In this video I will be deploying a PKI Offline Root CA on Windows Server 2019. This episode is apart of my video series on building an enterprise network.
In this episode I will be deploying a WSUS server running on Microsoft Windows Server 2019 leveraging virtualization using VMware ESXi and vCenter. WSUS will be used to pull patching down from the Microsoft’s servers so internal SECNET servers can install patches. This server will help to ensure servers that do not require internet access remain blocked from it.
In this episode I will be building two Linux DNS and NTP servers using Ansible based on CentOS 8.0. This episode is a part of my video series on Building an Enterprise Network that I call Secured Enterprise Core Network (SECNET). The DNS and NTP servers will be used as a relay to reduce and prevent systems like the Active Directory Domain Controllers from reaching directly out to the Internet.
— Video Content —
00:00 – Intro
00:37 – Configure Palo Alto Firewall Security Policies
7:58 – Adding DNS & NTP A records to AD DNS Servers
12:54 – Review Palo Alto Firewall Security Policies
15:35 – Deploying HQDNS1 and HQDNS2 (VMware Template)
18:45 – Initial Configuration for HQDNS1
20:35 – Initial Configuration for HQDNS2
22:15 – Configuring Ansible Inventory and Config File
26:15 – Joining Linux Servers (HQDNS[1,2]) to AD Domain with Ansible
27:55 – Reviewing Ansible DNS Server Role
30:15 – Running Ansible DNS Server Role
30:55 – Validate Ansible Role Ran Successfully
33:30 – Configure Active Directory DNS Servers
39:40 – Update Palo Alto Firewall DNS and NTP Servers
42:49 – Outro
In this episode I will be deploying a CentOS 8.0 Linux Management Server using Ansible automation. This episode is apart of my video series on building an enterprise network.
In this episode, I will be deploying an Windows-based Admin (Management) server that will serve to manage and administer the Secure Enterprise Core Network (SECNET). This server will aid in providing additional security by preventing non-administrator users from accessing servers or services they are unauthorized from accessing. Additionally, I will be promoting a second Active Directory domain controller.