Trening govori o konfiguraciji naprednih usluga Windows Servera koristeći lokalne (engl. on-premises), hibridne i tehnologije u oblaku (eng. cloud). Na ovom tečaju IT profesionalci će naučiti kako iskoristiti hibridne mogućnosti Azurea, kako premjestiti radna opterećenja virtualnog i fizičkog poslužitelja na Azure IaaS i kako osigurati Azure VM-ove koji koriste Windows Server.
IT profesionalci će tijekom treninga usvojiti vještine i znanja vezane uz visoku dostupnost (engl. high availability), rješavanje problema (engl. troubleshooting) i oporavak od katastrofe (engl. disaster recovery). Tečaj naglašava administrativne alate i tehnologije uključujući Windows Admin Center, PowerShell, Azure Arc, Azure Automation Update Management, Microsoft Defender for Identity, Azure Security Center, Azure Migrate i Azure Monitor.
Kome je namijenjeno
Server administratorima koji imaju iskustva u radu s Windows Serverom i žele proširiti mogućnosti svojih lokalnih (engl. on-premises) okruženja kombiniranjem lokalnih i hibridnih tehnologija. Server administratorima koji već implementiraju i upravljaju lokalnim osnovnim tehnologijama, koji žele osigurati i zaštititi svoje okoline, migrirati virtualna i fizička radna opterećenja na Azure IaaS, omogućiti visoko dostupno, potpuno redundantno okruženje i obavljati nadzor i rješavanje problema.
Preduvjeti
- Iskustvo upravljanja Windows Serverom u lokalnim (engl. on-premises) okruženjima, uključujući AD DS, DNS, DFS, Hyper-V te sustava pohrane podataka.
- Iskustvo u radu s alatima za upravljanje servisima poput AD DS, DNS, DFS, Hyper-V.
- Osnovno poznavanje Microsoftovih tehnologija za pohranu, umrežavanje i virtualizaciju.
- Iskustvo u radu sa i razumijevanje osnovnih tehnologija umrežavanja kao što su IP adresiranje, name resolution i DHCP.
- Razumijevanje i iskustvo u radu s Microsoft Hyper-V-om i osnovnim konceptima virtualizacije.
- Svijest o sigurnosnim najboljim praksama.
- Osnovno razumijevanje sigurnosnih tehnologija (vatrozidovi, enkripcija, višefaktorska autentifikacija, SIEM/SOAR).
- Osnovno znanje o lokalnoj servisima kao što su Failover Clustering i Storage Spaces.
- Osnovno iskustvo s implementcijom i upravljanjem IaaS uslugama u Microsoft Azureu.
- Osnovno poznavanje Azure Active Directorya.
- Iskustvo praktičnog rada sa Windows klijentskim operativnim sustavima kao što su Windows 10 ili Windows 11.
- Osnovno iskustvo sa Windows PowerShellom.
- Razumijevanje koncepata koji se odnose na tehnologije Windows Servera kao što su visoka dostupnost i oporavak od katastrofe, automatizacija, monitoring i rješavanje problema.
Nastavni plan
Pregledaj
- Module 1: Secure Windows Server user accounts Protect your Active Directory environment by securing user accounts to least privilege and placing them in the Protected Users group. Learn how to limit authentication scope and remediate potentially insecure accounts. After completing this module, students will be able to:
- Configure and manage user accounts to limit security threats across an organization
- Apply Protected Users settings, policies, and authentication silos to protect highly privileged user accounts
- Describe and configure Windows Defender Credential Guard
- Configure Group Policy to block the use of NTLM for authentication
- Manage local administrator passwords using Local Administrator Password Solution
- Limit administrative access to Privileged Access Workstations (PAWs)
- Explain how to secure domain controllers from being compromised
- Describe how to use the Microsoft Security Compliance Toolkit to harden servers
- Secure SMB traffic using SMB encryption
- Describe the role of Windows Server Update Services (WSUS)
- Describe the WSUS update management process
- Deploy updates with WSUS
- Describe split-horizon DNS and explain how to implement it
- Create DNS policies
- Implement DNS policies
- Describe the options for protecting the DNS server role
- Implement DNS security
- Implement Network Security Groups (NSGs) with Windows Server IaaS VMs
- Implement adaptive network hardening
- Implement Azure Firewall
- Implement Windows Defender Firewall in Windows Server IaaS VMs
- Choose an appropriate filtering solution
- Capture network traffic with Network Watcher
- Describe Azure Security Center
- Enable Azure Security Center in hybrid environments
- Onboard Windows Server computers to Azure Security Center
- Implement and assess security policies
- Describe Azure Sentinel
- Implement SIEM and SOAR
- Protect your resources with Azure Security Center
- Describe Azure updates
- Enable Update Management
- Deploy updates
- Review an update assessment
- Manage updates for your Azure VMs
- Enable Adaptive application controls
- Implement adaptive application control policies
- Describe Azure Disk Encryption
- Configure Key Vault to support Azure Disk Encryption
- Explain how to encrypt Azure IaaS VM hard disks
- Back up and recover encrypted data from IaaS VM hard disks
- Implement Change Tracking and Inventory
- Manage Change Tracking and Inventory
- Manage tracked files
- Implement File Integrity Monitoring
- Select and monitor entities
- Use File Integrity Monitoring
- Describe the functionality of CSV
- Describe the architecture and components of CSV
- Implement CSV
- Describe Windows Server failover clustering
- Implement Windows Server failover clustering
- Manage Windows Server failover clustering
- Implement stretch clusters
- Describe cluster sets
- Describe the Hyper-V high availability options
- Describe Hyper-V VMs load balancing
- Implement Hyper-V VMs live migration
- Implement Hyper-V VMs storage migration
- Provide a high-level overview of Windows Server File Server high-availability options
- Describe the characteristics of, and high-level implementation steps for Cluster Shared Volumes (CSV)
- Describe the characteristics of, and high-level implementation steps for Scale-Out File Server (SOFS)
- Describe the characteristics of, and high-level implementation steps for Storage Replica
- Describe virtual machine scale sets
- Implement scaling
- Implement load-balancing virtual machines
- Implement Azure Site Recovery
- Describe Hyper-V Replica, pre-requisites for its use, and its high-level architecture and components
- Describe Hyper-V Replica usage scenarios, available replication settings, and security considerations
- Configure Hyper-V Replica settings, health monitoring, and failover options
- Implement Hyper-V Replica
- Describe extended replication
- Describe Site Recovery
- Implement Site Recovery
- Identify the features and protection capabilities Azure Site Recovery provides to on-premises infrastructure
- Identify the requirements for enabling protection of on-premises infrastructure
- Describe Azure Backup
- Implement Recovery Vaults
- Implement Azure Backup policies
- Recover Windows IaaS VMs
- Perform file and folder recovery
- Perform backup and recovery of on-premises workloads
- Explain how to manage Azure VM backups with Azure Backup
- Protect Azure virtual machines with Azure Site Recovery
- Run a disaster recovery drill to validate protection
- Failover and failback your virtual machines
- Identify the scenarios for which Azure Backup provides backup and restore capabilities
- Backup and restore an Azure virtual machine
- Compare upgrading an AD DS forest and migrating to a new AD DS forest
- Describe how to upgrade an existing AD DS forest
- Describe how to migrate to a new AD DS forest
- Describe Active Directory Migration Tool (ADMT)
- Describe Storage Migration Service and its usage scenarios
- Identify the requirements for using Storage Migration Service
- Describe how to migrate a server with storage migration
- List the considerations for using Storage Migration Service
- Describe the Windows Server Migration Tools
- Use the migration tools to migrate specific Windows Server roles
- Plan your migration
- Describe Azure Migrate
- Migrate server workloads using Windows Server Migration Tools
- Assess physical servers with Azure Migrate
- Migrate on-premises servers to Azure
- Describe Windows Server IaaS migration
- Explain how to migrate workloads using Windows Server Migration tools
- Describe storage migration
- Migrate file servers by using the Storage Migration Service
- Discover and containerize your ASP.NET app running on Windows machines using Azure Migrate: App Containerization
- Build a container image for your ASP.NET application
- Deploy your containerized application to Azure App Service using Azure Migrate: App Containerization
- Use built-in tools in Windows Server to monitor server performance
- Understand the fundamentals of server performance tuning
- Describe event logs
- Use Server Manager and Windows Admin Center to - Review event logs
- Implement custom views
- Configure an event subscription
- Audit Windows Server events
- Configure Windows Server to record diagnostic information
- Recover the AD DS database, objects in AD DS, and SYSVOL
- Troubleshoot AD DS replication
- Troubleshoot Hybrid authentication issues
- Enable Azure Monitor for VMs
- Monitor an Azure VM with Azure Monitor
- Enable Azure Monitor in hybrid scenarios
- Collect data from a Windows computer in a hybrid environment
- Integrate Azure Monitor with Microsoft Operations Manager
- Identify metrics and diagnostic data that you can collect for virtual machines
- Configure monitoring for a virtual machine
- Use monitoring data to diagnose problems
- Evaluate Azure Monitor Logs and Azure Monitor VM Insights
- Configure a Log Analytics workspace
- Build queries from the Heartbeat and InsightsMetrics tables
- Diagnose DHCP and DNS problems in on-premises contexts
- Diagnose IP configuration and routing problems
- Implement Packet Monitor to help diagnose network problems
- Use Azure Network Watcher to troubleshoot Microsoft Azure virtual networks
- Troubleshoot VM deployment and extension issues
- Troubleshoot VM startup and performance issues
- Troubleshoot VM storage and encryption issues
- Troubleshoot connectivity to VMs
Za koji certifikat te priprema
Certifikacijski ispit: Exam AZ-801: Configuring Windows Server Hybrid Advanced Services