Contents
Overview 1
Benefits of Combining Services 2

Constraints of Combining Services 4

Securing a Design by Combining Services 6

Discussion: Combining Networking Services 8

Enhancing Availability by
Combining Services 10

Optimizing Performance by
Combining Services 13

Discussion: Enhancing Combined
Services Solutions 17

Lab A: Designing a Combined
Services Solution 19

Review 34


Module 12: Strategies
for Combining

Networking Services


Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only
means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2000 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, ActiveX, BackOffice, FrontPage, JScript, MS-DOS, NetMeeting,
PowerPoint, Visual Basic, Visual C++, Visual Studio, Win32, Windows, Windows Media,
Windows NT, are either registered trademarks or trademarks of Microsoft Corporation in the
U.S.A. and/or other countries/regions.

Project Lead: Don Thompson (Volt Technical)
Instructional Designers: Patrice Lewis (S&T OnSite), Renu Bhatt NIIT (USA) Inc.
Instructional Design Consultants: Paul Howard, Susan Greenberg
Program Managers: Jack Creasey, Doug Steen (Independent Contractor)
Technical Contributors: Thomas Lee, Bernie Kilshaw, Joe Davies
Graphic Artist: Kirsten Larson (S&T OnSite)
Editing Manager: Lynette Skinner

Editor: Kristen Heller (Wasser)
Copy Editor: Kaarin Dolliver (S&T Consulting)
Online Program Manager: Debbi Conger
Online Publications Manager: Arlo Emerson (Aditi)
Online Support: Eric Brandt (S&T Consulting)
Multimedia Development: Kelly Renner (Entex)
Test Leads: Sid Benevente, Keith Cotton
Test Developer: Greg Stemp (S&T OnSite)
Production Support: Lori Walker (S&T Consulting)
Manufacturing Manager: Rick Terek (S&T OnSite)
Manufacturing Support: Laura King (S&T OnSite)
Lead Product Manager, Development Services: Bo Galford
Lead Product Manager: Ken Rosen
Group Product Manager: Robert Stewart

Other product and company names mentioned herein may be the trademarks of their respective
owners.



Module 12: Strategies for Combining Networking Services iii


Instructor Notes
This module provides students with the information and decision-making
experiences needed to combine networking services in a Microsoft
®

Windows
®

2000 networking services design. Students will improve the
availability, security, and performance of networking service designs by
combining the networking services per the requirements of an organization.
At the end of this module, students will be able to:

Identify the benefits of combining networking services on a single
computer.

Improve the networking services design by specifying the appropriate
combinations of networking services.

Secure a networking services design by specifying the appropriate
combination of networking services.

Enhance the availability of networking services by specifying the
appropriate combination of services.

Optimize the performance of networking services by specifying the
appropriate combination of services.

Upon completion of the lab, students will be able to design a networking
services solution that supports the combining of networking services.
Course Materials and Preparation
This section provides you with the required materials and preparation tasks that
are needed to teach this module.
Required Materials
To teach this module, you need the following materials:

Microsoft PowerPoint
®

file 1562B_12.ppt

Preparation Tasks
To prepare for this module:

Review the contents of this module.

Read any relevant information in the Windows 2000 Help files, the
Windows 2000 Resource Kit, or documents provided on the Instructor CD.

Review discussion material and be prepared to lead class discussions on the
topics.

Complete the lab and be prepared to elaborate beyond the solutions found
there.

Read the review questions and be prepared to elaborate beyond the answers
provided in the text.

Presentation:
60 Minutes

Labs:
30 Minutes
iv Module 12: Strategies for Combining Networking Services


Module Strategy
Use the following strategy to present this module:


Benefits of Combining Services
By combining multiple networking services on a single Windows 2000–
based computer, you simplify the network and use hardware resources
efficiently. Explain that by combining the networking services on a
computer, the number of computers in a network can be reduced, and the
security, availability, and performance of the networking services design
can be improved.

Constraints of Combining Services
Point out that hardware resources, network topology, and applications are
major constraints in combining applications.

Securing a Design by Combining Services
Usually, services can be combined on a computer that is within the private
network. Point out that combining networking services on computers that
establish or reside within screened subnets can compromise the security of
the network design.

Discussion: Combining Networking Services
Ensure that students understand the scenario description and directions for
the Discussion. Direct them to read through the scenario and answer the
questions. Be prepared to clarify if necessary. Lead a class discussion on the
students’ responses.

Enhancing Availability by Combining Services
When combining multiple services on a single computer, the availability of
that computer becomes essential for network operation. Emphasize that the
availability of networking services can be enhanced by combining services
on computers that have signed drivers and stable, third-party software.
Explain the guidelines for combining networking services that are cluster-

aware.

Optimizing Performance by Combining Services
The resources used on a computer can be increased by combining the
networking services on that computer. The performance of each networking
service is based on the availability of resources to the service. Explain the
use of combinations that reduce network traffic and avoid resource
contention.

Discussion: Enhancing Combined Services Solutions
Make sure that students understand the scenario description and directions
for the Discussion. Direct them to read through the scenario and answer the
questions. Be prepared to clarify if necessary. Lead a class discussion on the
students’ responses.

Module 12: Strategies for Combining Networking Services v


Lab Strategy
Use the following strategy to present this lab.
Lab A: Designing a Combined Services Solution
In the lab, students will design a routing solution based on specific
requirements outlined in the given scenario.
Students will review the scenario and the design requirements and read any
supporting materials. They will use this information, and the knowledge gained
from the module, to develop a detailed design by combining networking
services.
To conduct the lab:

Read through the lab carefully, paying close attention to the instructions and

to the details of the scenario.

Consider dividing the class into teams of two or more students.

Present the lab and make sure students understand the instructions and the
purpose of the lab.

Direct students to use the planning worksheet to record their solutions.

Remind students to consider any functionality, security, availability, and
performance criteria provided in the scenario and how they will incorporate
strategies to meet these criteria in their design.

Allow some time to discuss the solutions after the lab is completed. A
solution is provided in your materials to assist you in reviewing the lab
results. Encourage students to critique each other’s solutions and to discuss
any ideas for improving their designs.



Module 12: Strategies for Combining Networking Services 1


Overview

Benefits of Combining Services

Constraints of Combining Services

Securing a Design by Combining Services


Discussion: Combining Networking Services

Enhancing Availability by Combining Services

Optimizing Performance by Combining Services

Discussion: Enhancing Combined Services Solutions


By combining multiple networking services on a single Microsoft
®
Windows
®

2000–based computer, you simplify the network and use hardware resources
efficiently. Dedicating individual computers to single networking services
increases the number of computers in the network. When more computers are
added to the network, the administration and ongoing support for a network
becomes more complex.
In addition, by combining certain networking services, you improve the
security, availability, and performance of the networking services design. In
this module, you will evaluate and create designs that combine networking
services on a single computer.
At the end of this module, you will be able to:

Identify the benefits of combining networking services on a single
computer.

Improve the networking services design by specifying the appropriate

combinations of networking services.

Secure a networking services design by specifying the appropriate
combination of networking services.

Enhance the availability of networking services by specifying the
appropriate combination of services.

Optimize the performance of networking services by specifying the
appropriate combination of services.

Slide Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module, you will
evaluate and create
networking services designs
that combine networking
services on a single
computer.
2 Module 12: Strategies for Combining Networking Services


Benefits of Combining Services

Reducing the Number of Computers

Improving Security, Availability, and Performance

Subnet A
Server A1
Internet
Server A2
Router
Subnet B
Screened
Subnet D
Screened
Subnet C
Server B1
Server D1
Server D2
Server C1
Server C2
Proxy
Servers
Server
Cluster


You can combine multiple networking services on a single computer to reduce
the network management. When combining networking services on a single
computer, you must also consider its impact on the security, availability, and
performance of the network.
Reducing the Number of Computers
You can optimize your network design by combining multiple networking
services, which reduces the number of computers in the design. Combining
services on a computer also reduces the management of the network because
there are fewer computers to monitor and maintain.

Combine services to reduce the number of computers in your network design if:

Combining the services improves or achieves the design criteria for the
security, availability, and performance of the network.

The existing computer hardware resources can support the combined
services.

The organization’s goal is to reduce the number of computers that it must
manage and maintain.

In the preceding illustration, Server A1 is running DNS and Server A2 is
running DHCP. If the hardware resources of Server A1 are sufficient to support
DNS and DHCP, you can combine DNS and DHCP on Server A1. This
eliminates the requirement for Server A2, or allows Server A2 to act as a
redundant server to Server A1.
Slide Objective
To describe the benefits of
combining services on a
single computer.
Lead-in
You can combine multiple
networking services on a
single computer to reduce
the number of computers
that you must manage in the
network.
Delivery Tip
Refer to the slide when
explaining the scenario.


Tell the students that all of
the topics in this module
refer to the same scenario
and the relevant portions
are highlighted on the slide.
Module 12: Strategies for Combining Networking Services 3


Improving Security, Availability, and Performance
The goal of combining networking services is not just to reduce the number of
computers in your network design, but to also optimize your network design.
You can optimize your networking services design to improve the security,
availability, and performance of network resources.
The following table describes the situations in which combining networking
services on the same computer can improve the security, availability, and
performance of your network resources.
To improve Combine the services to Example

Security Isolate the networking services
that manage confidential data
When combining a remote
access server with a DNS
server that contains public zone
data in a screened subnet
Availability Reduce the probability of a failure
that results in the loss of the
networking service
When combining WINS and
DHCP on a server cluster

Performance Reduce the network traffic, or
optimize the computer resources
that are underused
When combining WINS and
DNS on the same computer

You need to identify the primary reason for combining the networking services,
and then prioritize secondary reasons accordingly. Ensure that you always
achieve the primary reason, even at the expense of one of the secondary
reasons.
For example, in network designs in which security is a primary concern, ensure
that the combination of networking services enhances the security of the
network. After you have dealt with the security concerns, you can address the
availability and performance concerns accordingly.

All of the topics in this module refer to the same scenario and the
relevant portions are highlighted on the slide.

Note
4 Module 12: Strategies for Combining Networking Services


Constraints of Combining Services

Hardware Resources

Physical Networks

Applications



The architecture of Windows 2000 allows you to combine the networking
services on a single computer. Typically, you can set up any combination of
networking services on a single computer by following a few guidelines.
Hardware Resources
The computer hardware resources are the most common constraint in
combining networking services on a single computer. Each networking service
requires different hardware resources. Some services require a large amount of
memory resources, whereas other services are processor-intensive.

As a best practice, you can combine services on a single computer until the
hardware resources of the computer are fully used.

Physical Networks
The physical network can constrain the combination of networking services
because combining the networking services can create an increase in network
traffic. The increase in network traffic can saturate intermediary routers or wide
area network (WAN) segments.
You can combine services on the same computer in your network design if:

The clients that access the combined services reside in the same geographic
location as the computer that runs the combined services.

The intermediary routers and network segments can support the increase in
traffic when clients access the combined services from a remote segment.

Slide Objective
To describe the constraints
to be considered while
combining networking

services in a network
design.
Lead-in
You can combine multiple
networking services on a
single computer by following
a few guidelines.
Tip
Module 12: Strategies for Combining Networking Services 5


Applications
Applications running on existing computers can prevent you from combining
some networking services. Applications may consume all of the hardware
resources and may require periodic restart of the computer for updates to the
application.

As a best practice, avoid combining networking services on the same
computer as application servers such as Microsoft SQL Server
™
or Microsoft
Exchange Server.

Tip
6 Module 12: Strategies for Combining Networking Services


Securing a Design by Combining Services
Subnet A
Internet

Server A2
Subnet B
Server B1
Server
Cluster
Server C1
Server C2
Proxy
Servers
Server D1
Server D2
Router
Server A1
Screened
Subnet D
Screened
Subnet C


In your networking services design, you include combinations of networking
services that improve network security. Usually, you combine services on a
computer that is within the private network.
Combining networking services on computers that establish or reside within
screened subnets can compromise the security of your network design. Proxy
servers and routers are examples of these computers.
Combining Services Within the Private Network
Any computer that resides within the private network is at the lowest security
risk within the organization. The risk is low because access to these computers
is granted to only authenticated users within the organization. Because the
computer resides within the private network, the security risks for combining

services on this computer are addressed by the private network security.
Combining Services Within Screened Subnets
Any computer that resides within a screened subnet is at a higher security risk
than a computer within the private network because access to the computers
within screened subnets is granted to users outside the organization.
Within screened subnets, combine services on the same computer if all of the
users that access the computer:

Are at the same security level.

Require access to all of the networking services running on the computer.

Slide Objective
To introduce the guidelines
for combining networking
services to secure a network
design.
Lead-in
You can combine
networking services to
improve network security.
Point out the red/dark circles
on the slide to explain which
services to combine for
securing a network design.
Module 12: Strategies for Combining Networking Services 7


When combining services on the same computer within a screened subnet,
consider that:


After a user can communicate with that computer, all services are
potentially at risk to unauthorized access.

Most networking services store configuration information in the
Windows 2000 registry, or in files on the computer. Without proper security
measures, unauthorized users can gain access to the registry or these
configuration files and modify the configuration of the networking service.

In the preceding illustration, consider combining DHCP, Routing and Remote
Access, and Remote Authentication Dial-In User Service (RADIUS) on Server
D1. If the users accessing Server D1 require access to only Routing and Remote
Access and RADIUS, the DHCP service is at risk from unauthorized access. To
prevent unauthorized access to DHCP, you must remove the DHCP services.
Isolating Services That Define Screened Subnets
Computers that run services used in defining screened subnets (such as
Microsoft Proxy Server or Routing and Remote Access), are at the highest
security risk in your design because unauthorized users can access them. When
combining services on these computers, you must consider the risks involved in
unauthorized users accessing these services.

On computers that connect to public networks, combine only those
services that are required to define the screened subnet.

In the preceding illustration, consider combining Microsoft Proxy Server and
DNS on one of the proxy server computers. The DNS service on the Proxy
Server will be at risk because unauthorized users outside the private network
might be able to access the DNS zone database.
Ti
p

8 Module 12: Strategies for Combining Networking Services


Discussion: Combining Networking Services
Seattle
Los Angeles
Dallas
Winnipeg
Toronto
Montreal
New York
Washington DC
Atlanta
Kansas City



To create designs in which you combine networking services, you need to
determine the networking services to include in the design and how you will
combine the networking services. This discussion involves designing basic
combinations of networking services. During the discussion, note any ideas
presented by other students in the class that are relevant to the solution.
The following scenario describes the current network configuration of a
telemarketing company. Read the scenario and answer the questions. Be
prepared to discuss your answers with the class.
Scenario
A telemarketing research company conducts studies to collect demographics on
potential consumers for other organizations’ products and services. At each
location, a group of market research analysts conduct telephone interviews to
determine the purchasing decisions of the target consumer profile. Each

location has a dedicated T1 or T3 connection to the Internet.
The market research analysts use a Web-based application for call tracking and
recording of the consumer responses. The organizations that are funding the
study can examine the results over the Internet by using a Web-based
application, or they access the data directly from a Microsoft SQL Server
™

located in the Kansas City location.
Slide Objective
To evaluate the decisions
involved in designing
combined networking
services solutions.
Lead-in
To design a solution that
combines networking
services, you must decide
on the required networking
services and how you will
combine these services.
Delivery Tip
Read the scenario to the
students and review the
questions as a group. Give
the students time to
consider their answers and
then lead a discussion
based on their responses.
Remind the students that
there can be more than one

possible solution to the
scenario.
Module 12: Strategies for Combining Networking Services 9


Questions
1. The telemarketing research company will deploy Windows 2000 and will
use the Active Directory
™
directory service to provide directory services.
Which networking services that are provided by Windows 2000 could you
recommend to the company?
You could include the following networking services:
• DHCP
• DNS
• WINS
• Routing and Remote Access (routing)
• Proxy Server


2. The director of information services has requested that you optimize the
design to reduce the number of computers. What combinations of the
networking services would you recommend to reduce the number of
computers?
You could set up any combination of DHCP, DNS, and WINS on the
same computer.


3. Which services would you recommend combining or isolating from one
another to improve the security of the combined services solution?

Isolate Routing and Remote Access from the other networking services.
Isolate Proxy Server from the other networking services.



10 Module 12: Strategies for Combining Networking Services






Enhancing Availability by Combining Services

Combining with Signed Drivers and Third-Party
Software

Combining with Windows Clustering


If you combine multiple services on a single computer, the availability of that
computer becomes essential for network operation. If you combine services to
meet the high availability requirement of specific networking services, you
must select a combination of services that ensures the availability of the
required services.
You can increase the availability of services combined on a single computer
with hardware fault-tolerance solutions. You can also enhance the availability
of the networking services by:

Combining services on computers that have signed device drivers, signed

applications, signed services, and stable, third-party software.

Combining the networking services with Windows Clustering technologies.

Slide Objective
To describe the impact of
combining networking
services on the availability
of the services.
Lead-in
If you combine multiple
services on a single
computer, the availability of
that computer becomes
essential for network
operation.