M $ test plan Overview-Chapter 3rd-test requirements

Who should perform the test

The number of people included in the program testing team depends largely on the complexity of the design, the prescribed time limit, and potential business opportunities. People with recognized and profound technical skills should lead the group. Ideally, the testing team should also include personnel responsible for serving as technical support for the product after the product is deployed. As a group, we should be very familiar with the principles behind the industry, industry goals, and deployment. The group should also be able to communicate with individuals responsible for design and exchange views on the results of the discussion.

If possible, the operator or the production personnel who actually manage the production environment should have the habit of testing in the lab because they will eventually take over the operational solution. These people will also be the ones who know the best about the solution and where they know the most appropriate.

How to perform a test

The best way to test is to test only the least functions, and then gradually increase the complexity after the test is successful. After each test is completed, the test result should be edited into a document and checked against the project requirements. Investigate and solve any problems.

To achieve its testing objectives, the MSM testing team has constructed an integrated testing environment for the integration test of the MSM solution. The design of this test lab should be as similar to the actual production environment as possible. The MSM solution was subsequently installed in the Microsoft System Architecture (MSA) enterprise data center, where an enterprise network was simulated and used to verify functionality.

Joint developers of Microsofts Operations and Technical Group (OTG) and MSMProgram(Jdp) customer feedback in the IT field after confirmation, the formation of this test scheme. The MSM testing team then followsManagement Architecture GuideAnd product operation and solution guide to execute various test cases in the preceding test plan, and ensure that it issues are related to feedback. These solutions are tested using test programs and automatically loaded test clients, which reveal issues raised by customers in the solutions.

Test Case Details workbook

The Microsoft Management Solution Provides additional and special guidance for completing the MSM solution accelerator recommendation test.

The test case details workbook provides test engineers with special test case documents that can be used by engineers to execute recommended test procedures. For more information about test settings, steps, and results, see the accompanying MSM test case details workbook, which can download the http://go.microsoft.com/fwlink/ at the following URL? Linkid = 20211.

Where to perform the test

The test lab should strictly imitate and ideally replicate the birth environment. The degree of similarity that can be achieved depends on the complexity of the production environment, and the amount of money and time that organizations prepare to provide the testing lab.

If your organization uses standard client and server hardware configurations, use these configurations in the lab. Try to use the same hardware, software, network, and login script, and then apply it to the production environment. If the computer in the production environment has almost no disk space, is full of obsolete and rarely used software, or a variety of network adapter cards, then the lab computer should be the same. If there is a vro or a production network with low-speed connections, copy these situations in the lab.

This approach ensures that design-related matters are identified in the lab, rather than exposed during deployment.

The Organization should appoint a Lab Manager or Coordinator to monitor installation and testing activities. After the lab is correctly configured, the Organization should execute the "change control process" to prevent conflicts between groups using the lab. This process ensures that the team using the lab receives approval from the Lab Manager prior to changes to the lab software and hardware and prevents the impact of software and hardware changes by one team on testing in other groups.

The change control process ensures that all test teams are notified of changes to lab software and hardware and agree to the changes. The team in conflict with the test requirements should reserve the test time with the Lab Manager. The lab manager should post software and hardware information and test schedules so that testers can know the lab activities. The lab manager should also develop procedures to restore the lab to its initial state.

The purpose of the test is to obtain approval (or proof) for the product, which will be deployed in the production environment. If the production environment is simulated in the laboratory environment, the system and applications can be verified, that is, the laboratory test results can accurately reflect the expected conditions in the production environment.

Test lab environment

To verify the MSM protocol, the MSM testing team has set up the following environments:

•	Unit test environment.The environment in the test lab is primarily used by the development team in the project development phase to test components and prove points of view. This environment is generally not the size of the original environment. It is often disassembled and reconstructed as needed, and it is not strictly controlled. Once the solution development team completes Functional Development of the solution and completes the unit test, the solution will be transferred to the test team and the test team will perform further tests in the integrated test environment.
•	Integrated test environment.During the project test phase, only the test team can use the test lab environment to perform the BVT, integration, system, solution, pressure, and security test procedures. This environment should be as close as possible to the production environment and should be strictly controlled. At the same time, it will not be frequently disassembled and rebuilt.
•	Pre-Production EnvironmentThe original environment in the test lab needs to be tested and run before production starts, and should match the production environment as much as possible. This environment is more tightly controlled than the integrated test environment and should be run by the production team.

Unit tests are conducted by the development team in the unit test environment. Morphological and recession tests are executed in an integrated testing environment. Finally, the pre-production test should be executed in the pre-production environment. Model Enterprises are established in the integrated test environment and pre-production environment. The test team designs the core infrastructure for the sample organization based on the best practices recommended by the MSA. The logical design of the Organization's core infrastructure is displayed in 8.

Figure 8: Example of the MSM logical architecture
View the complete image.

As shown in the process, an organization consists of a corporate data center in Seattle with a peripheral Network (DMZ, network isolation area, or blocked subnet) that connects it to the Internet ). The organization has another data center in Europe, a branch office in Asia, and a satellite branch in Tacoma, Washington. For specific locations, see charts in the appendix. SlaveManagement Architecture GuideAnd Site Management Guide to check some test solutions, this basic enterprise network has added another domain (South America ).

The Design of different services is described later.

Active Directory

Active Directory design 9 of the contoso organization is shown in.

Figure 9: Active Directory design
View the complete image.

The Group decided to use the multi-forest model for Active Directory. This model is used to isolate services between external services and internal services. By using a separate forest for peripheral networks and internal services, you can use active directory to manage security restrictions exposed to internal infrastructure. This complies with the MSA Active Directory design.

To exclusively manage forest infrastructure, the Internal Active Directory design can execute a single forest root domain (sometimes called an empty forest root domain ). The number and organization of forest inner domains are affected by many factors, including management structures, security policies, network bandwidth, and commercial/political reasons: Given these factors, therefore, we decided to divide North America, Asia and Europe into three separate domains.

From the information collected above, we recommend that you implement the root domain (corp.contoso.com) and three subdomains (na.corp.contoso.com, asia.corp.contoso.com, and europe.corp.contoso.com ).

Planning the peripheral Active Directory requires a single, non-empty forest root zone. In addition, active directory exists separately for peripheral management and server host. Because the requirements are not high, it is enough to plan a single domain for the peripheral network.

The next step is to create an organizational unit (OU) for the organizational unit. An organizational unit is a directory object that serves as a container for other directory objects. Ou can include users, groups, computers, printers, shared folders, and other organizational units in a single domain. Ou provides logical containers for objects in the domain.

It is recommended that the organizational unit structure be basically constructed according to management requirements, but some modifications have been made to make it clearer and easier to use group policies. This design promotes the following:

•	Centralized user and group management.
•	You can easily move resources between sites and departments.
•	Group policy application.
•	Software release.

Ou design 10

Figure 10 organizational unit design
See the actual size picture.

Domain Name Server

The efficient operation of Active Directory depends on whether the computer can quickly identify and locate key services. For example, when a computer of a domain member restarts, it must contact the domain controller to obtain information about its domain. If the first domain controller does not provide the global directory service, you may also need to contact another domain controller. These services are included in DNS. Therefore, the design and implementation of DNS is crucial for the successful deployment of Windows Server 2003.

MSM lab design

To simplify the MSM test model, the DNS architecture assumes that the enterprise has not yet set a DNS architecture. The DNS architecture is designed as a separate DNS service. In this type of configuration, the architecture consists of an external DNS server that provides the name resolution service. This server provides the internal namespace Resolution Service for Internet clients and internal DNS servers.

The DNS server in the MSM Architecture Works in the Active Directory integration area. The Active Directory integrated DNS region provides additional space in addition to the standard basic zone of the data center. By using the Active Directory Integration Region, DNS stores its records in Active Directory, performs multi-host update and replication, and uses secure dynamic update.

Figure 11: Domain Name Server Design

Two Active Directory integration regions are designed for the internal forest root DNS server (SEA-RDC-01 and SEA-RDC-02. The corp.contoso.com namespace is located in the Active Directory forest DNS region. This area contains information for locating servers and services within the root domain. The msdcs.corp.contoso.com namespace contains records used to locate domain controllers throughout the Active Directory forest. The client extensively accesses the _ msdcs.corp.contoso.com region to locate the domain controller in the forest. By creating secondary files on all DNS servers in the forest, the running load of the forest root is reduced, and the client's query response time for this region is also shortened. All Internet website and service requests are routed through the Internet proxy.

Sitesna.corp.contoso.com, europe.corp.contoso.com, and asia.corp.contoso.com are delegated by corp.contoso.com and contain information for locating servers and services in subdomains. In addition to the host na.corp.contoso.com, the subdomain controller SEA-CDC-01 for North America also has secondary and read-only copies of msdcs.corp.contoso.com. The configurations in Europe and Asia are similar.

Security Dynamic Update

In security dynamic updates, authorized name servers only accept updates to clients and servers authorized for security updates on DNS regions and DNS node objects, note that only the Active Directory integration region can be configured as a secure dynamic update.

Regional File Maintenance

In MSM, lab cleanup allows you to query all forward and reverse areas in the areas maintained by Windows Server 2003. Set the refresh interval to 14 days, that is, the recommended DHCP lease time.

Dynamic Host Configuration Protocol

Dynamic Host Configuration Protocol (DHCP) centrally manages client IP Address Allocation in an automated manner.

MSM lab design

Although the MSA design requires DHCP to be configured in a clustered manner, since availability is not one of the key test objectives, the MSM test team decided not to design the DHCP service into a clustered manner. All servers are assigned static IP addresses, and client computers on all sites obtain IP addresses from their respective DHCP servers. Each site has its own DHCP server.

Configuration Options

For ease of management, configuration options can be divided into two options: global range and local range. Global range options are based on the settings of each server and should be included in all DHCP scopes. Local range options include options used in a specific subnet.

The DHCP scope is defined as follows:

•	Seattle: 10.1.201.x/24
•	Tacoma: 10.1.211.0/27
•	New Delhi: 10.2.201.x/24
•	London: 10.3.201.x/24

Table 6 lists DHCP options configured in the MSM network.

Table 6 DHCP scope options

DHCP options	Description	Recommended Value
Lease Interval	The validity period of the TCP/IP address in the host system.	14 days.
IP address	Specify the IP address lease time to be allocated to the client.	Value in the scope attribute.
Subnet Mask	Specifies the subnet mask of the CIDR Block of the client computer.	Value in the scope attribute.
003 Router	Specifies the IP address column used by the router in the client CIDR block. This value is generally known as the default gateway.	The value in each CIDR block is different.
006 DNS Server	Specifies an IP address column of the DNS server that can be used by the client.	The value varies depending on the client location in the network.
044 WINS Server	Specifies an IP address column of the WINS server for NBT name registration and resolution.	The value varies depending on the client location in the network.
046 wins Node Type	Specifies the NBT name resolution method used by the client.	Cross-Wan name resolution locations are also available. This value is set to 0x8 (hybrid ). For other sites, this value should be set to 0x4 (mixed ).

Integration with DNS

By allowing only the DHCP server to modify the region information, the DNS server can restrict the dynamic update of the Client IP address. By default, the DHCP server is responsible for allocating IP addresses, so it is considered to have IP addresses, and the DHCP server updates the reverse query record (PTR) in the DNS ). Because the client is considered to have a name that represents its own identity, the client will normally update the address (a) record in DNS..This is the recommended configuration.

Security

The Dhcp Service deployed on the Windows Server 2003 server does not work as a domain controller, because it can overwrite any existing DNS records when running on the domain controller. This will cause DHCP to overwrite DNS records owned by other computers, including Static Records. For more information, see the Knowledge BaseArticle255134.

Management

The Dhcp Service is installed on an independent Member Server. Before the DHCP server provides services to the client, it must first obtain authorization in Active Directory. The default enterprise administrator privilege is required to create a DHCP server in Windows Server 2003 domain forest.

Automatic allocation of private addresses (apipa)

By default, the Windows Server 2003 Client automatically assigns an address in the range of 169.254.X. y(HereX. yIs the unique identifier generated by the client.) This function is used in a small LAN environment when the DHCP server is unavailable. However, connectivity problems may occur in this environment.

During network disconnection, to ensure that the client can continue to access local resources, you should disable this function by changing the registry subkeys of all DHCP clients, as shown below:

Hkey_localmachine \ System \ CurrentControlSet \ Services \ Tcpip \ Parameters \ ipautoconfigurationenabled

The value of REG_DWORD should be set to 0 to disable the automatic addressing function.

Wins

Although the WINS name resolution service is no longer required for the successful deployment of Windows Server 2003, some older software products and network services depend on NetBIOS. In this case, it is necessary to provide the WINS service before all these applications are updated (or replaced) to the applications that prioritize DNS usage.

MSM lab design

The design of the axle and spoke was used in the MSM lab because it was easy to manage and reduced the time required for aggregation. Because the aggregation time is short, there are few cases of disconnection between replication partners on the client.

Each site that provides the WINS name service has a WINS server of the station axle, Which is pushed/pulled from the WINS server of other axle. The enterprise's axle WINS server is located at the Seattle site. The axle WINS server maintains the copy links within the site and Aggregates database entries.

To manage replication traffic, each WINS server should be configured to pull and change 1000 records from its partners and push the changes every 60 minutes. Note that these values may need to be changed based on network bandwidth, availability, and Database Consistency.

File Service

The DFS feature allows you to develop a uniform File System namespace, which masks potential shared physical locations from end users.

MSM lab design

The following sections describe the categories of MSM storage requirements.

Local Information Storage Zone

Local Information, as prompted by its name, is stored on a single site and updated and maintained by users on this site, except for files created by administrators. Although users in other locations have read-only permissions on specific files and folders, information sharing between sites is achieved through the central information storage area. In the MSM test environment, each site has its own local storage zone. They are:

•	\ Na \ Root \ Seattle
•	\ Na \ Root \ newdelhi
•	\ Europe \ Root \ London

Central Information Storage Zone

The Central Information Storage area is used to store files and folders that can be used by users without considering users' physical locations. This information is created and maintained by the Administrator. Each domain has only one central information storage zone:

•	\ Na \ Root \ central \ Department \ common

In the MSM lab environment, the file service architecture adopts the domain DFS architecture. DFS replication is an integrated service that automatically copies content between DFS replicas through the file replication service (FR.

Print Service

The print design in the architecture of the MSM lab is used to plan the deployment of the Print Service and search for the print service requirements of customers and administrators. The network client must be able to quickly and seamlessly find and install printers. They require consistent and available services for printing.

To perform the test accurately, the printer server must be connected to a large number of printers; however, a real printer is not used during the print test. After the test print task is sent to the port, the port can simulate the physical printer, but it is completely discarded after the data is converted to the print task.

Internal Firewall

In the MSM lab, the internal Firewall uses the Cisco PIX device. A three-legged firewall is configured: one leg is in the internal network, the second leg is in the external network, and the third leg is in the Microsoft Proxy Server network segment. The firewall allows full mutual access between sites in Seattle and the Tacoma branch office. The following are the ports enabled by the internal firewall:

Table 7 Ports enabled by the internal firewall

From Network	To network	Enable Port	Description
Peripheral Network	Internal Network	389	LDAP
Peripheral Network	Internal Network	Netlogon fixed port	Update the registry key value so that it has a fixed port (recommended by MSA)
Peripheral Network	Internal Network	TCP/IP 135	Analysis
Peripheral Network	Internal Network	UDP 88	Kerberos
Peripheral Network	Internal Network	TCP, UDP 53	DNS
Peripheral Network	Internal Network	TCP/IP 1270	Mom
Peripheral Network	Internal Network	TCP 445'	Microsoft SMB
Internal Network	Peripheral Network	UDP 88	Kerberos
Internal Network	Peripheral Network	WWW	SUS Windows Update
Internal Network	Peripheral Network	TCP/IP 139/445	Mbsa Scan
Internal Network	Peripheral Network	UDP 137 138	Mbsa Scan
SBO	Internal Network	All ports	MSA Design
Internal Network	Proxy Server	TCP/IP 8080	Internet Web Service requests

Proxy Server

A typical challenge for all enterprises is how to benefit from the Internet while maintaining the security of the internal network. The MSA design provides proxy server services to meet this need. The MSM lab is guided by the MSA to gain internet access power. Services of these proxy servers are provided by Microsoft Internet Security and Acceleration Server 2000 (ISA Server.

The proxy server is not part of the peripheral Network (recommended by MSA ). Follow the instructions in MSA 2.0 to set port and filter rules to allow inbound and outbound HTTP access.

VPN Server

The VPN site-to-site solution (using the Internet as the backbone network) is a connection mechanism specified by MSA to provide remote access between the Seattle branch office and the company's data center.

To implement site-to-site connection, a secure channel is created between the VPN remote server and the Corporate Data Center VPN Server over the Internet using the L2TP encapsulated in IPSec. The two VPN servers verify each other on the basis of IPSec and L2TP before establishing a site-to-site channel and accessing the two sites. This design uses Windows Server 2003, RRAS, L2TP/IPSec, and computer certificates to form a VPN solution.

Because the site-to-site VPN connection uses L2TP for configuration, the computer certificate is installed on each RRAS server. To achieve this, the SEA-RDC-02 computer is configured as an independent Root Certificate Authority. The server authentication certificate is issued to two RRAS servers. In the production environment, this will bring adverse effects, but it is conducive to testing.

The IP address solution 8 for each site (example of the MSM logical architecture) is shown in.