Exam 70-414: Implementing an Advanced Server Infrastructure
Skills Measured:
-
This exam measures your ability to accomplish the technical tasks listed below.The percentages indicate the relative weight of each major topic area on the exam.The higher the percentage, the more questions you are likely to see on that content area on the exam. The information after “This objective may include but is not limited to” is intended to further define or scope the objective by describing the types of skills and topics that may be tested for the objective. However, it is not an exhaustive list of skills and topics that could be included on the exam for a given skill area. You may be tested on other skills and topics related to the objective that are not explicitly listed here.
Manage and maintain a server infrastructure (25–30%)
- Design an administrative model
- Design considerations, including user rights and built-in groups; design a delegation of administration structure for Microsoft System Center 2012 R2; design self-service portals by using System Center Service Manager; delegate rights for managing private cloud by using AppController and System Center Virtual Machine Manager
- Design a monitoring strategy
- Design considerations including monitoring servers using Audit Collection Services (ACS) and System Center Global Service Monitor, performance monitoring, application monitoring, centralized monitoring, and centralized reporting; implement and optimize System Center 2012 – Operations Manager management packs; plan for monitoring Active Directory
- Plan and implement automated remediation
- Create an Update Baseline in Virtual Machine Manager; implement a Desired Configuration Management (DCM) Baseline; implement Virtual Machine Manager integration with Operations Manager; configure Virtual Machine Manager to move a VM dynamically based on policy; integrate System Center 2012 for automatic remediation into your existing enterprise infrastructure; design and implement a Windows PowerShell Desired State Configuration (DSC) solution
Plan and implement a highly available enterprise infrastructure (25–30%)
- Plan and implement failover clustering
- Plan for and implement multi-node and multi-site clustering including the use of networking storage, name resolution, and Global Update Manager (GUM); design considerations including redundant networks, network priority settings, resource failover and failback, heartbeat and DNS settings, Quorum configuration, storage placement and replication, and cluster aware updates
- Plan and implement highly available network services
- Plan for and configure Network Load Balancing (NLB); design considerations including fault-tolerant networking, multicast vs. unicast configuration, state management, and automated deployment of NLB using Virtual Machine Manager service templates
- Plan and implement highly available storage solutions
- Plan for and configure storage spaces and storage pools; design highly available, multi-replica DFS namespaces; plan for and configure multi-path I/O (MPIO); configure highly available iSCSI Target and iSNS Server; plan for and implement storage using RDMA and SMB multi-channel
- Plan and implement highly available roles
- Plan for a highly available Dynamic Host Configuration Protocol (DHCP) Server, Hyper-V clustering, Continuously Available File Shares, and a DFS Namespace Server; plan for and implement highly available applications, services, and scripts using Generic Application, Generic Script, and Generic Service clustering roles
- Plan and implement a business continuity and disaster recovery solution
- Plan a backup and recovery strategy; planning considerations including Active Directory domain and forest recovery, Hyper-V replica including using Microsoft Azure Site Recovery, domain controller restore and cloning, and Active Directory object and container restore using authoritative restore and Recycle Bin; plan for and implement backup and recovery by using System Center Data Protection Manager (DPM)
Plan and implement a server virtualization infrastructure (25–30%)
- Plan and implement virtualization hosts
- Plan for and implement delegation of virtualization environment (hosts, services, and VMs), including self-service capabilities; plan and implement multi-host libraries including equivalent objects; plan for and implement host resource optimization; integrate third-party virtualization platforms; deploying Hyper-V hosts to bare metal
- Plan and implement virtual machines
- Plan for and implement highly available VMs; plan for and implement guest resource optimization including shared VHDx; configure placement rules; create Virtual Machine Manager templates
- Plan and implement virtualization networking
- Plan for and configure Virtual Machine Manager logical networks, including virtual switch extensions and logical switches; plan for and configure IP address and MAC address settings across multiple Hyper-V hosts, including network virtualization; plan for and configure virtual network optimization; plan and implement Windows Server Gateway; plan and implement VLANs and pVLANs; plan and implement virtual machine (VM) networks; plan and implement converged networks
- Plan and implement virtualization storage
- Plan for and configure Hyper-V host clustered storage; plan for and configure Hyper-V virtual machine storage including virtual Fibre Channel, iSCSI, and shared VHDx; plan for storage optimization; plan and implement storage using SMB 3.0 file shares
- Plan and implement virtual machine movement
- Plan for and configure live and storage migration between Hyper-V hosts; plan for and manage P2V and V2V; plan and implement virtual machine migration between clouds
- Manage and maintain a server virtualization infrastructure
- Manage dynamic optimization and resource optimization; integrate Operations Manager with System Center Virtual Machine Manager and System Center Service Manager; update virtual machine images in libraries; plan for and implement backup and recovery of virtualization infrastructure by using System Center Data Protection Manager (DPM)
Design and implement identity and access solutions (20–25%)
- Design a Certificate Services infrastructure
- Design a multi-tier Certificate Authority (CA) hierarchy with offline root CA; plan for multi-forest CA deployment; plan for Certificate Enrollment Web Services and Certificate Enrollment Policy Web Services; plan for Network Device Enrollment Services (NDES); plan for certificate validation and revocation; plan for disaster recovery; plan for trust between organizations including Certificate Trust Lists (CTL), cross certifications, and bridge CAs
- Implement and manage a Certificate Services infrastructure
- Configure and manage offline root CA; configure and manage Certificate Enrollment Web Services and Certificate Enrollment Policy Web Services; configure and manage Network Device Enrollment Services; configure Online Certificates Status Protocol (OCSP) responders; migrate CA; implement administrator role separation; implement and manage trust between organizations including Certificate Trust Lists (CTL), cross certifications, and bridge CAs; monitor CA health
- Implement and manage certificates
- Manage certificate templates; implement and manage certificate deployment, validation, renewal, revocation, and publishing including Internet-based clients, CAs, and network devices; configure and manage key archival and recovery
- Design and implement a federated identity solution
- Plan for and implement claims-based authentication including planning and implementing Relying Party Trusts; plan for and configure Claims Provider and Relying Party Trust claim rules; plan for and configure attribute stores including Active Directory Lightweight Directory Services (AD LDS); plan for and manage Active Directory Federation Services (AD FS) certificates; plan for and implement Identity Integration with cloud services; integrate Web Application Proxy with AD FS
- Design and implement Active Directory Rights Management Services (AD RMS
- Plan for highly available AD RMS deployment; plan for AD RMS client deployment; manage Trusted User Domains; manage Trusted Publishing Domains; manage Federated Identity support; upgrade or migrate AD RMS; decommission AD RMS