Islamic Republic of Afghanistan ‫جمهوری اسالمی افغانستان‬

Ministry of Higher Education ‫وزارت تحصیالت عالی‬

Directorate of Private Higher Education
RANA University
Directorate of Computer Science Faculty
Information Technology department
‫ریاست موسسات خصوصی تحصیالت عالی‬
‫پوهنتون رنا‬
‫ریاست پوهنحی کمپیوتر ساینس‬
‫آمریت دیپارتمنت تکنالوژی معلوماتی‬

MONOGRAPH
ON
Design and Implementation of Kabul University Data Center
‫طرح و تطبیق دیتا سنتر پوهنتون کابل‬

BY
Wasima Habib
17-RT200-332
In partial fulfillment of the requirements for the award of the degree of
BACHELOR OF INFORMATION TECHNOLOGY
BIT
TO
RANA University
Baraki Square, Kabul–Afghanistan
Islamic Republic of Afghanistan
‫جمهوری اسالمی افغانستان‬
Ministry of Higher Education
‫دلوړو زده کړو وزارت‬
Directorate of Private Higher Education
RANA University ‫د لوړو زده کړو د خصوصي پوهنتونو ریاست‬
Directorate of Computer Science Faculty ‫رڼا پوهنتون‬
Information Technology Department ‫د کمپیوټر ساینس پوهنځي ریاست‬
‫د معلوماتی ټکنالوژی دیپارتمنت آمریت‬

MONOGRAPH
ON
Design and Implementation of Kabul University Data
Center
‫طرح و تطبیق دیتا سنتر پوهنتون کابل‬

In partial fulfillment of the requirements for the award of the degree of

BACHELOR OF INFORMATION TECHNOLOGY
(BIT)
TO
RANA UNIVERSITY

PREPARED BY:
Student Name: Wasima Habib
Father’s Name: Habibullah
Registration No: 17-RT200-332
Batch: 2017 to 2021
Signature: ___________
Date:
SUPERVISED BY:
Name: Mr. Azizullah Shirzad
Designation: Lecturer & Coordinator
Qualification: MSC Computer Science
ID No: RU-02-115
Phone No: 0783120106
E-mail id: azizullahshirzad786@gmail.com
Signature: ____________
Date:
PROJECT APPROVAL SHEET
The undersigned certify that they have read the following Project Report and are satisfied
with the overall exam performance and recommend the project to the faculty of Computer
Science for acceptance.

Title: Design and Implementation of Kabul University Data Center

Prepared by: Wasima Habib

17-RT200-332

Recommended by: Mr. Azizullah shirzad

Lecturer & coordinator

Project Coordinator:
________________________________
Name & signature Mr.

Dean of BCS Faculty:

_________________________________
Name & signature Mr.

VC academic:
_________________________________
Name & signature Mr.

RANA University Management

Verification & Stamp:
__________________________________
Date:
PROJECT EVALUATION SHEET
(Decision of the Monograph Evaluation Committee)

STUDENT PARTICULARS
Name: Wasima Habib Registration No: 17-RT200-332
Design and implementation
of Kabul University Data
Father’s Name: Habibullah Project Title:
Center

Assessment Criteria
Member 1
Problem Definition: Relevant Yes☐ No☐ clearly phrased Yes☐ No☐ Testable Yes☐
No☐
Research Design: Theoretical Background Yes☐ No☐ Appropriate Research Method
Yes☐ No☐
Research Result: Description ☐ Analysis☐
Analysis, Interpretation and Conclusion: Clear Yes☐ No☐
Further Comments (Allocate Marks out of 25%)

Name of the Committee Member:

Sign: ___________________ Date: ___________________

Member 2
Problem Definition: Relevant Yes☐ No☐ clearly phrased Yes☐ No☐ Testable Yes☐
No☐
Research Design: Theoretical Background Yes☐ No☐ Appropriate Research Method
Yes☐ No☐
Research Result: Description ☐ Analysis☐
Analysis, Interpretation and Conclusion: Clear Yes☐ No☐
Further Comments (Allocate Marks out of 25%)

Name of the Committee Member:

Sign: ___________________ Date: ___________________
Member 3
Problem Definition: Relevant Yes☐ No☐ clearly phrased Yes☐ No☐ Testable Yes☐
No☐
Research Design: Theoretical Background Yes☐ No☐ Appropriate Research Method
Yes☐ No☐
Research Result: Description ☐ Analysis☐
Analysis, Interpretation and Conclusion: Clear Yes☐ No☐
Further Comments (Allocate Marks out of 25%)

Name of the Committee Member:

Sign: ___________________ Date: ___________________

Member 4
Problem Definition: Relevant Yes☐ No☐ clearly phrased Yes☐ No☐ Testable Yes☐
No☐

Research Design: Theoretical Background Yes☐ No☐ Appropriate Research Method

Yes☐ No☐

Research Result: Description ☐ Analysis☐

Analysis, Interpretation and Conclusion: Clear Yes☐ No☐

Further Comments (Allocate Marks out of 25%)

Name of the Committee Member:

Sign: ___________________ Date: ___________________

ANALYSIS OF MARKS ALLOCATED BY COMMITTEE MEMBERS:

Member 1 Member 2 Member 3 Member 4 Total

Initial Initial Initial Initial VC Stamp

DECLARATION
I hereby, declare that the Monograph “Design and implementation of Kabul University Data
Center” of the requirements for the Degree of Bachelor of Information Technology (BIT) to
RANA University is my original work and not submitted for any other degree, diploma,
fellowship or similar title or prize.

Name:
Signature: __________________
Date:
FACULTY CERTIFICATE
Batch: 2016-2021
Register Number: 17-RT200-332
Serial Number:

This is to certify that the Project / Monograph titled “Design and implementation of Kabul
University Data Center” Submitted in partial fulfillment of the requirements for the degree of
"Bachelor of Information Technology to RANA University, Baraki Square, Kabul –
Afghanistan is carried out By

Wasima Habib

Under my direct supervision and guidance and that no part of this report has been submitted
for the award of any other degree, diploma, fellowship or other similar titles or prize and that
the work has not been published in any scientific or popular journals or magazines.

FACULTY PARTICULARS DEPARTMENT IN-CHARGE

Name: Mr. Azizullah Shirzad Name: Mr. Abdul Ghafar Omerkhel

Qualification: MSC Computer Science Qualification: MSC Computer Science
Designation: Lecturer & Coordinator Designation: Dean
ID No: RU-02-115 ID No: Ru-02-014

Signature: ______________________
Date: Signature: ______________________
Date:

Department Stamp:
 ACKNOWLEDGEMENT
All praises and thanks to Almighty Allah, the source of knowledge and wisdom to mankind,
who conferred me with power of mind and capability to take this material contribution to
already existing knowledge. All respect and love to him who is an everlasting model of
guidance for humanity as a whole.

I would like to express the deepest appreciation to the committee chair H.E Dr. Shafiullah
Naimi the Chancellor of RANA University, who encouraged me in writing my monograph on
“Design and Implementation of Kabul University Data Center” with the attitude and the
substance of a genius, he continually and convincingly conveyed a spirit of adventure
accordingly.

I wish to thank my project supervisor, Mr. Azizullah Shirzad guidance made my project
possible. His encouragement and wisdom made my efforts worthwhile. My heartfelt gratitude
also goes to Dean of CS Faculty, Mr. Abdul Ghafar Omerkhel for his insight and completion
of my project.

It is with great honor that I would also like to thank my friends, whose names I have not
mentioned, how yet supported and helped me in one way or the other.

Finally, I thank you, the reader for taking time to read my thesis.

Signature

Wasima Habib
17-RT200-332
BIT (Bachelor of Information Technology
Table of Contents
PROJECT APPROVAL SHEET............................................................................................................................ I
PROJECT EVALUATION SHEET........................................................................................................................ II
FACULTY CERTIFICATE................................................................................................................................... V
ACKNOWLEDGEMENT.................................................................................................................................. VI
CHAPTER 1 | INTRODUCTION................................................................................................................ 1
1.1 OVERVIEW.....................................................................................................................................................1
1.2 OBJECTIVES............................................................................................................................................... 2
1.3 BENEFITS....................................................................................................................................................2
1.3.1. Resource Sharing..............................................................................................................................2
1.3.2. Software Sharing...............................................................................................................................2
1.3.3. Convenient Communication............................................................................................................2
1.3.4. Centralized Data................................................................................................................................2
1.3.5. Improved Security.............................................................................................................................2
1.3.6. Internet Sharing.................................................................................................................................3
1.3.7. Computer Identification....................................................................................................................3
1.3.8. Easy Filling and Data Security........................................................................................................3
1.3.9. Easy Access on Applications and Data.........................................................................................3
1.4 TECHNOLOGY USED (PLATFORM)..............................................................................................................4
1.5 CHALLENGES AND LIMITATIONS.................................................................................................................4
CHAPTER 2 | EXISTING AND PROPOSED SYSTEM............................................................................6
2.1. EXISTING SYSTEM.....................................................................................................................................6
2.1.1. CONTROL...............................................................................................................................................6
2.1.2. NO SELF SERVICE.................................................................................................................................6
2.1.3. SAFEKEEPING OF PROPERTY.................................................................................................................6
2.1.4. INTERNAL SKILL SETS AND SUPPORT....................................................................................................6
2.2. PROPOSED SYSTEM..................................................................................................................................6
2.2.1. CLOUD (INTERNET)................................................................................................................................6
2.2.2. CISCO ROUTER (CISCO 2800 ISR ROUTER)........................................................................................6
2.2.3. CISCO SWITCH (CISCO CATALYST 9200 SERIES SWITCH)..................................................................7
2.2.4. ADDC....................................................................................................................................................7
CHAPTER 3 | REQUIREMENTS GATHERING......................................................................................10
3.1. REQUIREMENTS GATHERING..................................................................................................................10
3.1.1. Hardware requirements..................................................................................................................10
3.1.2. Software requirements...................................................................................................................10
3.2. FUNCTIONAL REQUIREMENT...................................................................................................................10
3.2.1. Users Requirements (Functionality).............................................................................................10
3.2.2. Security.............................................................................................................................................10
3.2.3. Important Data Center Security Standards.................................................................................11
CHAPTER 4 | SYSTEM DESIGN............................................................................................................ 13
4.1. MODULATION DESIGN..............................................................................................................................13
4.2 TOPOLOGY DESIGN (I.T)..........................................................................................................................57
4.2.1 Main office topology design............................................................................................................58
4.2.2 Branch offices topology design......................................................................................................63
CHAPTER 5 | CONFIGURATION PROCEDURE/CODING (IT)............................................................64
 5.1 CONFIGURATION PROCEDURE...................................................................................................................64
5.2 CONFIGURATION CODING........................................................................................................................64
6.1 TESTING TECHNIQUES AND TESTING.......................................................................................................72
6.2 TESTING REPORT.....................................................................................................................................72
6.3 DEBUGGING REPORT................................................................................................................................72
CHAPTER 7 | COST ESTIMATION........................................................................................................ 73
7.1. APPROXIMATE COST OF THE HARDWARE..............................................................................................73
7.2. APPROXIMATE COST OF THE SOFTWARE..........................................................................................73
7.3. APPROXIMATE COST OF THE PROJECT IMPLEMENTATION.................................................................73
7.4. OVERALL COST OF THE PROJECT......................................................................................................73
CHAPTER 8 | FUTURE PLANS AND EXPANSION……………………………………………………………………………..74
8.1 FUTURE PLAN...........................................................................................................................................74
8.2 EXPANSION POSSIBILITY..........................................................................................................................76
CONCLUSION
REFERENCES
Table of Figures
Figure 4. 87:Main Topology Design……………………..………………………………………………………………………..…58

Chapter 1 | Introduction
1.1 Overview

Today the Data Center is the heart of most companies’ operations, the importance of
effective management of increasingly large amounts of data is prompting many companies
to significantly upgrade their current operations, or to create brand new data centers from
greenfield. At the same time, economic conditions are forcing companies to focus on
efficiency and simplification. As a result, Data Center optimization and/or consolidation may
be on your agenda.
Kabul University was founded in 1931 during the government of Mohammed Nadir Shah and
then Prime Minister Mohammad Hashim Khan. Approximately 22,000 students attend Kabul
University. Of these, nearly 43% are female. The mission of Kabul University is to mature
and prosper as an internationally recognized institution of learning and research, a
community of stakeholders committed to shared governance, and a center of innovative
thought and practice. The data center design for the Kabul University helps IT to manage
everything centrally and avoid losing data also removing the paperwork. It helps all
employees record gather into a file server and by taking backups secure the data more.
Data centers are facilities that house servers and related equipment and systems. They are
distinct from data repositories, which collect various forms of research data, although some
data repositories are occasionally called data centers. Many colleges and universities have
data centers or server rooms distributed across one or more campuses, as we would like the
Kabul University do also. This monograph reports on the experiences of having all
application and storage servers were consolidated into a new, university datacenter. I would
discuss the advantages of consolidation, the planning process for the actual data center
design and implementation, and lessons learned from the testing virtual experience.

1.2 Objectives

1
Several factors are currently converging to make this an opportune time for the University of
Kabul to review its model for housing, securing, and managing its computing servers and
equipment. They are:
1. The commissioning of the Information Technology Facility which provides highly efficient
data center space previously not available.
2. The University’s “2021 Vision” Sustainability Targets include a goal to achieve net-
negative energy growth from 2010 to 2021.Sloution that can reduce IT energy use.
3. Technologies such as virtualization and remote server management have matured and
can be more widely deployed.
4. University efficiency initiatives over several years have put continuing pressure on IT staff
resources, so changes that free up IT staff to work on higher-priority IT needs are
recognized as necessary.

1.3 Benefits
There are many advantages to the centralized data center. Many of these advantages also
applied to the other companies for having a data center, but for the purposes of this paper,
we are addressing them in the context of the university’s experience.

1.3.1. Resource Sharing

Sharing of resources such as hard disk drives, DVD drives and Printers are made easy in
Local Area Network. For an example all the resources can be connected to one single
computer with a network so that whenever there is a need of resources it can be shared with
the connected computers.

1.3.2. Software Sharing

Another type of sharing made easy here is the Software sharing. A single computer with the
licensed software can be shared among other users in the network. There is no need to
purchase individual license for each and every computer in the network. All can be worked
under one single license.

1.3.3. Convenient Communication

Using LAN users can exchange messages and data in a convenient way. Since the data is
placed on the server it can be accessed anytime by the LAN users. Every single LAN user
can do this with others on the network. Hence, this not only saves lots of time, it ensures that
messages get delivered to the right people.

1.3.4. Centralized Data

As mentioned earlier data of the users are located at the centralized server. Any workstation
in a particular network can be used to access this information. Moreover users can access
their own set of data by logging into their respective accounts.

1.3.5. Improved Security

Since data is stored on a local server, it can be guaranteed to be secure. If the data on the
server is updated then simply all the LAN users can access them. In addition to that, the host
has the capability to deny or allow users in a particular network so that additional security
measurements can be imposed.

2
1.3.6. Internet Sharing
LAN has the capability to share internet connection among all the LAN users. One single
computer with an internet connection shares internet with all the connected computers. This
type of infrastructure can be seen in Offices and Netcafes.

1.3.7. Computer Identification

For the purpose of identification, each computers on the LAN is assigned with a MAC
address. This address will be normally used when sending and receiving data. In modern
computers these data is stored inside the network adapter that comes attached with the
motherboard.

1.3.8. Easy Filling and Data Security

The University has no File server that can sufficiently store data and all students records in
one. They use the old paper work which has a very high risk of data loos, fire or damage. By
a data center we can store every single record and by taking backups we can make sure all
is well and safe.

1.3.9. Easy Access on Applications and Data

This data center can host many E-Learning programs which are required for teaching in
Kabul university also all teachers, students and university staff can access one MIS system
for any daily routine tasks. In near future the centralized system can help teachers for having
online exams and assignments as well.

1.3.10. Server Room

The University has no server room occupied a large office that could be repurposed to house
multiple staff offices. however, they are in great demand, and the possibility of gaining more
space for a new data center.

1.3.11. Climate Control

The new data center is built on a raised floor that allows better air circulation. Hundreds of
servers and other pieces of equipment create a lot of excess heat, and raised floor
construction allows for better circulation of air. New racks have chimneys that exhaust heat
from high-density computing environments. Air conditioners supply a constant stream of air
that will maintain the optimum temperature for computing equipment. Censors continually
monitor humidity and keep it at an optimal level.

1.3.12. Security
With server rooms scattered all over the university, security issues can be a concern. Now if
the servers are housed in one location, the university can provide a highly secure
environment in a more cost-effective way. The data center has card-swipe access to the
building and biometric access to the data center itself. There are also cameras installed in
the building as a further security measure.

1.3.13. Automation of Server Management

One of the benefits of consolidating servers into one environment is that they are in a secure
location, but it is still possible to manage them from a distance. The virtual environment has
a web-based console that allows system Administrators to connect and manage them, and
the physical servers can be managed over the network as well. Even though the servers are
centralized, our system administrator can work from an office in the University only.

3
1.4 Technology used (Platform)
1.4.1 Cisco Packet Tracer
I will use the cisco packet tracer for visualizing the data center components.

1.4.2 VMware
For installing windows server components and testing on the clients’ PCs.

1.5 Challenges and limitations

Challenges and Limitations of current system:

1.5.1. Implementation Cost

Even though LAN saves lots of money in terms of resource sharing, the initial cost involved
in setting up the network is quite high. This is mainly due to the requirement of a special
software that is needed to make a server. In addition to that purchasing of hardware
equipment’s such as routers, hubs, switches and cables are required for the first-time setup.

1.5.2. Policy Violations

Since all the data of the connected computers are stored inside a central server,
unauthorized users can view all the browsing history and downloads of all the connected
computers. Especially the LAN administrator has the authority to check personal data of
each and every LAN user. Therefore, this can lead to Policy violations.

1.5.3. Security
Since it is rather easy to gain access to programs and other types of data, security concerns
are a big issue in LAN. The sole responsibility to stop unauthorized access is in the hands of
LAN administrators. The LAN administrator has to make sure that the centralized data is
properly secured by implementing correct set of rules and privacy policies on the server.

1.5.4. Maintenance
LAN often faces hardware problems and system failure. Hence, it requires a special
administrator to look after these issues. The administrator needs to be well knowledgeable in
the field of networking and needed at its full-time job.

1.5.5. Area Coverage

LAN is usually made to cover up a limited distance (up to 10km). Most probably it is
operated in small areas such as in offices, banks and schools. This is because its cabling
system cannot be extended more than a certain range.

1.5.6. Server Crashes

Central server which is present on the LAN architecture manages all the attached
computers. If in case the server encounters any faults all the connected computers are
affected too. For an example if the files on the server gets corrupted, no more data on the
attached computers can be accessible.

4
1.5.7. Malware Spreading
Appearance of virus in a LAN based infrastructure is highly dangerous. If one the attached
computers are affected with a virus, it can easily spread to the remaining computers present
on the network.

5
Chapter 2 | Existing and Proposed System
2.1. Existing system
2.1.1. Control
All the users may not be agreed to let system administrators control their PCs by joining
them to the Domain Controller.

2.1.2. No Self Service

Everything will not be in the user’s hand. For example, they cannot unlock their PCs and
reset their passwords. This will challenge the IT Help Desk department and will loud out
more tickets to their system.

2.1.3. Safekeeping of property

All the Domain Admin users may read every other client’s confidential data and
spreadsheets.

2.1.4. Internal skill sets and support

Internal users might need to expand their skills on using Domain environment computers.

2.2. Proposed system

2.2.1. Cloud (Internet)
Will connect us to the internet. The Internet is a vast network that connects computers all
over the world. Through the Internet, people can share information and communicate from
anywhere with an Internet connection.

2.2.2. Cisco Router (Cisco 2800 ISR router)

Cisco 2800 Series ISRs provide the highest level of performance to accommodate growth for
even the most demanding business.
Cisco 2800 Series Integrated Services Routers support:

1. Wireless networking

Help employees be more productive and collaborate better by enabling them to work
wirelessly from anywhere in the office.

2. Voice

Enjoy advanced communications tools such as call processing, voicemail, automated

attendant, and conferencing to respond to customers faster and save money on long-
distance charges.

3. Video

Enable more cost-effective surveillance and security systems or support on-demand and live
streaming media.

4. Security

Reduce business risks associated with viruses and other security threats.

5. Virtual private networks

Give remote staff and teleworkers secure access to company assets over a secure
connection.

6
 6. Modular architecture

With a wide variety of available LAN and WAN options, you can upgrade your network
interfaces to accommodate future technologies. The 2800 Series also offers several types of
slots that make it easy to add connectivity and services in the future on an "integrate-as-you-
grow" basis.

7. Flexibility

Connectivity via DSL, cable modem, T1, or 3G wireless maximizes your options for both
primary and backup connections.

2.2.3. Cisco Switch (Cisco Catalyst 9200 Series Switch)

Helps connecting data center with the internal departments. Cisco Catalyst 9200 Series
Switch can support.
1. Up to 48 ports of full Power over Ethernet Plus (PoE+) capability
2. Resiliency with Field-Replaceable Units (FRU) and redundant power supply, fans,
and modular uplinks
3. Flexible downlink options with data, PoE+ or mGig
4. Operational efficiency with optional backplane stacking, supporting stacking
bandwidth up to 160 Gbps
5. UADP 2.0 Mini with integrated CPU offers customers optimized scale with better cost
structure
6. Enhanced security with AES-128 MACsec encryption, policy-based segmentation,
and trustworthy systems
7. Layer 3 capabilities, including OSPF, EIGRP, ISIS, RIP, and routed access
8. Advanced network monitoring using Full Flexible NetFlow
9. Plug and Play (PnP) enabled: A simple, secure, unified, and integrated offering to
ease new branch or campus device rollouts or updates to an existing network
10. Cisco IOS XE: A Common Licensing based operating system for the enterprise
Cisco Catalyst 9000 product family with support for model-driven programmability
and streaming telemetry
11. ASIC with programmable pipeline and micro-engine capabilities, along with
template-based, configurable allocation of Layer 2 and Layer 3 forwarding, Access
Control Lists (ACLs), and Quality of Service (QoS) entries

2.2.4. ADDC
domain controller is a server that responds to authentication requests and verifies users on
computer networks. Domains are a hierarchical way of organizing users and computers that
work together on the same network. The domain controller keeps all of that data organized
and secured.
The domain controller (DC) is the box that holds the keys to the kingdom- Active Directory
(AD). While attackers have all sorts of tricks to gain elevated access on networks, including
attacking the DC itself, you can not only protect your DCs from attackers but actually use
DCs to detect cyberattacks in progress.

Why is a Domain Controller Important?

Domain controllers contain the data that determines and validates access to your network,
including any group policies and all computer names. Everything an attacker could possibly

7
need to cause massive damage to your data and network is on the DC, which makes a DC a
primary target during a cyberattack.
Helps controlling the internal resources using different features like:

 AD users and computers

 AD Group Policy Management
 AD Domain Name Server

The primary responsibility of the DC is to authenticate and validate user access on the
network. When users log into their domain, the DC checks their username, password, and
other credentials to either allow or deny access for that user.
Active Directory is a type of domain, and a domain controller is an important server on that
domain. Kind of like how there are many types of cars, and every car needs an engine to
operate. Every domain has a domain controller, but not every domain is Active Directory.
In general, yes. Any business – no matter the size – that saves customer data on their
network needs a domain controller to improve security of their network. There could be
exceptions: some businesses, for instance, only use cloud based CRM and payment
solutions. In those cases, the cloud service secures and protects customer data.

Benefits of Domain Controller

 Centralized user management
 Enables resource sharing for files and printers
 Federated configuration for redundancy (FSMO)
 Can be distributed and replicated across large networks
 Encryption of user data
 Can be hardened and locked-down for improved security

Limitations of Domain Controller

 Target for cyberattack
 Potential to be hacked
 Users and OS must be maintained to be stable, secure and up-to-date
 Network is dependent on DC uptime
 Hardware/software requirements

1. NTP
To set date and time for all servers and clients from a central point. The Network Time
Protocol (NTP) is a networking protocol for clock synchronization between computer
systems over packet-switched, variable-latency data networks. In operation since before
1985, NTP is one of the oldest Internet protocols in current use. NTP was designed by David
L. Mills of the University of Delaware.

2. WSUS
To push new updates to all the users

3. File Server
Helps for a centralized resource point and safe documentation

8
 4. Shadow Copy
To have a backup of the files and prevent from the file removals by mistake
5. FSRM
To control what should be in the file server and what should not
6. Firewall
May help to secure inbound and outbound file transfers

9
Chapter 3 | Requirements Gathering
3.1. Requirements Gathering
3.1.1. Hardware requirements
The Recommended Minimum System Requirements, here, should allow even someone new
to installing a usable system with enough room to be comfortable.
• PowerEdge Rack Servers
• Power Distributor
• Firewall (Sophos XG Firewall)
• Cisco Router (Cisco 2800 ISR router)
• Cisco Switch (Cisco Catalyst 9200 Series Switch)
• Rack 42U
• AC
• Fire Alarm (Smoke Detector)
• UPS (Battery)
• Rj45 Connector
• Cables
• Security Camera

3.1.2. Software requirements

The Recommended Minimum System Requirements are:
• Windows Server 2016
• Cisco Packet Tracer
• Putty

3.2. Functional Requirement

3.2.1. Users Requirements (Functionality)
Creating Computers and Joining a Domain
Three things are required for you to join a computer to an Active Directory domain:
 Physical Computer connected with the domain
 Mouse and keyboard
 Network Cable for connecting to the network
 Power for starting computers
 A computer object must be created in the directory service
 You must have appropriate permissions to the computer object. The permissions
allow you to join a computer with the same name as the object to the domain
 You must be a member of the local Administrators group on the computer to change
its domain or workgroup membership

3.2.2. Security
Data center security refers broadly to the array of technologies and practices used to protect
a facility’s physical infrastructure and network systems from external and internal threats. On
a very basic level, data center security is all about restricting and managing access. Only
authorized personnel should be able to access critical infrastructure and IT systems. Data
center security includes both the “things” put in place to accomplish that goal (such as
locked access points, surveillance systems, or security personnel) and the “controls” that
manage them (such as security policies, access lists, or rules for handling data).

10
3.2.3. Important Data Center Security Standards
Here are a few critical data center physical security standards and technologies every
colocation customer should evaluate when they’re looking to partner with a facility.

Layered Security Measures

Every aspect of a data center’s security should work in concert with other elements as part
of a comprehensive, layered system. The idea is that a potential intruder should be forced to
breach several layers of security before reaching valuable data or hardware assets in the
server room. Should one layer prove ineffective, other layers will likely prevent the intrusion
from compromising the entire system.

Access Lists
While it may seem like a simple thing, one of the most important elements of data center
security is ensuring that only authorized persons are permitted to access key assets. When
a company colocates with a data center, not every employee there needs to have access to
the servers. This is a critical component of the “Zero Trust” security philosophy. By
maintaining up-to-date access lists, a facility can help their customers prevent theft and
guard against human error by people who aren’t authorized to handle IT assets in the first
place.

Video Surveillance
Another longtime staple of physical security technologies, video surveillance is still incredibly
valuable for data centers. Closed-circuit television cameras (CCTVs) with full pan, tilt, and
zoom features should monitor exterior access points and all interior doors as well as the data
floor itself. Camera footage should be backed up digitally and archived offsite to guard
against unauthorized tampering.

Secure Access Points

Sensitive zones like the data floor should be secured by more than a simple locked door.
Manned checkpoints with floor-to-ceiling turnstiles or man-traps that prevent an authorized
visitor from passing credential back to someone else are essential physical security
standards for any data center facility.

24x7x365 Security
Security checkpoints, cameras, and alarms won’t amount to much without security staff on-
site to respond to potential threats and unauthorized activity. Routine patrols throughout
every data center zone can provide a visible reminder that security personnel are on the
lookout and can react quickly to deal with any potential issue.

RFID Asset Management

While having data center security personnel on-site and archived camera footage available
is critical, it’s still difficult to keep eyes on every piece of hardware at all times. With RFID
tagging, data centers can manage and track assets in real-time through powerful business
intelligence software. Tags can even send out alerts the moment an asset is moved or
tampered with, allowing data center personnel to respond quickly to any threat.

Background Checks

11
Between security staff and remote hands technicians, data centers have a lot of people
moving throughout a secure facility. Conducting thorough background checks on staff, as
well as implementing vetting requirements for all third-party contractors, can provide
assurances to their customers that these people can be trusted to manage and protect their
valuable IT assets.

Exit Procedures
When someone who has the authorization to access sensitive zones and assets within the
data center leaves their position, their privileges don’t go with them. Whether it’s data center
personnel or customer employees with access rights who are leaving the organization,
facilities should have systems and procedures in place to remove those privileges. This
could mean updating access lists, collecting keys, or deleting biometric data from the
facility’s system to make sure they won’t be able to pass through security in the future.

Multi-Factor Authentication
Every data center should follow “Zero Trust” logical security procedures that incorporate
multi-factor authentication. Every access point should require two or more forms of
identification or authorization to ensure that no one will simply be “waved through” by
security if they’re missing one form of authentication.

Biometric Technology
One of the latest innovations in security standards, biometric technology identifies people
through a unique physical characteristic, such as a thumbprint, retina shape, or voice
pattern. There are a variety of ways to incorporate biometric technology into access
protocols, and it is especially valuable as one component of two-factor authentication.
As data center security technology continues to involve, new physical security measures will
surely be incorporated as best practices. Data center physical security standards may not be
evident at first glance because many of them are intended to remain out of sight. Even so,
data center customers can review security certifications and request a more detailed
overview of the physical and logical security measures a facility has put in place to ensure
that data remains well-protected.

12
Chapter 4 | System Design
4.1. Modulation design
1- Server Installation

Restart the server

Press ENTER to boot from DVD.

Figure 4. 1:Server Installation

Files will start loading.

Figure 4. 2:Loading Files

Take the defaults on the Language screen and click Next.

Figure 4. 3:Language Selection

13
Click Install now on the install screen.

Figure 4. 4:Installation

Click the second line item for the GUI. The default install is now Server Core. Then
click Next.

Figure 4. 5:Operating System Selection

14
 Read License Agreement, Turn on Checkbox “I accept the license terms,” and then
click Next.

Figure 4. 6:Terms and Conditions

Click Custom: Install Windows only (Advanced).

Figure 4. 7:Type of Installation

15
[Optional:] Click drive options; then you can create custom partitions.

Figure 4. 8:Partition

[Optional:] Add a drive using Native Boot To Vhd: SHIFT-F10 to open a command prompt
window; Find installation drive (dir c:, dir d:, dir e:, etc). Diskpart to open the Disk Partition
Utility (the first four lines below are all the same command and must run on the same line,
separated here to make it easier to read).Create vdisk file=e:\BootDemo.vhd
type=expandable maximum=40000. Attach disk. Exit. Then Refresh.

Figure 4. 9:Refresh

16
It will then start copying files. This will take a while (could be 20 mins or so depending on
hardware performance).It will reboot a couple times (automatically). After the first reboot, it
will no longer be running off of the DVD.

Figure 4. 10:Windows Installation

Figure 4. 11:Finalizing

In the Password box, enter a new password for this computer. It must meet complexity
requirements. Re-enter the password in the second password box, and then click Finish.

Figure 4. 12:Setting Password

17
Press Ctrl-Alt-Delete at the same time to get the login screen

Figure 4. 13:Lock Screen

Enter password and press enter.

Figure 4. 14:Login Page

18
The Desktop will be displayed and Server Manager will be opened automatically.

Figure 4. 15:Setting up Home Screen

Pressing Windows Key on the keyboard will bring up the start screen (formerly known as
Start Menu). If you Right-Click on Computer, you will see the new right-click menu is on the
bottom of the screen instead of in a dropdown box. Select Properties.

You will see that the System Properties screen looks almost identical to prior versions of
windows. We can now change the computer name by clicking on Change Settings.

Figure 4. 16:Changing Computer Name

19
Type new computer name you would like to use and click OK.

Figure 4. 17:Computer Name Selection

 Click OK on the information box. Click OK to allow a restart.

Figure 4. 18:Confirmation

Then click Restart Now on the final dialog box

Figure 4. 19:Restart To Effect

20
2- Installing Active Directory Users & Computers on a Windows Server

Click the Windows button and type ‘add feature’ to start the feature installation:

Figure 4. 20:Windows Features

This opens up the ‘Add roles and features’ wizard in Server Manager. Click Next a couple of
times until you reach the features section:

21
 Figure 4. 21:Add Roles and Features

In the features section expand ‘Remote Server Administration Tools’ all the way down to the
‘AD DS Snap-Ins’ component. Select it and click Next:

Figure 4. 22:ADDS Installation

Click Install to complete the installation.

3- Install Group Policy Management Console

22
Navigate to Start → Control Panel → Programs and Features → Turn Windows features on
or off.

In the Add Roles and Features Wizard dialog that opens, proceed to the Features tab in the
left pane, and then select Group Policy Management.

Click Next to proceed to confirmation page.

Click Install to enable it.

4- DNS Configuration

To configure your DNS server, follow these 5 steps:

First, you’ll need to start the Configure Your Server Wizard. To do so, click Start -> All
Programs -> Administrative Tools, and then click Configure Your Server Wizard.

On the Server Role page, click DNS server, and then click Next.

On the Summary of Selections page, view and confirm the options that you have selected.
The following items should appear on this page:

• Install DNS

• Run the Configure a DNS Wizard to configure DNS

If the Summary of Selections page lists these two items, click Next.

If the Summary of Selections page does not list these two items, click Back to return to the
Server Role page, click DNS, and then click Next to load the page again.

When the Configure Your Server Wizard installs the DNS service, it first determines whether
the IP address for this server is static or is configured automatically. If your server is
currently configured to obtain its IP address automatically, the Configuring Components
page of the Windows Components Wizard will prompt you to configure the server with a
static IP address. To do so perform the following actions:

In the Local Area Connection Properties dialog box, click Internet Protocol (TCP/IP), and
then click Properties.

Next, click Use the following IP address, and then type the static IP address, subnet mask,
and default gateway for this server.

In Preferred DNS, type the IP address of this server.

23
In Alternate DNS, either type the IP address of another internal DNS server, or leave this
box blank.

When you’ve finished setting up the static IP addresses for your DNS, click OK, and then
click Close.

After you Close the Windows Components Wizard, the Configure a DNS Server Wizard will
start. In the wizard, follow these steps:

On the Select Configuration Action page, select the Create a forward lookup zone check
box, and then click Next.

To specify that this DNS hosts a zone containing DNS resource records for your network
resources, on the Primary Server Location page, click This server maintains the zone, and
then click Next.

On the Zone Name page, in Zone name, specify the name of the DNS zone for your
network, and then click Next. The name of the zone is the same as the name of the DNS
domain for your small organization or branch office.

On the Dynamic Update page, click Allow both nonsecure and secure dynamic updates,
and then click Next. This makes sure that the DNS resource records for the resources in
your network update automatically.

On the Forwarders page, click Yes, it should forward queries to DNS servers with the
following IP addresses, and then click Next. When you select this configuration, you forward
all DNS queries for DNS names outside your network to a DNS at either your ISP or central
office. Type one or more IP addresses that either your ISP or central office DNS servers use.

On the Completing the Configure a DNS Wizard page of the Configure a DNS Wizard, you
can click Back to change any of your selected settings. Once you’re happy with your
selections, click Finish to apply them.

After finishing the Configure a DNS Wizard, the Configure Your Server Wizard displays the
This Server is Now a DNS Server page. To review the changes made to your server or to
make sure that a new role was installed successfully, click on the Configure Your Server log.
The Configure Your Server Wizard log is located at:

%systemroot%\Debug\Configure Your Server.log

To close the Configure Your Server Wizard, just click Finish.

Setting Up a DNS Forward Lookup Zone

24
Forward lookup zones are the specific zones which resolve domain names into IP
addresses. If you’ve followed the configuration instructions above, your forward lookup zone
should already be set up. If for some reason you need to set up a forward lookup zone after
configuring your DNS, you can follow these instructions:

First, open up DNS by navigating to the Start menu -> Administrative Tools -> DNS.

Expand the server and right click Forward Lookup Zones and click New Zone.

Click Next and select the type of zone you want to create.

Select the method to replicate zone data throughout the network and click Next.

Type in the name of the zone.

Select the type of updates you want to allow and click Next.

Once you’ve completed everything, click on Finish.

Changing the DNS Server for Network Interfaces

If you need to change the DNS server for different network interfaces, you can do so using
the following:

In Network Connections, right-click the local area connection, and then click Properties.

In Local Area Connection Properties, select Internet Protocol (TCP/IP), and then click
Properties.

Click Use the following DNS server addresses, and in Preferred DNS server and Alternate
DNS server, type the IP addresses of the preferred and alternate DNS servers.

To add more DNS servers, click the Advanced button.

Flush the DNS Resolver Cache

A DNS resolver cache is a temporary database created by a server to store data on recent
DNS lookups. Keeping a cache helps speed up the lookup process for returning IP
addresses. You can use the command ipconfig /displaydns to see what entries are currently
stored in your server’s cache.

Sometimes though, a virus will hijack a servers DNS cache and use it to re-route requests.
This is sometimes referred to as cache poisoning, and is one of several reasons why you
may want to flush the DNS cache.

To do so, enter the following command:

25
ipconfig /flushdns

When completed successfully, you should receive a message that says “Windows IP
configuration successfully flushed the DNS Resolver Cache.”

5- WSUS Installation

Figure 4. 23:Network Setup

On your Server, open Server Manager, on the Dashboard, click Add Roles and Features
then click next 3 times till you get Select server roles box, in Select server roles box, select
the Windows Server Update Services (In the pop-up window, click Add Features)… then
click Next…

26
 Figure 4. 24:WSUS Installation

On the Select features box, click Next…

Figure 4. 25:WSUS Features

On the Windows Server Update Services box, click Next…

27
 Figure 4. 26:WSUS Installation

On the Select role services box, verify that both WID Database and WSUS Services are
selected, and then click Next…

Figure 4. 27:WSUS Services

On the Content location selection box, type C:\Comsys WSUS, and then click Next…

28
 Figure 4. 28:WSUS Path Selection

On the Web Server Role (IIS) box, click Next…

Figure 4. 29:IIS Role

On the Select role services box, click Next…

29
 Figure 4. 30:Additional Services

 On the Confirm installation selections box, click Install…

Figure 4. 31:Final WSUS Setup

When the installation completes, click Close…

30
 Figure 4. 32:Installation Ongoing

Figure 4. 33:Installation Completed

Open Windows Server Update Services console, in the Complete WSUS Installation

window, click Run, and wait for the task to complete then click Close…

31
 Figure 4. 34:WSUS Connection

Figure 4. 35:WSUS Connection Completed

In the Windows Server Update Services Configuration Wizard window, on the Before You
Begin, click Next to proceed…

32
 Figure 4. 36:WSUS Configuration

On the Join the Microsoft Update Improvement Program, just click Next…

Figure 4. 37:WSUS Update Program

33
On the Choose Upstream Server box, click the Synchronize from Microsoft Update option
and then click Next…

Figure 4. 38:WSUS Upstream Server

34
On the Specify Proxy Server box, click Next…

Figure 4. 39:Proxy Server Setup

35
On the Connect to Upstream Server box, click Start Connecting. Wait for the Windows
Update to be applied, and then click Next…

Figure 4. 40:WSUS Connection Testing

36
 Figure 4. 41:WSUS Connection Testing Done

On the Choose Languages box, click Next…

Figure 4. 42:WSUS Language Selection

37
On the Choose Products box, I choose Windows 8 and Windows Server 2012 R2 (you can
use any Updates follow by you existing application), and click Next…

Figure 4. 43:Product Selection

On the Choose Classifications box, I choose Critical Updates (you can choose all updates
classification if you require, and your internet is fast) click Next…

Figure 4. 44:Classification

On the Set Sync Schedule box, I choose Synchronize manually, then click Next…

38
 Figure 4. 45:Synchronize Setup

On the Finished box, click the Begin initial synchronization option, and then click Finish…

39
 Figure 4. 46:Begin initial synchronization

In the Windows Server Update Services console, in the navigation pane, double-click DC01,
and please spend few minutes to reviews what you had on the WSUS consoles and the
information…

** If you notice in my WSUS Server, WSUS is synchronizing update information, this might
take few minutes…

Figure 4. 47:WSUS Synchronize

If everything goes well, on the synchronization status you can see that Status is Idle and
the Last Synchronization result: Succeeded… 

40
 Figure 4. 48:Sync Status

Next, let’s add Computer Group to WSUS, this method is to make sure that any computer
listed in the Computer Group will get the Updates from WSUS Server. On the WSUS
console, click Options and then double click Computers…

Figure 4. 49:Add Computers

In the Computers dialog box, select Use Group Policy or registry settings on computers then
click OK…

41
** I choose Use Group Policy because I wanted all my clients getting windows updates by
GPO…

Figure 4. 50:Group Policy or registry settings

Next, click All Computers, and then, in the Actions pane, click Add Computer Group…

Figure 4. 51:Adding Computer Group

In the Add Computer Group dialog box, in the Name text box, type Computer system Laptop,
and then click Add…

42
 Figure 4. 52:Selecting Name for the Computer Group

Once you successfully add a New Computer Group to WSUS, now we need to create new
GPO and configure it so that all our clients will be affected by this GPO to get the Windows
Updates…

** On the Domain Server, open Group Policy Management, right click Computer system
Laptop and then click Create a GPO in this domain, and Link it here…

Figure 4. 53:Creating New GPO

In the New GPO dialog box, type WSUS Computer system Laptop, and then click OK…

43
 Figure 4. 54:Name the Group GPO

Next, right-click WSUS Computer system Laptop, and then click Edit…

Figure 4. 55:Edit GPO

44
Next, in the Group Policy Management Editor, under Computer Configuration, double-click
Policies, double-click Administrative Templates, double-click Windows Components, and
then click Windows Update…

Figure 4. 56:Configure GPO

Next, in the setting pane, double-click Configure Automatic Updates, and then click the
Enabled option, under Options, in the Configure automatic updating field, click and select 3 –
Auto download and notify for install, and then click OK…

Figure 4. 57:Configure Automatic Update

45
In the Setting pane, double-click Specify intranet Microsoft update service location, and then
click the Enabled option, then in the Set the intranet update service for detecting updates
and the Set the intranet statistics server text boxes, type http://dc01.comsys.local:8530, and
then click OK…

Figure 4. 58:Specify intranet Microsoft update service location

In the Setting pane, double click Enable client-side targeting, in the Enable client-side
targeting dialog box, click the Enabled option, in the Target group name for this computer
text box, type Computer system Laptop, and then click OK…

Figure 4. 59:Enable client-side targeting

46
Next, let’s log in to our client PC as domain administrator and verify that our client is
receiving the GPO by typing gpresult /r in the command prompt, In the output of the
command, confirm that, under COMPUTER SETTINGS, WSUS Comsystem Laptop is
listed under Applied Group Policy Objects…

Figure 4. 60:Testing GPO

Next, we need to Initialize the Windows Update by typing Wuauclt.exe /reportnow

/detectnow in the cmd…

Figure 4. 61:Initialize the Windows Update

47
Next, we need to Approve and at the same time deploy an Update to our client PC…

in WSUS console, under Updates, click Critical Updates, right click any updates you prefer
for your client PC and then click Approve…

Figure 4. 62:Approve and deploy an Update

In the Approve Updates window, in the Computer system Laptop drop-down list box,
select Approved for Install…

Figure 4. 63:Approved for Install

48
Next, Click OK and then click Close…

Figure 4. 64:Finale Approval

Figure 4. 65:Approval Status

49
Now, to  deploy the selected updates, on the Client PC, in the cmd type  Wuauclt.exe  /detectnow…

Figure 4. 66:deploy the selected updates

before you confirm the client can receive the update from the WSUS Server, return to WSUS
Server and the on the WSUS console, on the Download Status, verify that the necessary /
selected updates is finish downloading…

Figure 4. 67:Update Download Status

50
Next, Click Critical Updates, the right panes, verify that few updates is stated 100%…

Figure 4. 68:Verify Critical Update

Now return to Client PC and open Windows Update from Control Panel, you should notice
update available for your client PC and you can proceed with installation…

Figure 4. 69:Install Downloaded Updates

51
 Figure 4. 70:Installation Status

6- File Server

Login to the Domain Server

Open Server Manager from the Left down corner of server Desktop as shown belowClick on
Add Roles & Features from Server Manager Dashboard as shown below.

Figure 4. 71:File Server Installation

52
Click on Next to Begin the Process as shown below

Figure 4. 72:Add Rule and Feature Wizard

53
By default, Role based or featured based Installation is selected already so we will continue
with default settings & click on Next as shown below

Figure 4. 73:Selecting Installation Type

54
On Next window Continue with default server (Test) selection & click on Next as shown
below

Figure 4. 74:Selecting Server

You can see the file and Storage services is selected already because we are installing this
service on Domain controller but if you install and add this Role service on any other fresh
server then you have to follow the same process.

55
Figure 4. 75:Select File Server Feature

56
The wizard will report you about the features which will be installed and will ask for your
confirmation.

Figure 4. 76:Installation Status

57
Here we must add file server resource manager feature which will be required to control over
the file types users saving in the servers.

Figure 4. 77:File Server and Storage Services

58
The wizard will ask for adding some other features to the installation process.

Figure 4. 78:Other Features

Press next to confirm the installation begin.

59
 Figure 4. 79:Start Install

The installation has successfully done.

Figure 4. 80:File Server Installation Result

60
You can confirm the successful installation by clicking here as well.

Figure 4. 81:File Server Installation Notification

61
Now its time to configure FSRM or file server resource manager.

Figure 4. 82:File Server Resource Manager

62
By opening FSRM click on file screening management and add specifications for controlling.

Figure 4. 83:File Screening

63
Right click on the middle of the page and create a file screening.

Figure 4. 84:Create File Screen

By clicking on the file path, you can browse and select the folder you want to apply the
control over it.

Figure 4. 85:Select Folder Path

64
You can set control type by selecting Block or allow specific file type.

Figure 4. 86: Last Create Option

And we are done with the installation and configuration of the file server.

4.2 Topology design (I.T)

A Network Topology is the arrangement with which computer systems or network devices
are connected to each other. Topologies may define both physical and logical aspect of the
network. Both logical and physical topologies could be same or different in a same network.

Topology Used (Tree Topology):

A tree topology is a special type of structure where many connected elements are arranged
like the branches of a tree. For example, tree topologies are frequently used to organize the
computers in a corporate network, or the information in a database.
In a tree topology, there can be only one connection between any two connected nodes.
Because any two nodes can have only one mutual connection, tree topologies create a
natural parent and child hierarchy.
In computer networks, a tree topology is also known as a star bus topology. It incorporates
elements of both a bus topology and a star topology. Below is an example network diagram

65
of a tree topology, where the central nodes of two-star networks are connected to one
another.

4.2.1 Main office topology design

Figure 4. 87:Main Topology Design

66
Chapter 5 | Configuration Procedure/Coding (IT)
5.1 Configuration Procedure

 Physical setup (Racking and wiring)

 Windows Server Installation
 Server Hardening and Setup
 Add Windows roles and features

Router and Switch Configuration:

 Physical setup (Racking and wiring)

 Configuring and coding devices

5.2 Configuration Coding

 Windows Server Installation

1: Installing Microsoft Windows Server as per requirement

2: Formatting desk and make ready server logical partition

3: Genuine Microsoft Windows

4: Windows should be updated online using control panel, windows update, install update

5: restart the server

6: Default administrator user must be renamed to guest and guest user must be renamed to
administrator then a super admin user must be added

7: Installing antivirus

8: join server to the domain controller

9: restarting the server

10: moving the server to its OU in Active Directory

11: Adding Super user to the domain admin and enterprise admin groups of AD

12: turning the server firewall off

13: Enable server remote access

64
14: select valid IP, Gateway, and DNS address to the server

15: Take backup of the server register in D Drive

 Server Hardening and Setup

1: apply the bellow changes in the Register after backup.

Default Share created by the system should be removed:

steps:

1: Click on [Start]>[run]>type'regedt32' and click [OK]

2: Locate the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
\

3: Find the value named AutoShareServer and change DWORD value to 0. if it is not
present then add it

Perform the following steps to configure TCP/IP parameters to reduce the likelihood and
effect od DoS attacks

1: open registery (regedt32.exe) and find the key bellow.

Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

2: Add to edit the following values:

Key: TCPIP\Parameters

Value: SynAttackProtect

Value Type: REG_DWORD

Parameter: 1

Key: TCPIP\Parameters

Value: EnableCMPRedirect

Value Type: REG_DWORD

Parameter: 0

Key: TCPIP\Parameters

Value: EnableDeadGWDetect

65
Value Type: REG_DWORD

Parameter: 0

Key: TCPIP\Parameters

Value: EnablePMTUDiscovery

Value Type: REG_DWORD

Parameter: 0

Key: TCPIP\Parameters

Value: KeepAliveTime

Value Type: REG_DWORD

Parameter: 300000

Key: TCPIP\Parameters

Value: DisableIPSourceRouting

Value Type: REG_DWORD

Parameter: 2

Key: TCPIP\Parameters

Value: TcpMaxConnectResponseRetransmissions

Value Type: REG_DWORD

Parameter: 2

Key: TCPIP\Parameters

Value: TcpMaxDataRetransmissions

Value Type: REG_DWORD

Parameter: 3

66
Key: TCPIP\Parameters

Value: TCPMaxPortsExhausted

Value Type: REG_DWORD

Parameter: 5

E&Y Recommendations

1: Remote Access Account Lockout Policy

regedit32 >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters
\AccoutnLockout > Set [MaxDanials] to 5 attempts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters
change the value of EnableAudit to 1

 Add Windows roles and features

Use the following steps to add Windows roles and features:

To open Server Manager, click the Server Manager icon in the taskbar or select Server
Manager in the Start Menu.

Click Manage in the upper right portion of the screen and click Add Roles and Features to
open a wizard.

Note: You cannot add roles and features until Server Manager finishes loading. Wait
until Server Manager loads before you add roles and features.

On the Before you begin page, click Next to begin. You can skip this page in the future by
checking Skip this page by default box.

On the Select installation type page, choose Role-based or feature-based installation and
click Next.

On the Server Selection page, choose the server to which you want to add the role or
feature. In most cases, this choice is the server you are logged in to. Click Next.

67
Select all desired roles on the Server Roles page. When you add roles, the wizard prompts
you to add prerequisite roles and features, if any. After you have selected the desired roles,
click Next.

Select all desired features on the Features page and click Next.

Complete the configuration of the selected roles and features and click Next on each screen.

After you complete the initial configuration of the chosen features, the Confirmation page
displays and lists a summary of the changes. Verify the changes before proceeding. If you
want the server to restart automatically after installation completes, check the box labeled
Restart the destination server automatically if required.

Click Install to add the chosen roles and features.

Router and Switch Configuration:

 Physical setup (Racking and wiring)

 Configuring and coding devices

Router Configuration:

Router> enable

Router# configure terminal

Router(config)# line vty 0 15

Router(config)# line console 0

Router(config)# interface gigabitEthernet 0/0/0

Router# show running-config

Router# copy running-config startup-config

Router(conf)#

Router(conf)# hostname R1

Router(conf)# banner motd "No unauthorized access allowed!"

Router(conf)# enable password class

Router(conf)# enable secret class

Router(conf)# service password-encryption

Router(config)# line vty 0 15

68
Router(config)# line console 0

Router(config)# interface gigabitEthernet 0/0/0

Router(config-line)#

Router(config-line)# password cisco

Router(config-line)# login

Router(config-line)# transport input all (line vty)

Router(config-if)#

Router(config-if)# interface gigabitEthernet 0/0/0

Router(config-if)# int g0/0 //command abbreviation

Router(config-if)# ip address 192.168.1.1 255.255.255.0

Router(config-if)# no shutdown

Basic Switch Commands

=================================

Switch(greater than sign) enable

Switch# configure terminal

Switch(config)# line vty 0 15

Switch(config)# line console 0

Switch(config-line)#

Switch(config)# interface vlan 1

Switch(config-if)#

----------------------------

Switch#

Switch# configure terminal

Switch# show ?

Switch# show running-config

69
Switch# copy running-config startup-config

Switch# ping 192.168.1.100

Switch# traceroute 192.168.1.100

Switch# ssh 192.168.1.100

Switch# telnet 192.168.1.100

Switch# debug ?

Switch# clock set 07:14:00 October 15 2019

Switch# reload

---------------------------------

Switch(conf)#

Switch(conf)# hostname R1

Switch(conf)# banner motd "No unauthorized access allowed!"

Switch(conf)# enable password class

Switch(conf)# enable secret class

Switch(conf)# service password-encryption

Switch(config)# line vty 0 15

Switch(config)# line console 0

Switch(config)# interface vlan 1

----------------------------------------------------

Switch(config-line)#

Switch(config-line)# password cisco

Switch(config-line)# login

Switch(config-line)# transport input all (line vty)

----------------------------------------------------

Switch(config-if)#

Switch(config-if)# interface vlan 1

70
Switch(config-if)# ip address 192.168.1.2 255.255.255.0

Switch(config-if)# no shutdown

Switch(config-if)# exit

Switch(config)# ip default-gateway 192.168.1.1

71
Chapter 6 | Testing
6.1 Testing techniques and testing
6.2 Testing report
Testing:

Router# ping 192.168.1.100

Router# traceroute 192.168.1.100

Router# ssh 192.168.1.100

Router# telnet 192.168.1.100

6.3 Debugging report

 Router(conf)# no ip domain-lookup //prevents miss-typed commands from being
"translated..."
 Router(conf-line)# logging synchronous //prevents logging output from interrupting
your
 Debugging:
 Router# debug ?
 Router# clock set 07:14:00 October 15 2019
 Router# reload

72
Chapter 7 | Cost Estimation
7.1. Approximate cost of the hardware
Hardware Price Quantity
PowerEdge R240 Rack Server $619.00 One
Diesel Engine Power Distributor $4,299 1-4 set
Sophos XG 86 VPN Firewall $795.00 One
Cisco 2800 ISR router $3895 One
Cisco Catalyst 9200 Series Switch $6764 One
Rack 42U $899 One
AC $16,666 One
Fire Alarm (Smoke Detector) $100 One
UPS (Battery) $8,474.77 One
Rj45 Connector $10.22 One Pack
Network Cables $100 One Pack
HikVision Security Camera $1,378.00 Whole Service
Pack
7.2. Approximate cost of the software
Software Price
Windows Server 2016 $110
7.3. Approximate cost of the project implementation
Networking $ 2000
Power and electricity $ 10,000
CCTV Configuration $ 500
Infrastructure Team Service Pay $ 5,000
Risk and extra costs $ 10,000
7.4. Overall cost of the project
$ 71609.22

73
Chapter 8 | Future Plans and Expansion
8.1 Future plan
 Building a Sustainable Data Center

To me, building a sustainable data center means building facilities that don’t have a lasting,
detrimental impact on the planet. It means powering our data centers from renewable energy
sources; it means designing the most energy efficient facilities we possibly can and using the
very latest techniques and engineering infrastructure to provide efficient power and cooling
to our data halls.

It also means considering the recyclable content of materials we use for our facilities,
minimizing waste to landfill and consider recycling waste heat, whilst ensuring our facilities
are well maintained. It means working with our customers to ensure they are streamlining
their computing practices and deploying highly efficient server technology.

Today, renewable energy is often less expensive than brown power. Buyers can negotiate
long-term fixed-price or stable-price contracts for energy. This means energy costs from
companies using renewables are likely to be more stable and offer more reliable pricing than
fossil fuels.

If we can do all these things, then we are moving toward a sustainable data center and a
sustainable business. What’s good for the planet is good for business.

 How the Internet of Things (IoT) Has Impacted Data Center Development

IoT devices gather large amounts of data which can put big demands on data centers and
their networks. Whilst much of the focus around the IoT tends to be around the
decentralization of deployment or edge computing, where devices sit close to the end points
they are monitoring, the centralized data center and Cloud still play a crucial part as data is
streamed back to a centralized hub for analysis.

Connectivity is often an issue as most of these applications require a low latency connection
from their out-of-town location back to the centralized data center.

Ironically, this means that despite measures taken to reduce energy consumption and
carbon emissions – things like electric vehicles, autonomous cars, smart building systems
controlling efficient use of HVAC systems through temperature sensors, reduced airline
travel by holding video calls, etc. – this drives more traffic through our data centers and
increases energy consumption.

In terms of Edge data centers, we are seeing increasing demand from customers who
require smaller parcels of IT capacity in out-of-town locations. This can be a challenge for

74
data center operators, since the size of a potential deployment may not justify the investment
required to build a new facility outside of primary data center locations.

At Iron Mountain Data Centers, we have a unique advantage on Edge data centers since we
already operate 1,450 global storage facilities through Iron Mountain Group. This provides
access to existing facilities in many secondary and tertiary locations.

 Selecting a Building Site

When it comes to selecting a data center location, customer demand is usually focused on
developed and established locations. As a result, all of the pre-requisites of data center
facilities – available power, access to established networks and connectivity, local
governments who understand and welcome data center businesses – are available and can
deliver functional facilities in a timely and cost effective manner.

From a funding perspective, debt and equity lenders are far more comfortable lending for
developments in established markets such as the FLAP markets in Europe; North Virginia,
Phoenix, Dallas, New York, Silicon Valley, Atlanta and Chicago in North America; and
Singapore, Hong Kong, India, Australia and Japan in APAC.

 Data Center Locations in Demand

At Iron Mountain Data Centers, all our developed markets are in demand. In Europe, we’re
seeing demand in FLAP and the Nordic countries, as well as inquiries from places like Berlin
and Munich in Germany, Milan in Italy, Madrid in Spain, and other locations in Switzerland,
Poland, Turkey and Belgium.

In North America, all the key markets are busy, but our biggest demand continues to come in
Virginia and Phoenix.

In APAC, our Singapore facility is close to being full and we are seeing increasing amounts
of inquiries for Hong Kong and Indonesia. Our largest growth potential, however, is coming
from India, where we expect demand to double over the next couple of years in markets
such as Mumbai, Chennai, Bangalore, Kolkata, Hyderabad and Pune.

 Different Solutions for a Variety of Customers

Data center customers are diverse, and their data center needs are too. Our retail colocation
customers often want a standard product offering in an existing facility. We strive to provide
tailor-made solutions for our customers, but many colocation customers are happy with
standard designs and can make it work for their requirements.

75
Our bigger customers often have specific engineering requirements. These are often larger
deployments that require exclusive use of a data hall and the associated engineering
infrastructure. We are seeing an increasing trend for some of our bigger customers to be
actively involved in the design process.

 The Data Center of the Future

In the future, I think we will see a rise in decentralized locations for data centers, driven by
Edge. Data centers will be far more efficient in the engineering infrastructure, as well as the
efficiency of the servers deployed within the facilities. As design evolves, data centers will
hopefully consume less energy, generate less heat and be able to operate at higher
temperatures.

I suspect the operating temperatures within data halls will increase and engineering
infrastructure will be simplified as customers will be more dependent on the resiliency of their
own equipment, rather than rely on the infrastructure of their host. AI will inevitably be used
to much greater effect to ensure efficiency and resilience.

We will also see more carbon reduction technology such as carbon scrubbers. These are
just one more step towards a future where data centers become harmless to the
environment. Hopefully, with each new development, we are closer to meeting that goal.

8.2 Expansion possibility

This project consisted of a Data Center Design renovation and expansion of an existing 800
sq/ft data center which included infrastructure upgrade and increase of overall footprint. The
existing and expanded data center had to utilize independent cooling systems (separate
from the building plant), independent electrical supply and redundant UPS and cooling
equipment.

Additional infrastructure was added to their UPS room, UPS/Switch room and the data
center. These renovated rooms are now primarily cooled by a dedicated Glycol Cooling
System being distributed by a two 15 hp Glycol Pump Package with three 3- fan Liebert dry
coolers located on the roof of the 4th floor. All rooms are now protected by a new fire
suppression system and environmental monitoring was added to monitor the new Liebert
equipment installed, all fire suppression/detection systems, the existing UPS system and the
water detection system was expanded.

The renovation consisted of decommissioning and removal of four up-flow computer room
air conditioning units and three roof top dry coolers. Demolition of existing interior walls and
ceiling to accommodate new expanded data center area. Construction of new and repairing

76
of existing walls; all walls were constructed and/or repaired to conform to the UL 419 1 hour
assembly rating. Installation of a new suspended ceiling system with 24” x 24” vinyl faced
acoustical panels, new lighting throughout expansion area and raised access floor with 1/16”
high performance.

EEC coordinated all delivery and rigging for provided equipment and also coordinated the
equipment start-up and certifications services for all new equipment with the factory
authorized technicians. The company also contracts with EEC to maintain all UPS systems,
UPS batteries, HVAC systems, and fire suppression/detection systems.

77
Conclusion
The consolidation of distributed data centers or server rooms on university campuses offers
many advantages to their owners and administrators, but only minimal disadvantages. The
University at Albany carried out a decade-long project to design and build a state-of-the-art
data center. The libraries participated in a two-year project to migrate their servers to the
new data center. This included the hire of a data center migration consulting firm, the
development of a migration plan and schedule for the physical move that took place late
summer 2014. The authors have found that there are many advantages to consolidating
data centers, including taking advantage of economies of scale, an improved physical
environment, better backup services and security systems, and more. Lessons learned from
this experience include the value of participating in the process, reviewing migration
schedules carefully, clarifying the costs of consolidation, contributing to the development of
an SLA, and communicating all plans and developments to the libraries’ customers,
including faculty, staff, and students. As other university libraries consider the possibility of
consolidating their data centers, the authors hope that this paper will provide some guidance
to their efforts.
References
1- “Gigabit Campus Network Design-Principles and Architecture” at
http://ww.cisco.com/warp/public/cc/so/neso/cpso/gcnd_wp.html
2- “Data Centers: Best Practice for Security and Performance” at
http://www.cisco.com/warp/public/cc/so/neso/wnso/power/gdmdd_wp.pdf

http://www.msi.org/publications/publications.cfm?pub=857
http://www.google.com.pl/
http://en.wikipedia.org/wiki/Actor-network_theory
http://www.nature.com/ncb/jornal/v1/n1/full/ncb0599_E13.html
http://stat.gamma.rug.nl.snijders/kadushin_concepts.pdf
http://www.trainsignal.com
http://www.microsoft.com
3- An introduction of Wireless Technologies, F.Ricci,2010/2011
4- Cisco Press -CCNA Security 1.0 Course Booklet 2010 published by cisco press
5- CCNA Security 640 -554 the author “Keith Barker” CCIE No.6783 (R&S and
Security_ Rode in 2013
6- N. Nadarajah, E. Wong, and A. Nirmalathas, “Automatic Protection Switching and
LAN emulation in Passive Optical Networks, “IEE Elect. Lett, Vol.42, no.3, PP173-
173,2006
7- Traffic Management and measurement of bandwidth & Loads, Mark Minasi, 2014
8- 802.11 Wireless LAN Fundamental, P. Roshan and lury, Cisco press, 2004
9- Server Administration “Chaptere 3” Configure Network Services and Access