Đang tải... (xem toàn văn)
Hướng dẫn triển khai, cấu hình các dịch vụ mạng như ADDS, Domain Controller, DNS, DHCP, Zone, Lan router, VPN - Client to Gateway, Web Services, Firewall, Terminal Services, Remote Desktop, https, FTP,...
ASIGNMENT [INTRANET] internet Plysical network Internal network 192.168.X.0 10.0.X.0 255.255.255.0 255.0.0.0 Deploy Active Directory Domain Services and Domain Controller sie.edu.vn, DNS: 1.1.What are Active Diretory Domain Services, Domain Controller and DNS? a Active Diretory Domain Services: Active Directory Domain Services (AD DS) is a management and certificate Centre for objects, such as: Group, User, Computer account,… AD DS supply all of information of a object for the necessary services E.g.: It supple full of information for certifying when access to resources When you use AD DS on Windows Server 2008, you can create a security infrastructure, manage user, computer account and other resources easily You can use AD DS to supply for applications which relative with Active Directory like Microsoft Exchange Server, Active Directory Right Management Services (RMS),… Active Directory’s structure include those components: Forest, Tree, Domains, Organizational Units (OUs) A forest can have only or many Domain Tree and Domain, a Tree can have or some domain In a domain, a server is set up AD DS is called Domain Controller, the first default Domain Controller on forest root again which stores Global Catalog Global Catalog is a services certify for objects in AD System Which Domain Controller Machine store Global Catalog is called Global Catalog Server In a forest or a domain, we can configure many Global Catalog Server to load balancing for certification b Domain Controller: Domain Controller is a dedicated computer or a server, it’s set up Windows Server and store the copy of Domain Directory A domain can have one or more domain controller, each domain controller have the copy of Domain Directory Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Domain Controller has responsible for confirming User and ensure about privacy policies is implement c DNS: DNS is stand for Domain Name System DNS Server is a Server used to resolve domain to IP address and vice versa Above, we saw Domain Controller manage domain, then DNS is used to create domain for Domain Controller manage 1.2.The works have to do: - Add role ADDS - Run dcpromo to change server to Domain Controller manage sie.edu.vn and install DNS Server 1.3.The result of Demo: Intall Active Directory Domain Services succeeded Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Install Domain Controller and DNS Server succeeded Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Exercise completed Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Rename Server to: .sie.edu.vn Establish Server with Network card: - Physical Network: 192.168.X.1 255.255.255.0 - Internal Network: 10.0.X.1 255.0.0.0 - 1.1 The works have to do: Change Server’s name to HoangTM.sie.edu.vn Configure network card on Server 1.2 The result of Demo: Changed Server’s name Physical Network Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Internal Network Exercise completed Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Set up DHCP Service on Server to allocate dynamic IP for Internal Network Address range from 10.0.X.2 to 10.0.X.254 3.1.What is DHCP Service? DHCP is stand for Dynamic Host Configuration Protocol DHCP is an automatic configure IP address Computer is configured automatically; so that it’s reduce interfere into network system It supply a database center to follow all of computers in the network system The important purpose is avoiding computer have the same IP address If computer don’t have DHCP, it can be configured IP by traditional way Except supplying IP address, DHCP also supply other configuration information, such as DNS Nowadays, DHCP have version: IPv4 and IPv6 3.2 The works have to do: - Add role DHCP - Go to Administrative Tools/ DHCP/ HoangTM.sie.edu.vn to add Scope for IPv4 - Allocate address range 3.3.The result of Demo: Install DHCP Server succeeded Address range of dynamic IP from 10.0.X.2 to 10.0.X.254 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Leave 10 first position (from 10.0.X.2 to 10.0.X.11) to allocate static IP Set up to the computer have MAC address 00-11-22-33-44-55-66 always get IP address: 10.0.X.10 4.1.The works have to do: - Go to Administrative Tools/ DHCP/ HoangTM.sie.edu.vn/ Address Pool to add Exclusion range to allocate static IP - Go to Administrative Tools/ DHCP/ HoangTM.sie.edu.vn/ Reservations to set static IP: 10.0.X.10 for the computer have MAC address 00-11-22-33-44-55-66 4.2.The result of Demo: Leave 10 first position (from 10.0.X.2 to 10.0.X.11) to allocate static IP Set up to the computer has MAC address 00-11-22-33-44-55-66 always get IP: 10.0.X.10 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Create zone sie.edu.vn Create .sie.edu.vn 192.168.X.2 5.1.What is DNS zone? Every domain name, which is a part of DNS System and is managed by the DNS System It has several DNS settings, also known as DNS records In order for these DNS records to be kept in order, the DNS zone was created 5.2 The works have to do: - Go to Administrative Tools/ DNS/ HoangTM/ Forward Lookup Zones/ sie.edu.vn to add host Because zone sie.edu.vn was created at Exercise 1, we only need add host HoangTM to create HoangTM.sie.edu.vn with IP address: 192.168.X.2 5.3.The result of Demo: Create HoangTM.sie.edu.vn 192.168.X.2 in zone sie.edu.vn Establish Windows Server act as a LAN Router (Client can ping to real machine) Set up to Client can connect to the Internet 6.1.What is Router? a Router: Router is Network equipment, used to transfer data packages throw a co-network to terminals, via a Routing process Routing happens at 3rd floor of OSI Model In most cases, a router acts as a bond between or many network and transfers data package Router transfers them to routing table to find out the way to move Routing table is configured static by network managers - meaning routing table is established time and implemented manual, or dynamic – meaning the table know the way itself and the content is changed according to to-po network’s change And specially, router is not a network switch Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] b NAT: NAT is stand for Network Address Translation, is a technique was invented to solve IP shortage problem, but it gradually demonstrates multiple advantages that nobody can think about when it was invented Some of advantages of NAT nowadays are most applied are: o Share Internet connection with many computer in LAN (Local Area Network) with a IP address of WAN o It works like Firewall, help us to hide all IP in LAN away from hackers o It’s flexible and easy to manage 6.2.The works have to do: - Add role Network Policy and Access Services - Go to Administrative Tool/ Routing and Remote Access/ HoangTM to enable and configure Routing and Remote Access about NAT - Go to Administrative Tool/ Routing and Remote Access/ HoangTM/ IPv4/ NAT to add new interface - Check if Internet connected - Check if Client’s IP is now in domain: sie.edu.vn (in 10.0.25.1/24 range) - Change Server’s Physical Network to obtain an IP address automatically to get IP from Internet 6.3.The result of Demo: Real machine’s IP 10 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] 9.3.The result of Demo: Add Inbound Rules succeeded 21 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Add Outbound Rules succeeded 22 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Client is connecting with Server but can’t go to www.web.sie.edu.vn 10 Establish Terminal Service and Remote Desktop 10.1 What are Terminal Services and Remote Desktop? a Terminal Services: The Terminal Services server role in Windows Server® 2008 provides technologies that enable users to access Windows-based programs that are installed on a terminal server, or to access the full Windows desktop With Terminal Services, users can access a terminal server from within a corporate network or from the Internet Terminal Services lets you efficiently deploy and maintain software in an enterprise environment You can easily deploy programs from a central location Because you install the programs on the terminal server and not on the client computer, programs are easier to upgrade and to maintain When a user accesses a program on a terminal server, the program execution occurs on the server Only keyboard, mouse, and display information is transmitted over the network Each user sees only their individual session The session is managed transparently by the server operating system and is independent of any other client session 23 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Terminal Services Remote Application is a new feature on Windows Server 2008 Application programs will set up on Windows Server 2008, hosts isn’t set up application programs, but it can exploit that application programs on Server by Terminal Service b Remote Desktop: Remote Desktop Service is allows a user to access applications and data on a remote computer over a network, using the Remote Desktop Protocol (RDP) Terminal Services is Microsoft's implementation of thin-client terminal server computing, where Windows applications, or even the entire desktop of the computer running Terminal Services, are made accessible to a remote client machine The client can either be a full-fledged computer, running any operating system as long as the terminal services protocol is supported, or a bare bone machine powerful enough to support the protocol (such as Windows FLP) With terminal services, only the user interface of an application is presented at the client Any input to it is redirected over the network to the server, where all application execution takes place 10.2 The works have to do: a Terminal Services: - Add role Terminal Services (choose Terminal Server in Roles Services) - Go to Administrative Tools/ Terminal Services/ TS RemoteApp Manager - Choose Add RemoteApp Programs in tab Action - Choose Program to add to RemotApp Program list to share those programs with Clients - Go to C:\Program Files, share folder Packaged Programs - Client go to Run type: \\10.0.25.1 to move to Share folder - b Remote Desktop: Server go to Administrative Tools/ Active Directory Users and Computers Double Click into User 20098090, choose tab Member Of and add it into Group Remote Desktop Users Client go to All Programs/ Accessories/ Communications/ Remote Desktop Connection Type Server’s address: 10.0.25.1 Log on with your User name and Password 24 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT 10.3 [INTRANET] The result of Demo: Install Terminal Services succeeded Server share programs with Client at Packaged Programs 25 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Execute Remote Desktop Connection 26 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Login succeed with account 20098090 11 Deploy https, IP virtual host, name virtual host on Web server and FTP server 11.1 What is https, IP virtual host, name virtual host and FTP server? a https: https is stand for Hypertext Transfer Protocol Secure (HTTPS) is a widely used communications protocol for secure communication over a computer network, with especially wide deployment on the Internet Technically, it is not a protocol in itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications In its popular deployment on the internet, HTTPS provides authentication of the web site and associated web server that one is communicating with, which protects against Man-in-the-middle attacks Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication.[1] In practice, this provides a reasonable guarantee that one is communicating with precisely the web site that one intended to communicate with 27 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] (as opposed to an impostor), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party b IP virtual host: c Name virtual host: d FTP Server: 11.2 The work have to do: a https: - Add role Active Directory Certificate Services - Go to Administrative Tools/ Internet Information Service (IIS) Manager/ HoangTM - At tab HoangTM Home, choose Server Certificates - At tab Actions, choose Create Domain Certificate and fill in the form - Select Online Certification Authority - Go to Administrative Tools/ Internet Information Service (IIS) Manager/ HoangTM/ Sites/ web.sie.edu.vn/ Edit Blending and add https for this site - b IP virtual host: c Name virtual host: d FTP Server: Add role service FTP Server Go to Administrative Tools/ Internet Information Services (IIS) 6.0 Manager/ HoangTM/ FTP Sites/ Default FTP Site, start this site Go to C:\inetpub\ftproot and create new folder and create some file to share on your website 11.3 The result of Demo: a https: 28 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Install Active Directory Certificate Services succeeded 29 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Server go to https://www.web.sie.edu.vn 30 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Client go to https://www.web.sie.edu.vn b IP virtual host: c Name virtual host: d FTP Server: 31 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Install Role service FTP Server succeeded 32 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Check ftp://localhost 33 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] 34 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Share file/ folder succeeded 12 Create and configure Ipsec (haven’t completed) 35 Tran Minh Hoang | 200098090 | LTU08 | HUST ... | HUST ASIGNMENT [INTRANET] Check ftp://localhost 33 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] 34 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Share file/... Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Internal Network Exercise completed Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Set up DHCP Service on Server to allocate... 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Client ping Real machine Server is connected Internet 11 Tran Minh Hoang | 200098090 | LTU08 | HUST ASIGNMENT [INTRANET] Client is connected Internet