a WSUS Administration Console on each node of the cluster to enable the VMM service to continue to support update management. Update management in VMM requires a WSUS Administration Console, which includes the WSUS 3.0 Class Library Reference.
System Requirements: Update Management
https://technet.microsoft.com/en-us/library/gg610633.aspx
cluster-aware updating
- Remote-updating mode
- Self updating mode
Windows Server 2012 - Cluster Aware Updating (CAU) in action (few french text but a lot of screenshot in US)
https://blogs.technet.com/b/stanislas/archive/2013/01/14/windows-server-2012-cluster-aware-updating-cau-en-action.aspx
Virtual Machine Servicing Tool (VMST) --> need a WSUS or SCCM server in your infrastructure
Introduction to Compliance Settings in Configuration Manager
https://technet.microsoft.com/en-us/library/gg682139.aspx
Introduction to Collections in Configuration Manager
https://technet.microsoft.com/en-us/library/gg682177.aspx
What's New in BranchCache
https://technet.microsoft.com/en-us/library/jj127252.aspx
***********************************************************
Plan and implement a highly available enterprise infrastructure (25–30%)
***********************************************************
- Plan and implement failover clustering -
-> Plan for multi-node and multi-site clustering; design considerations including redundant networks, network priority settings, resource failover and failback, heartbeat and DNS settings, Quorum configuration, and storage placement and replication
Windows Server 2012: Improvements in Failover Clustering (Video 56min)
https://technet.microsoft.com/en-us/video/windows-server-2012-improvements-in-failover-clustering.aspx
What's New in Failover Clustering in Windows Server 2012
https://technet.microsoft.com/en-us/library/hh831414.aspx
Configure and Manage the Quorum in a Windows Server 2012 Failover Cluster
https://technet.microsoft.com/en-us/library/jj612870.aspx
witness disk in NTFS only
4 quorums node
- node majority
- node and disk majority
- node and file sahre majority
- no majority
Failover if 5 missed heartbeat (= 5 sec)
Installing the Failover Cluster Feature and Tools in Windows Server 2012
https://blogs.msdn.com/b/clustering/archive/2012/04/06/10291601.aspx
Cluster Shared Volumes Reborn in Windows Server 2012: Deep Dive
https://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/WSV430
- Plan and implement highly available network services -
-> Plan for and configure Network Load Balancing (NLB); design considerations including fault-tolerant networking, multicast vs. unicast configuration, state management, and automated deployment of NLB using Virtual Machine Manager service templates
Network Load Balancing Overview
https://technet.microsoft.com/en-us/library/hh831698.aspx
- Plan and implement highly available storage solutions -
-> Plan for and configure storage spaces and storage pools; design highly available, multi-replica DFS namespaces; plan for and configure multi-path I/O, including Server Core; configure highly available iSCSI Target and iSNS Server
Six Uses for the Microsoft iSCSI Software Target
https://blogs.technet.com/b/storageserver/archive/2009/12/11/six-uses-for-the-microsoft-iscsi-software-target.aspx
Introduction of iSCSI Target in Windows Server 2012
https://blogs.technet.com/b/filecab/archive/2012/05/21/introduction-of-iscsi-target-in-windows-server-2012.aspx
iSNS Server Overview
https://technet.microsoft.com/en-us/library/cc772568.aspx
The Microsoft iSNS Server only supports the discovery of iSCSI devices, and not Fibre Channel devices
1 disk mini to create a storage pool
2 disks mini to create a resilient mirror virtual disk (standalone server)
3 disks mini to create a resilient 2-way mirror virtual disk (Cluster Deploy)
5 disks mini to create a resilient 3-way mirror virtual disk (Cluster Deploy)
3 disks mini to create a resilient parity virtual disk (standalone server, can't use it on a failover
cluster)
Deploy Storage Spaces on a Stand-Alone Server
https://technet.microsoft.com/en-us/library/jj822938.aspx
Deploy Clustered Storage Spaces
https://technet.microsoft.com/en-us/library/jj822937.aspx
Provisioning : thin (flexible) ou fixed (better performance)
Clustered Storage space:
- Fixed provisioning
- SAS disks only
- No parity (only simple or mirror virtual disk)
- ReFS not allowed (CSV incompatible)
- Plan and implement highly available server roles -
-> Plan for a highly available Dynamic Host Configuration Protocol (DHCP) Server, Hyper-V clustering, Continuously Available File Shares, and a DFS Namespace Server; plan for and implement highly available applications, services, and scripts using Generic Application, Generic Script, and Generic Service clustering roles
Scale-Out File Server for Application Data Overview
https://technet.microsoft.com/en-us/library/hh831349.aspx
up to 64 physical nodes in a cluster
4000 VM per cluster
Cluster-Aware Updating
Cluster computer objects in targeted OU
Step-by-Step: Configure DHCP for Failover
https://technet.microsoft.com/en-us/library/hh831385.aspx
- Plan and implement a business continuity and disaster recovery solution -
-> Plan a backup and recovery strategy; planning considerations including Active Directory domain and forest recovery, Hyper-V replica, domain controller restore and cloning, and Active Directory object and container restore using authoritative restore and Recycle Bin
DPM -> 15 min RPO
AD DS Recycle Bin : forest level 2008 R2
Requirements for Active Directory Recycle Bin
https://technet.microsoft.com/en-us/library/dd379484(v=ws.10).aspx
Enable Active Directory Recycle Bin
https://technet.microsoft.com/nl-nl/library/dd379481(v=ws.10).aspx
Enable-ADOptionalFeature
DPM to Backup Virtual Machines
- Protection of a standalone host -> DPM Agent on Hyper-V
- Protection of the virtual machine --> DPM Agent in VM
- Protection of a VM running on ta clustered host --> DPM agent on all Cluster Node
- Host Hyper-V and storage located on different servers -> DPM agents on both server. backup occur at host level
Hyper-V Replica Overview
https://technet.microsoft.com/en-us/library/jj134172.aspx
https://technet.microsoft.com/en-us/library/hh831716.aspx
Hyper-V: To participate in replication, servers in failover clusters must have a Hyper-V Replica Broker
configured (en-US)
https://social.technet.microsoft.com/wiki/contents/articles/12798.hyper-v-to-participate-in-replication-servers-in-failover-clusters-must-have-a-hyper-v-replica-broker-configured-en-us.aspx
To configure Hyper-V Replica Broker
https://technet.microsoft.com/en-us/library/jj134153#BKMK_1_4
Understand and Troubleshoot Hyper-V Replica in Windows Server "8" Beta
https://www.microsoft.com/en-us/download/details.aspx?id=29016
******************************************************
Plan and implement a server virtualization infrastructure (25–30%)
******************************************************
- Plan and implement virtualization hosts -
-> Plan for and implement delegation of virtualization environment (hosts, services, and VMs), including self-service capabilities; plan and implement multi-host libraries including equivalent objects; plan for and implement host resource optimization; integrate third-party virtualization platforms
How to Configure Host Group Properties in VMM
https://technet.microsoft.com/en-us/library/hh335101.aspx
Configuring Dynamic Optimization and Power Optimization in VMM
https://technet.microsoft.com/en-us/library/gg675109.aspx
Tuning PRO Performance Thresholds
https://technet.microsoft.com/en-us/library/ee423768.aspx
The Hyper-V Administrators group is a new local security group. Add users to this group instead of the local Administrators group to provide them with access to Hyper-V. Members of the Hyper-V Administrators have complete and unrestricted access to all features of Hyper-V
What's New in Hyper-V
https://technet.microsoft.com/en-us/library/hh831410.aspx
System Requirements: Citrix XenServer Hosts
https://technet.microsoft.com/library/gg610587.aspx
Managing VMware ESX Hosts Overview
https://technet.microsoft.com/en-us/library/gg610683.aspx
- Plan and implement virtualization guests -
-> Plan for and implement highly available VMs; plan for and implement guest resource optimization including smart page file, dynamic memory, and RemoteFX; configure placement rules; create Virtual Machine Manager templates
How to Create a Guest Operating System Profile
https://technet.microsoft.com/en-us/library/hh427296.aspx
About Hardware Profiles
https://technet.microsoft.com/en-us/library/bb740879.aspx
SCVMM 2012 : how to create a VM Template (few text in french but all screenshots in english)
https://blogs.technet.com/b/stanislas/archive/2011/11/22/scvmm-2012-comment-d-233-ployer-une-vm-224-partir-d-un-mod-232-le-de-machine-virtuelle.aspx
Creating Service Templates in VMM
https://technet.microsoft.com/en-us/library/gg675105.aspx
- Plan and implement virtualization networking -
-> Plan for and configure Virtual Machine Manager logical networks; plan for and configure IP address and MAC address settings across multiple Hyper-V hosts including IP virtualization; plan for and configure virtual network optimization
- Plan and implement virtualization storage -
-> Plan for and configure Hyper-V host storage including stand-alone and clustered setup using SMB 2.2 and CSV; plan for and configure Hyper-V guest storage including virtual Fibre Channel, iSCSI, and pass-through disks; plan for storage optimization
Note : SMB 2.2 is an old name. New name is SMB 3.0
- Plan and implement virtual guest movement -
-> Plan for and configure live, SAN, and network migration between Hyper-V hosts; plan for and manage P2V
and V2V
P2V Prerequisites
https://technet.microsoft.com/en-us/library/hh427293.aspx
- Manage and maintain a server virtualization infrastructure -
-> Manage dynamic optimization and resource optimization; manage Operations Manager integration using PRO Tips; automate VM software and configuration updates using service templates; maintain library updates
Configuring Dynamic Optimization and Power Optimization in VMM
https://technet.microsoft.com/en-us/library/gg675109.aspx
Tuning PRO Performance Thresholds
https://technet.microsoft.com/en-us/library/ee423768.aspx
Adding and Configuring VMM Library Servers
https://technet.microsoft.com/en-us/library/bb894355.aspx
**************************************************
Design and implement identity and access solutions (20–25%)
**************************************************
- Design a Certificate Services infrastructure -
-> Design a multi-tier Certificate Authority (CA) hierarchy with offline root CA; plan for multi-forest CA deployment; plan for Certificate Enrollment Web Services; plan for network device enrollment; plan for certificate validation and revocation; plan for disaster recovery; plan for trust between organizations
Active Directory Certificate Services Overview (to learn different roles in AD CS)
https://technet.microsoft.com/en-us/library/hh831740.aspx
CEP Encryption : Allows the holder to act as a registration authority (RA) for simple certificate enrollment protocol (SCEP) requests
The CAPolicy.inf contains settings that can be used to modify the default installation of the Certification Authority role of Active Directory Certification Service (AD CS). The file is also used when renewing the CA certificate. A CAPolicy.inf file is not required to install AD CS or renew a CA certificate. The file is only needed to modify default settings. Once you have created your CAPolicy.inf file, you must copy it into the %windir% folder (such as the C:\Windows) of your server before you install AD CS or renew the CA certificate.
Prepare the CAPolicy.inf File
https://technet.microsoft.com/en-us/library/jj125373.aspx
Cross-certification creates a shared trust between two CAs that do not share a common root CA. These CAs exchange cross-certificates that allow their organizations to communicate. In this way, the organizations do not have to create and manage additional root CAs. Cross-certification might be the best option if a common root CA for both PKIs does not exist
- Implement and manage a Certificate Services infrastructure -
-> Configure and manage offline root CA; configure and manage Certificate Enrollment Web Services; configure and manage Network Device Enrollment Services; configure Online Certificates Status Protocol responders; migrate CA; implement administrator role separation; implement and manage trust between organizations; monitor CA health
Using a Cross-Certification Configuration
https://technet.microsoft.com/en-us/library/cc778829(v=ws.10).aspx
- Implement and manage certificates -
-> Manage certificate templates; implement and manage deployment, validation, and revocation; manage certificate renewal including Internet-based clients; manage certificate deployment and renewal to network devices; configure and manage key archival and recovery
Certificate Templates Overview
https://technet.microsoft.com/en-us/library/cc730826(v=ws.10).aspx
- Design and implement a federated identity solution -
-> Plan for and implement claims-based authentication including planning and implementing Relying Party Trusts; plan for and configure Claims Provider Trust rules; plan for and configure attribute stores including Active Directory Lightweight Directory Services (AD LDS); plan for and manage Active Directory Federation Services (AD FS) certificates; plan for Identity Integration with cloud services
Attribute Store in ADFS is a directory or database that you can user to store user accounts and their associated attributes. Attibutes stores for ADFS in Windows Server 2012 can be :
- AD DS
- AD LDS (LDAP)
- SQL Server 2005 and >
- Custom attribute store (eg. CSV files)
- Design and implement Active Directory Rights Management Services (AD RMS) -
-> Plan for highly available AD RMS deployment; manage AD RMS Service Connection Point; plan for and manage AD RMS client deployment; manage Trusted User Domains; manage Trusted Publishing Domains; manage Federated Identity support; manage Distributed and Archived Rights Policy templates; configure Exclusion Policies; decommission AD RMS
How AD RMS Works
https://technet.microsoft.com/en-us/library/how-adrms-works.aspx
AD RMS Infrastructure Deployment Tips
https://technet.microsoft.com/en-us/library/jj554774.aspx
Understanding AD RMS Clusters
https://technet.microsoft.com/en-us/library/cc771175.aspx
Only one Active Directory Rights Management Services (AD RMS) root cluster is permitted in each forest. If your organization wants to use rights-protected content in more than one forest, you must have a separate AD RMS root cluster for each forest.
AD RMS Multi-forest Considerations
https://technet.microsoft.com/en-us/library/dd772648(v=ws.10).aspx
Service Connection Point (SCP) for Active Directory Rights Management Services (AD RMS) identifies the connection URL for the service to the AD RMS-enabled clients in your organization. After you register the SCP in Services de domaine Active Directory (AD DS), clients will be able to discover the AD RMS cluster to request use licenses, publishing licenses, or rights account certificates (RACs).
The Active Directory Rights Management Services (AD RMS) super user feature is a special role that enables users or groups to have full control over all rights-protected content managed by the cluster. Its members are granted full owner rights in all use licenses that are issued by the AD RMS cluster on which the super users group is configured. This means that members of this group can decrypt any rights-protected content file and remove rights-protection from
Configure the AD RMS Super Users Group
https://technet.microsoft.com/en-us/library/ee849845(v=ws.10).aspx
What's New in Active Directory Rights Management Services (AD RMS)?
https://technet.microsoft.com/en-us/library/hh831554.aspx
for Windows Server 2012 the following versions of Microsoft SQL Server have been tested and are supported for use with AD RMS deployment.
- SQL Server 2005 Service Pack 3
- SQL Server 2008 Service Pack 3
- SQL Server 2008 R2 Service Pack 1
If you are going to be viewing reports related to AD RMS, you must also install the .NET Framework 3.5 On Server Core installations, the optional Identity Federation Support role service for the AD RMS server role is not supported. This is because Identity Federation Support relies on a role service of the AD FS Server role, the Claims-aware Agent, which is disabled on Server Core installations Windows Server 2012 also includes the following feature updates, which have been added recently as updates
for the AD RMS role in Windows Server 2008 R2.
- Simple delegation : Simple delegation for AD RMS enables you to have the same access rights to protected content that are assigned to one person delegated to other individuals within their organization Simple delegation provides the ability to have content rights assigned to executives and managers be easily and effectively delegated to their assistants.wo attributes, msRMSDelegator and msRMSDelegatorBL must be added to the Active Directory schema
- Strong cryptography : enables you to increase the cryptographic strength of your AD RMS deployment by running in an advanced mode known as cryptographic mode
AD RMS and cryptographic support for SHA-2/RSA 2048
https://blogs.technet.com/b/rms/archive/2012/04/29/ad-rms-and-cryptographic-support-for-sha-2-rsa-2048.aspx
Test Lab Guide: Deploying an AD RMS Cluster
https://technet.microsoft.com/en-us/library/adrms-test-lab-guide-base
I encourage you also to download Windows Server 2012, install it and test it as much as you can because there are some questions where you need to have already manipulate User Interface or commands.
You can download eval version of Windows Server 2012 as :
- an ISO image : https://aka.ms/jeveuxwindows2012
- a pre-build system on VHD : https://aka.ms/jeveuxwindows2012
You can also try Windows Server 2012 on Windows Azure IaaS for some scenarios (but not those with hyper-V or network like DHCP of course) : https://www.windowsazure.com/fr-fr/pricing/free-trial/
Comments
Anonymous
August 20, 2013
ExcellentAnonymous
February 10, 2014
Think this will be very helpful thanksAnonymous
February 11, 2014
Hi, only the links i must read? ThanksAnonymous
April 08, 2014
Hello, I came across this in my studies for the 70-414 test. These are some EXCELLENT resources! Thank you so much.Anonymous
April 09, 2014
Congrats and thanks for your feedback :-)Anonymous
January 14, 2015
Were these links for Windows 2012 RTM? It'd be great if this article can be revised for R2. Still an excellent post nonetheless.Anonymous
March 24, 2015
The comment has been removedAnonymous
August 18, 2015
Thanks a lot this is very helpful. Looks like these links provides more information than the ref. material.Anonymous
August 19, 2015
Yes it was for 2012 RTM.Anonymous
August 31, 2015
Is there any dump file for 70-414 valid now?Anonymous
September 01, 2015
Sorry, here it's only resource for studying, no dump