Windows Server 2008 R2 Unleashed (258 page)

ed with requests for status updates.

ptg

This page intentionally left blank

ptg

CHAPTER 32

IN THIS CHAPTER

.

Optimizing Windows

Understanding Read-Only

Domain Controllers (RODCs)

Server 2008 R2 for Branch

. Installing a Read-Only Domain

Controller

Office Communications

. Understanding BitLocker Drive

Encryption

. Configuring BitLocker Drive

Encryption on a Windows

Today’s organizations are likely to consist of many branch

Server 2008 R2 Branch Office

offices. On average, a branch office is a small office hosting

Domain Controller

fewer than 50 employees in a remote location. Typically, a

branch office infrastructure is connected to the headquar-

. Understanding and Deploying

BranchCache

ters site, centralized data center, or hub site by means of a

wide area network (WAN) link in a distributed fashion. Due

. Enhancing Replication and WAN

to the high costs associated with purchasing bandwidth,

Utilization at the Branch Office

these WAN links are usually slow, unreliable, and ineffi-

cient. Finally, most branch offices lack physical security and

ptg

IT support personnel.

For many organizations, maintaining branch offices gener-

ates significant operational costs and administrative chal-

lenges. Two scenarios exist when dealing with branch

offices because of the high costs of securing high-speed

links between the branch office and hub site. Either the

organization implements server infrastructure at the branch

office or IT services are provided to the branch office from a

centralized site such as the company headquarters.

By providing branch offices with their own infrastructure

productivity increases; however, operational and manage-

ment costs typically rise. When providing services to a

branch office from a centralized site, its productivity is

reduced as all branch office users must obtain services over

a slow and unreliable WAN link. In addition, if the WAN

link becomes unavailable, productivity at the branch office

can come to a halt until the WAN link is repaired. As you

can see, each scenario has cost and efficiency trade-offs.

Challenges like the one just described might, however,

become a thing of the past for branch offices. Windows

Server 2008 R2 provides new technology solutions that

allow organizations to integrate branch offices seamlessly

1306

CHAPTER 32

Optimizing Windows Server 2008 R2 for Branch Office

Communications

into the organization’s infrastructure. This chapter covers the use of built-in Windows

Server 2008 R2 technologies that help improve the operations, management, administra-

tion, and support for branch offices in any organization. In particular, this chapter

includes the implementation and use of Read-Only Domain Controllers, the use of two-

state domain controller (DC) promotion, an introduction to DFS read-only replicated

folders, and the ability to configure administrative role separation. Also covered in this

chapter is information enabling BitLocker Drive Encryption, BranchCache, and the latest

technologies, which improve WAN utilization between branch offices and hub sites.

Understanding Read-Only Domain Controllers (RODCs)

One of the new features that received close attention in Windows Server 2008 was a new

breed of domain controllers referred to as Read-Only Domain Controllers, also known as

RODCs. The RODC hosts a copy of the Active Directory (AD) database like any other

writable domain controller, but as its name implies, the contents replica of the domain

database residing on the domain controller is read-only and write operations are not

supported. It is equally important to mention that the RODCs do not participate in Active

Directory replication in the same fashion as writable domain controllers. The fundamental

difference between RODC replication and the typical multimaster replication model

ptg

between writable domain controllers is that RODC replication is unidirectional. This

means all changes from a writable domain controller are propagated to the RODCs. As a

result, the RODC receives changes, but does not partake in or perform outbound replica-

tion with other domain controllers. This characteristic of RODCs provides an extra layer

of security as any unauthorized data changes, especially changes made with the intent to

hurt the organization, will not replicate out to other domain controllers. Unidirectional

replication also reduces the workload of bridgehead servers in the hub site and the effort

required to monitor replication.

Another new RODC functionality that improves security is commonly witnessed when

replication transpires between a writable domain controller and an RODC. Here, user

account information is replicated, but account passwords are not replicated. This is a new

phenomenon because of the existence of Windows domain controllers. Security is

bolstered in this situation as the only password that resides on the RODC is the local

administrator’s password and Krbtgt accounts (the account used for Kerberos authentica-

tion). In essence, the read-only philosophy of an RODC is similar to the NT 4.0 Backup

Domain Controller (BDC); however, with the NT 4.0 BDC, all user information is repli-

cated from the Primary Domain Controller (PDC), including passwords.

NOTE

If needed, it is also possible to configure credential caching of passwords for a specific

user account to an RODC. Moreover, by default, security groups with high privileges

such as Domain Administrators and Enterprise Administrators are configured to never

allow their passwords to replicate to RODCs.

Understanding Read-Only Domain Controllers (RODCs)

1307

Although Microsoft fields numerous questions on this new Active Directory technology,

the question that is asked the most is where does the RODC fit in? RODCs are most often

used to provide Active Directory Domain Services (AD DS) to remote locations and branch

offices where heightened security is essential, where Windows Active Directory administra-

tors are lacking, and where the promise of physical security is practically nonexistent. In

many cases, RODCs offer a practical headache-free solution for branch office environ-

32

ments that in the past had to endure solutions that always put them in compromising

situations.

Organizations’ Branch Office Concerns and Dilemmas

The next section illustrates typical branch office concerns about having domain

controllers onsite. This section makes it evident why the RODC is becoming popular if not

extremely necessary for branch offices.

Lack of Physical Security at the Branch Office

Typically, branch office locations do not have the facilities to host a data center. For that

reason, it is common to find domain controllers hiding in closets, tucked away in the

kitchen next to the fridge, or even in a restroom. As such, branch offices lack physical

security when it comes to storing domain controllers, which results in these servers being

ptg

prime targets for thieves.

Domain Controllers Stolen from the Branch Office

With inadequate physical security in the branch offices, it was very common for domain

controllers to be stolen. This posed a major security threat to organizations because

domain controllers contain a copy of all the user accounts associated with the domain.

Confidential items such as highly privileged administrator accounts, DNS records, and the

Active Directory schema could fall into the hands of the wrong people in this situation.

Removing Domain Controllers from the Branch Office

Because of a lack of physical security and concerns over domain controller theft, branch

offices often had their domain controllers removed from their site. After being removed,

users were forced to authenticate over the WAN to a domain controller residing at their

corporate headquarters or to the closest hub site. Although this action solved the security

issue, it also cultivated a new problem. If the WAN link between the branch office and

hub site was unreliable or unavailable, users could not log on to the workstations at the

branch office or the amount of time required to log on was greatly increased. This resulted

in a loss of productivity for users in the branch office or outages that resulted in down-

time if the WAN link was severed. These types of outages commonly lasted for days.

Lack of Administration Role Separation at the Branch Office

In small branch offices, it is also very common for multiple server functions to be hosted

on a single server to reduce costs. For example, a single server might provide domain

controller, file, print, messaging, and other line-of-business (LOB) functionality. In such

cases, it is necessary for the administrators of these applications to log on to the system to

manage their applications. By granting administrators privileges to the domain controller,

1308

CHAPTER 32

Optimizing Windows Server 2008 R2 for Branch Office

Communications

these individuals also received full access to the Active Directory domain, which is consid-

ered to be a major security risk.

Lack of IT Support Personnel at the Branch Office

It is very common for secretaries, receptionists, or even high-level personnel such as

managers and directors without any prior knowledge of IT management or maintenance

to manage servers in a branch office. Typically, these individuals get nominated or

promoted to a branch office IT support role because a local IT administrator does not

exist. Unfortunately, even when conducting basic administration tasks like restarting an

unresponsive server, these individuals can inadvertently wreak havoc on the Active

Directory domain when granted administrator privileges on a domain controller. In a

Windows Server 2003 environment, there was little that could be done about this situa-

tion. You just had to be careful about who you promoted to the exclusive club of domain

administrators.

Understanding When to Leverage RODCs

As you can see, branch offices were faced with numerous challenges. Because of the many

features of RODCs, however, branch offices can now have domain controllers on site

without compromising security.

ptg

The main benefits of running RODC in branch offices are associated with the following:

. Read-only Active Directory Domain Services

. Reduced replication workload over the network

. Credential caching

. Administrator role separation

. Read-Only DNS

. Read-Only SYSVOL

These features of RODCs, which are discussed in detail in the following sections, assist in

alleviating concerns and dilemmas for organizations.

Read-Only Active Directory Domain Services

Poor physical security is typically the most common rationale for deploying an RODC at a

branch office. A read-only copy of the domain controller provides fast and reliable authen-

tication, while simultaneously protecting against data loss in the event the server is

compromised or stolen. Because no changes can originate from an RODC, a malicious

hacker or IT support personnel with little knowledge of Active Directory administration

cannot make changes at the branch level. On a writable domain controller, not only can

changes be made, but these changes would propagate to all other domain controllers,

eventually damaging or polluting the Active Directory domain and forest.

Reduced Replication Workload over the Network

As mentioned earlier, RODCs do not participate in Active Directory replication in the

same fashion as writable domain controllers. Replication with RODC is one-way, meaning

Understanding Read-Only Domain Controllers (RODCs)

1309

all changes from a writable domain controller are propagated to the RODC. An RODC

receives changes, but does not partake in or perform any outbound replication to other

domain controllers. This results in the replication workload being minimized over the

network because changes do not have to be pulled from an RODC and because Active

Directory replication is unidirectional. Also reduced is the amount of time required to

monitor replication, which is another plus for having an RODC.

32

Credential Caching

Credential caching with an RODC provides numerous security enhancements for a

domain controller residing at a branch office. Take, for example, a new functionality in

RODCs that increases security in the event an RODC is stolen. When replication transpires

between a writable domain controller and an RODC, only a user’s account information is

replicated—not the user’s password. Equally important, passwords are not stored on an

RODC. In the event the RODC is stolen, the only accounts that can be hacked and

compromised are the local administrator accounts and the RODC account, which is

specific to the RODC server. These accounts are not considered to be highly privileged,

nor do they have access authorization on the forest and domain. On the other hand,

Other books

A Kiss in the Night by Horsman, Jennifer
Las trompetas de Jericó by Nicholas Wilcox
Missing Man by Barry Meier
No More Tomorrows by Schapelle Corby
Tiny Dancer by Anthony Flacco
Codename Winter by Ross, Aubrey