When I first started the network was a 100mb switched network. The infrastructure consisted of a single vlan that spanned two buildings and was assigned range of approximately 2000 IP addresses. About 90% of the addresses were either statically assigned in the OS or reserved through DHCP. DHCP services were provided by the main campus IT by a home-grown application that integrated with LDAP. DNS services were provided by SOECS staff and hosted multiple engineering domains as well as the SOECS Active Directory DNS infrastructure.
The active directory is composed of two sites, the vlan in Lawrence and the vlan at the Edward’s campus. Two domain controllers reside on the Lawrence campus and on at Edward’s. All domain controllers are Windows Server 2003 and the domain was at a Windows Server 2000 functional level. GPO’s were used primarily for delivering batch scripts for logon, as well as policy that configured the local firewall. No firewall protection was provided to the 500+ clients outside of the firewall product that was either integrated into the OS, or delivered through some third-party.
Applications were delivered to each computer manually. There was no software life-cycle to speak of and none of the applications were managed remotely. Computers were imaged using Ghost, the image was created from a master computer with all requisite software installed. None of the computer images were prepared with Sysprep, this resulted in nearly all the computers imaged in this fashion were unable to be managed remotely.
A large number of projects commenced:
· ANSR to Proteus migration
· Manual to GPO delivered applications
· Computer imaging with Windows Deployment Services
· Implement VLAN’s
· Implement Firewall
· SOECS Reorganization
· New VM Hardware
In order to create VLAN’s and move behind the firewall we needed to fully document our IP usage so could best determine the structure of our environment. A bulk import of our ANSR data was performed and then moving from a large static pool of addresses to managed pools that related to our new environment started. It took the entire summer to document the hardware attached to the network as main campus has no capability to provide anything close to current data and location of devices. This project is mostly complete as we are still finding a handful of “new” devices every couple of months.
With everything moved into Proteus we were able to start the migration of the management groups into VLAN’s. The first to move into a new VLAN was the lab computers, this occurred during the summer imaging. Once the lab VLAN was proven to be fully functional we then moved to carving out VLAN’s for our other management groups. The bulk of this project will complete over the course of the current school year.
Nearly 100% of the 113 engineering applications were either re-packaged with the AdminStudio or integrated into base images that were deployed through imaging. The sheer number of GPO’s required to implement this environment, necessitated looking to other ways of delivering applications, so the System Center Configuration Manager package was purchased.
A new deployment server was built using Windows Deployment Services. PXE integration with the Proteus DHCP proved very problematic but using the Windows PE environment we were able to create USB boot keys that virtually eliminate the need for PXE. 100% of the labs were imaged using the new deployment server and applications for the most part installed quite nicely. Considering the large number of supported applications we had at most 1% of our applications fail to work properly, these were later resolved.
The SOECS domain was reorganized throughout the summer and now closely resembles the VLAN structure. This project will be ongoing throughout the rest of this school year.
Two new Servers that run the VMware ESXi product were purchased. The following servers are currently running on one or the other of the new hardware AD Domain Controllers, External Web Services, Sharepoint Intranet site, Windows Update Services, System Center Configuration Manager, Quickbooks Server, and Secure FTP.