The construction of the domain environment of small and medium network--first quarter (Networking scheme)

where I am City from the capital (Wuhan) Although very close, only a small city of three or four lines. I do it network this line also has more than 10 years of time, in this small city, whether it is a public institution or enterprise units have a very small domain environment, almost all of the Working Group intranet environment. Even if some units start to build a domain environment, the slow domain-control server becomes obsolete over time and changes back to the workgroup model .

the Workgroup Desktop Network architecture does have the advantages of simple installation, low network resource consumption, but too many drawbacks:

1, the network security is low.

2, centralized management is not convenient.

3, public application configuration cumbersome.

4, no permission configuration.

So it is simple and convenient for managers to start using, but with the increasing number of applications, the virus is more and more, more and more permissions, you can only be tired to cope, only to put you to the paralysis.

What are the advantages of the domain environment?

1, easy to manage. In a domain, each domain user account can log on to a domain on any computer in the domain that allows local logons, as long as the computer is in the same network as the DC. The user's desktop environment and other account configuration will not be different because the domain supports the global roaming user profile because it does not log on on different computers. This greatly facilitates the user's network access.

2, higher security. Because the domain's global user account and security policy are both configured and managed on one or a few DCs, the security of these configurations is higher and less susceptible to attack and decryption than the workgroup network. Similarly, enterprise network data is more secure because user data in the domain can be stored on one or a few servers.

3, network access more convenient. Domain is a single sign-on approach, users only need to log on to a domain user domain account, you can unlimited access to all network resources allowed to access, without having to repeatedly enter different account information for authentication.

After we set up the rights management in a domain environment, all network resources, including the users, are maintained on the DC (domain controller) for easy centralized management. All users log in to the domain, the domain can be authenticated, managers can better manage the computer resources, the cost of managing the network is greatly reduced. We can only allow administrators to specify certain software on a DC (domain controller) to install, which can enhance client security, prevent unauthorized people from installing software on the client,   Reduce client failures and reduce maintenance costs. In favor of the organization of confidential data management, such as some of the drive can only allow authorized users to access, some files may be allowed to see, but can not be deleted or modified. You can also upgrade a system patch directly on a DC (domain controller) (such as Windows   updates

of course, the domain environment is not without shortcomings, it is the early deployment of some trouble, the normal maintenance of the latter need to have a certain level of technical network management personnel (in fact, do not need the level of how high, the problem in the domain environment to ask the next Niang or buy this ad configuration guide has a good answer).

Here I would like to set up a small and medium-sized network in the domain environment experiment, to initially teach you to understand the domain environment of the LAN is how. First of all, I draw a network topology map of the domain environment, I will follow this topology map to explain to you. Such as:

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/89/DB/wKioL1gf-8ziY51WAACda6jIK5U487.jpg "title=" Domain environment topology diagram. jpg "width=" "height=" 814 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:814px; "alt=" Wkiol1gf-8ziy51waacda6jik5u487.jpg "/>

Based on this domain environment topology diagram, I used the VMware Workstation and ENSP two tools, the ad domain and the Web server using the win2012 R2 operating system, the extranet firewall using win2008 R2 and TMG to build, Teaching and office use Win7 and WinXP respectively, the core switch uses the ENSP to simulate .

1, in the intranet I use the Teaching (Jiaoxue) 192.168.20.0/24, Office (office) 192.168.50.0/24. Two different networks represent different departments, and in the real environment you can divide different segments according to different departments and do different permissions.

2, in the AD domain server I use the address of 10.10.10.2/24, and also installed on the above DNS, DHCP, FTP, CA and other role services. In real-world environments you can also install them on different servers.

3, on the external network firewall I installed three network cards, respectively connected LAN (10.10.10.3/24) zone, DMZ (172.16.17.2/24) zone, Wan (192.168.1.120, 24) region.

4, Web server I use the address of 172.16.17.3/24, connected to the DMZ area of the firewall. In a real environment, if it is a Web site that is to be served externally, it is recommended to deploy it in the DMZ area of the firewall, which acts as a security guard.

   5, I use vmnet1 (DMZ zone 172.16.17.0/24), VMnet2 (teaching area 192.168.20.0/24), VMnet3 (office area 192.168.50.0/24), VMNET4 (server 10.10.10.0/24).

   6, I use vmnet2, vmnet3, vmnet4.

"Not yet adjourned"

The construction of the domain environment of small and medium network--first quarter (Networking scheme)