final year project - directory and system analysis
TRANSCRIPT
Final Year Project
Directory InfrastructureAnd System Analysis Design
Group 3
Ma Kwong Kin (101385975) Distribution: 90%
Yuen Wai Kwan (091280664) Distribution: 10%
Names and Placement of Domain ServersThe placement of the DNS servers and the number of DNS servers affects the availability of DNS. It is important to ensure that the placement of the DNS servers to allow for DNS availability and Active Directory availability.
In our project design, we are going to name the domain servers as “AD”, since it is stand for Active Directory. Active Directory is fully integrated with DNS. To be fully functional, the DNS server must support SRV resource records or service records.
To ensure that DNS is always available, we need to make sure that the DNS infrastructure does not include any single points of failure. In our LAN design, we place the pair of DNS servers on separate subnets by using virtual cluster features of Windows Server 2008 R2 to improve fault tolerance and load balancing, which will placed in the internal server farm on the 2nd floor. This configuration removes routers as potential points of failure.
Figure 1.1
Propose TWO Directory Services solutions1. OpenLDAP
OpenLDAP Software is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project. It is released under its own BSD-style license called the OpenLDAP Public License. LDAP is a platform-independent protocol. Several common Linux distributions include OpenLDAP Software for LDAP support. The software also runs on BSD-variants, as well as AIX, Android, HP-UX, Mac OS X, Solaris, Microsoft Windows (NT and derivatives, e.g. 2000, XP, Vista, Windows 7, etc.), and z/OS.
Figure 2.1
2. Active Directory ExplorerActive Directory Explorer is a viewer and editor for Active Directory databases, from Microsoft. It can be used to navigate around and modify AD entries, view schema for objects as well as perform searches. It can also save AD snapshots for offline browsing.
Figure 3.1
Comparison
Price
LDAP Admin Tool 5.0 Price: $155.00 / Shareware
Active Directory Tool 9.12.01 Price: $149.00 /Shareware
So the price of AD is a bit cheaper but not a lot.
Scalability
If we want to extend our AD schema, AD will need to add schema elements via the Active Directory Schema Editor MMC console plug-in. After that, it's pretty straightforward. Define the attributes first and then the object classes.
OpenLDAP will need to write an LDIF, which also requires attributes first and then object classes. Apache Directory Studio with OpenLDAP is an alternative GUI and admin tool which makes OpenLDAP near-AD ease of use.
AD Explorer has a default query limit of 10,000. If we want to make every query in one shot, we have to use paging controls or modify the default query limit on the domain controller. However, paging controls can be problematic, since some LDAP clients don't seem to work correctly even though they claim they support paging controls (YMMV).
In a comparison, OpenLDAP has a better scalability.
ManageabilityAs we are rather new to LDAP, we want to make it simple and easier to be managed. Now we are going to compare their manageability.
OpenLDAP is empty after installation and has no structure (called a DIT). It doesn't even have a "top" entry out of the box.
AD is going to ship with a basic structure and has the GUI tools ready for us to start populating users. We need to create the DIT by hand so we'll have to design a structure. So we have to plan out where we're going to put your users, groups and roles.
Hence, manageability of AD is better than OpenLDAP.
FunctionalityIn OpenLDAP, we can design our DIT in many ways. We can follow the domain component (dc=foo,dc=bar) convention or we can use something organized by geographic region (o=foo,c=bar).
AD Explorer uses the DC convention and doesn't have a choice but other LDAP servers can follow either convention.
However, the main OS environment of our network design is Microsoft Windows Series, using AD Explorer will be easier to adapt to.
Also, one of the advantages of AD is that it already contains user accounts for the internal users - these can be kept in synch with separate LDAP server though this adds complexity.
Decision and conclusionOverall, the functionality of OpenLDAP is better than which of the AD, but we prefer using AD since it is easier to use. In addition, we need a better manageability since our project focus on user friendly. Scalability will not be a big problem since we will try to make the project perfectly in once.
To conclude, the functionality and the scalability of OpenLDAP is better, while AD has a better price and manageability. In order to suit our knowledge and the time that we decide to spend on this part, we prefer using AD since it is easier to handle.
Directory TopologyThe following figure (Figure 4.1) shows our directory design:
Figure 4.1
Groups and Distribution ListsIn computing, the term group generally refers to a grouping of users. In our project, the primary purpose of user groups is to simplify access control to computer systems. Without groups, administrator would give each staff permission to every department directory, unless he allocate the permission on each directory. This will be very unworkable and the workload of the administrator will increase. Hence, our group design is right below (Figure 5.1):
Group name: User:
HQ The superior staff from the headquarter
ED Executive Director of the company
GM General Manager of each departments
CS The staff of Customer Services Division
Sal The staff of Sales Division
AD The staff of Administration Division
Mar The staff of Marketing Division
IT The staff of IT Division
Log The staff of Logistic Division
Admin The system admin of the AD server
Figure 5.1 The above group setting will be configured on the AD server.
A distribution list is a group of email addresses, also known as a mailing list, which allows users to email multiple people at one time.
LISTSERV is L-Soft International, Inc.'s software for managing mailing lists. It enables a large group of people to communicate effectively with one another without requiring each person to maintain a mailing list of all the other participants. Additionally, LISTSERV can archive postings in a searchable online database, send indexed digests to participants instead of individual messages, and make sets of files publicly accessible by email.LISTSERV is only one type of electronic mailing list software. Other types of shared public mailing lists include Majordomo lists, Procmail lists, and LISTPROC.
LISTSERV is effective at combating spam, a frequent problem with shared mailing lists. Since LISTSERV servers communicate with each other, when one server detects a spam file, it notifies all the other servers, so that each server can cut off the
unwanted messages.The distribution list design (Figure 6.1) is as shown as follows by using LISTSERV:
List: Member:
All All staffs of the company
GM General Managers of each departments
CS The staffs of Customer Services Division
Sal The staffs of Sales Division
AD The staffs of Administration Division
Mar The staffs of Marketing Division
IT The staffs of IT Division
Log The staffs of Logistic Division
Figure 6.1
Example:List: CSMember: [email protected], [email protected], [email protected]
Naming ConventionIn large organizations that manage thousands of workstations and servers, a logical and standardized naming scheme is a must. Not only can this quickly identify the appropriate support personnel for that server/workstation, it can also be used as a security tool to identify the location of internal security threats without having to tear through the subnet tables.
GroupsActive Directory requires that all groups have unique names. This is achieved by including the acronym of the department that the group belongs to.
Format:<DEPT>-<NAME> or <DEPT>-<SUBOU>.<TYPE>Examples:CS-SallyCS-Conference Room. Desktops1
MachinesActive Directory requires that all machines have unique names. In addition, it is good network etiquette to not duplicate any other machine’s name on the NCSU network.Use only letters (A-Z) and numbers (0-9) in your computer names. The scheme usually consists of a standardized location identification code, followed by the department code, a description of function, and a numerical sequence.
Coding abbreviationsPC Personal ComputersSV ServersSW SwitchMS Multilayer SwitchPR PrintersRT Router
WR Wireless RouterDC Domain ControllersWWW Web ServersAD Active Directory Servers
FTP FTP ServersSQL SQL ServersDHCP DHCP ServersAPP Application ServersPRO Proxy ServersSMTP Mail ServersFW Firewall
Example:2CSSW03It means the third switch in the Customer Services Department on the 2nd floor.
Strategy of information sharingIn our project design, we are going to use FTP Server as our information sharing method. Compare with the other FTP software such as CuteFTP and CaserFTP, FileZilla is the best choices of the FTP software in our project. It has many advantages:
Free Fast and efficient Open source Handle large transfer Support both Windows and Linux Support FTP security with SSL and SSH Ease in usage Powerful Site Manager Remote control
However, I find many disadvantages after testing this software:
Not fully support on Traditional Chinese Unicode Remote control not stable Easy to FC (Force Close) after resetting the port
On the point of view of a small company like our logistic company, I still prefer to use FileZilla as it is totally 0 costs and easy to manage, even a non-IT staff can handle it with the guide book.
Since we use FreeNAS as our SAN strategy, there is a part of the file sharing contributed by FreeNAS’s SMB service.
Share folders and corresponding permissionsGroup ->
Folder
V
HQ Executive
Director
General
Manager
Custome
r
Services
division
Sales
Division
Administration
Division
Marketing
Division
Information
Technology
Division
Logistic
Division
Customer
Services
Read/Write Read/
Write
Read/
Write
Read/
Write
No No No No No
Sales Read/Write Read/
Write
Read/
Write
No Read/Write No No No No
Administration Read/Write Read/
Write
Read/
Write
No No Read/Write No No No
Marketing Read/Write Read/
Write
Read/
Write
No No No Read/Write No No
information
Technology
Read/Write Read/
Write
Read/
Write
No No No No Read/Write No
Logistic Read/Write Read/
Write
Read/
Write
No No No No No Read/Write
Public folder Read/Write Read/
Write
Read/
Write
Read/
write
Read/write Read/Write Read/Write Read/Write Read/Write
Staffs’
Information
Read Read/
Write
Read No No Read/Write No No No
Announcement Read/
write
Read/
write
Read/
write
Read Read Read Read Read Read
Applications Read Read Read Read Read Read Read Read/Write Read
Internal ReadRead/
write
Read/
writeNo No No No No No
Figure 7.1
Names and Placement of App/Enterprise ServersIn our project design, we are going to name the Application servers as “App” by the naming convention. An application server is a software framework that provides an environment in which applications can run, no matter what the applications are or what they do.
To increase the availability of the App server, we need to ensure the server infrastructure does not include any single points of failure. In our LAN design, we place the pair of App servers on separate subnets by using virtual cluster features of Windows Server 2008 R2 to improve fault tolerance and load balancing which will placed in the internal server farm on the 2nd floor. This configuration removes routers as potential points of failure.
(Refer to Figure 1.1)
List of applications / services provided in each Server
The services provided in each is as shown as below (Figure 8.1):
Server: Services
App Java, .NET, PHP
Internal FTP FileZilla, FreeNAS
External FTP FileZilla, FreeNAS
AD DNS, AD
DHCP ISP DHCP
SQL MySQL
WWW IIS
Proxy CCProxy
SMTP 1st SMTP
Figure 8.1
Domain Structure
A domain structure is a cluster of computers which maintains their own security and accounts management locally, i.e.-on the primary domain controller. All logins for local accounts are done within the domain, and it has its own file and application servers for locally logged on users. It is generally part of a much larger corporate forest, consisting of other domains that may or may not "trust" each other, depending upon how they are set up.
Setup for a domain is much more complex than a workgroup but scales really well as you add more computers. The cost of setting a domain up is much higher than a workgroup because of its reliance on a centralized database of users and groups.
The domain structure design is as shown as below:
Domain name: Usage:
Administrative Domain For the administrator of the server
Staff Domain For common staff
Client Domain For customers and public users
Programmer Domain For data programmers and software engineers
Figure 9.1
Performance Monitoring and LoggingIn our project, performance monitoring is important since it provide you the following benefits: Correct problems before outages occur Reduce the costs of resolving problems when they
do occur Meet your service level agreement obligations Plan for growth Share key system performance information with
resellers and customers when appropriate
Hence, we decide to use a non-free system monitoring software but it is entirely worth. Total Network Inventory 2 is a PC audit and software inventory solution. Which provides network scanning, software accounting, and centralize control of the software and the network with a simple and clear GUI.
Plus using Kiwi syslog server to connect the other server logs of the network, The system monitoring and logging are barely perfect. The Kiwi can connect the log data of the firewall and which is the well-known and free software for log recording. It can record the log file of the server every hour.
Availability and ScalabilityAs we will use the Windows Server 2008 as most of the server, Network Load Balancing (NLB) feature will be used. It enhances the availability and scalability of Internet server applications such as those used on Web, FTP, firewall, proxy, virtual private network (VPN), and other mission-critical servers. A single computer running Windows Server 2008 R2 provides a limited level of server reliability and scalable performance. However, by combining the resources of two or more computers running one of the products in Windows Server 2008 R2 into a single virtual cluster, NLB can deliver the reliability and performance that Web servers and other mission-critical servers need.
As we know there are 3 types of cluster, which are High Performance Computing Cluster, Load Balancing Cluster and High Availability Cluster. NLB combine the three types of above and which is free and easy to management.
NLB increase the server scalability by support up to 32 computers in a single cluster and support the ability to add hosts to the NLB cluster as the load goes up, without bringing the cluster down. It also supports the ability to remove hosts from the cluster when the load goes down. That means we can easy to increase or reduce server according to the company's needs and will not affect the network.
NLB can automatically detect and recover from a cluster host that fails or goes offline, to balance the network load when hosts are added or removed. Also, it can automatically recover and redistribute the workload within ten seconds. That means we can let our servers become fault tolerance servers, hence the availability will be increased.
VirtualizationNowadays, Virtualization is a trend and it provides many advantages such as: Server Consolidation -- increase hardware utilization and lower the cost Help desk -- increase ability to represent multiple product environments Lab and deployment testing -- reduced physical system requirements Application isolation -- a security mechanism for separating running programs Higher availability Disaster recovery -- fewer servers to manage and recover/restore Security -- centralized management
Hence, we decide to implement virtualization in our server to archive the above benefits. On the planning of virtualization, we are going to use VMware infrastructure as the virtualization method, since VMware has the most experience and has a very mature product suite. Compare with the other virtualization provider like Microsoft and Citrix, VMware is more focus on integrating IT process automation around virtualization.
VMware vSphere provides advanced business continuity protection at lower cost, and the security and manageability for enterprise desktops. It can also simplify the infrastructure provisioning.
The followings are the highlighted features of vSphere:
Availability Management (vCenter Server Heartbeat) Disaster Recovery (SRM) Application Virtualization (presentation) (ThinApp) SDLC cost reduction (Lifecycle manager, LabManager) Capacity Planning (CapacityIQ) Application SLM (AppSpeed) Data Protection (Data Recovery) Cost Control (Chargeback) Client Virtualization (View)
Storage
In the storage phrase, we decide to use Network Attach Storage (NAS) as our storage method. Since there are many benefits as shown as follows:
Allow multiple server access through a file-based protocol Allow administrators to implement simple and low cost load balancing and
fault-tolerant systems Increase file access performance because of the CPU power of the NAS
devices Better and easier control over shares
Low cost, load balancing and high performance, which means cost effective. It is hard to find another method which will better then it.
FreeNAS is a well-known and well integrate software for the NAS. Which is a free, easy to use and full-function NAS software tailor-made for the Small and Mediate Business like our logistic company.
RAID is a technology that is used to increase the performance and/or reliability of data storage. The abbreviation stands for Redundant Array of Inexpensive Disks. A RAID system consists of two or more disks working in parallel.
Figure 10.1 shows the RAID 5 struture
We will implement RAID5 in the FreeNAS storage on our project. The benefits of RAID 5 is that the read data transactions are very fast while write data transaction are somewhat slower (due to the parity that has to be calculated). Also, a failed disk can be recovered from other disks. Cost, per Megabyte, is less than for disk mirroring, which is very ideally applied in our case. It is a good all-round system that combines efficient storage with excellent security and decent performance.
Backup and RecoveryWe will use the Windows Server Backup as the backup method since it is one of the functions of the Windows Server 2008. After considering the availability of the server networks, we decide to use the full backup of the Window Server Backup since it do not affect the service quality of the server while doing backup.
On the other hand, RAID 5 of the data storage provides data recovery.
Reference 1
The below websites are visited on 25/10/2011:
http://en.wikipedia.org/wiki/Active_DirectoryAD
http://en.wikipedia.org/wiki/Domain_Name_SystemDNS
http://www.openldap.org/OpenLDAP
http://technet.microsoft.com/en-us/sysinternals/bb963907.aspxAD explorer
http://www.microsoft.com/en-us/server-cloud/windows-server/active-directory.aspxActive Directory
http://www.brothersoft.com/downloads/ms-active-directory-price-list.htmlPrice list of directory software
http://wiki.answers.com/Q/What_are_FTP_advantages_and_disadvantagesFTP advantages and disadvantages
http://en.wikipedia.org/wiki/File_Transfer_ProtocolFile Transfer Protocol
http://kb.iu.edu/data/ackj.htmlWhat is LISTSERV
http://www.zimbra.com/docs/os/6.0.10/administration_guide/Managing_Accounts.09.3.htmlManaging Distribution Lists
http://labmice.techtarget.com/articles/computernaming.htmNaming
http://www.utexas.edu/its/help/austin-active-directory/56#computersAD naming
http://www.wretch.cc/blog/breezr/16233559CaserFTP and FileZilla Server
http://filezilladownload.net/about.htmlFileZilla Key Features
Reference 2
The below websites are visited on 2/11/2011
http://blog.xuite.net/jiehui_prompt/dogoo/23489484Application server
http://uk.answers.yahoo.com/question/index?qid=20100922034924AAjECUCdomain structure
Kiwi Syslog Server installhttp://www.askasu.idv.tw/index.php/2010/09/07/1210/
Kiwi Syslog Server overviewhttp://www.kiwisyslog.com/kiwi-syslog-server-download/
PRTG network monitorhttp://www.paessler.com/prtg/download
PRTG network monitor functionhttp://eddiesu.blogspot.com/2008/10/prtg-network-monitor.html
Kiwi Syslog Server installhttp://www.askasu.idv.tw/index.php/2010/09/07/1210/
Free NAShttp://tw.network01.net/modules/newbb/viewtopic.php?topic_id=94&forum=8
Free NAS featurehttp://www.freenas.org/about/news/item/freenas-801-rc2
Windows Server Backuphttp://technet.microsoft.com/zh-tw/library/cc732091(WS.10).aspx
Windows Server Backup install 1http://blog.miniasp.com/post/2009/07/31/Windows-Server-Backup-for-Win2k8-notes.aspx
Windows Server Backup install 2http://technet.microsoft.com/zh-tw/magazine/2008.05.adbackup.aspx
Free NAShttp://viml.nchc.org.tw/blog/paper_info.php?CLASS_ID=1&SUB_ID=1&PAPER_ID=86
Raid 5http://zh.wikipedia.org/zh-hk/RAID
Raid 5 previewhttp://www.pcguide.com/ref/hdd/perf/raid/levels/singleLevel5-c.html
http://www.youtube.com/watch?v=MCbFgy4SaxA&feature=player_embeddedTotal Network inventory 2
Windows Server 2008 (Network LoadBalance)http://www.dotblogs.com.tw/dotjason/archive/2009/04/27/8209.aspx
Overview of Network Load Balancinghttp://technet.microsoft.com/en-gb/library/cc725691.aspx
http://www.goodman-lai.idv.tw/2005/10/vmware-workstation.htmlVMware
http://bbs.mychat.to/sindex.php?t740988.htmlfreenas benefits