BACOLOD CITY COLLEGE

BACHELOR OF SCIENCE IN INFORMATION SYSTEM

FORTUNE TOWNE TRAINING CENTER, BACOLOD CITY

CASE PROBLEM
FOR
SYSTEM INFRASTRUCTURE

Submitted by:

Pormento, Hiezy L. – Leader

Calamba, Clarissa C.
Villeta, Lizette Joy L
Colango, Hazel A.
Gamao, Lovely .

Submitted to:
Mr. Arnel Maghinay

June 20, 2020

I. INTRODUCTION

Lending is the principal business activity for most commercial banks. The loan
portfolio is typically the largest asset in the predominate source of revenue. As such,
it is one of the greatest source of risk to a bank’s safety and soundness. Whether due
to lax credit standards, poor portfolio risk management, or weakness in the economy,
loan portfolio problems have historically been the major cause of bank losses and
failures.

Company ABC is a medium scale lending business that provides financial

assistance to the retires (pensioners).

The company has the following departments:

1. Accounting
2. Marketing
3. Information Technology
4. Human Resource

II. AIM AND OBJECTIVE OF THE STUDY

The company would like to set up a network with centralized server where every
member of the department will log in.

The following are the requirements of the server:

1. Active Directory Services

2. Organizational Unit per department
3. Printer sharing per department
4. Folder redirection per organizational unit
5. Folder mapping per organizational unit
6. Set quota limit for every Active Directory users of 1024 MB

Design an IP address for each department that will fit the need of the company.
Assume that each department will have 254 users. Include in your case study your
IP address per client and its subnet mask.

III. SCOPE OF THE STUDY

This study covers ABCs creating a network and displaying the structure of the
company. Making sure all the department sectors will be connected and get the same
information.


Figure 1.0 Centralized Server Network

Figure Shows ABCs network with centralized server where every member of the
department connected to one server. Showed that every department has it own
unique IP address.

ABCs AUTHENTICATION AND A CENTRALIZED LOG IN SERVER

Application login/requirements can range from basic username/password

authentication to form-based authentication to digital certificates. We recommend:

• Managing all log in pages from a central log in server to avoid duplication on
every web application
• Managing all other system-wide resources, such as password services pages,
error pages, and terms and conditions pages from a central server.
Login Page Use Cases

The purpose of the following use cases is to get you thinking about configuring
Centralized server authentication. These use cases reflect best practices and are
intended to identify techniques that you can use as part of a global architecture.
These use cases are not intended as a final architecture. Extrapolate the necessary
infrastructure from these cases to configure login pages that best meet the needs of
company.
ABCs Centralized Server Login Page
In this use case,
CA Single Sign-On
directs users to a centralized login page when they request a protected resource.
Specifically:

• A dynamic login page (login.asp) is deployed to the Web Agent host system.
• The dynamic login page is coded to:
o Post to a login FCC file (login.fcc).
o Display an error message when the SMTRYNO cookie is present in
the web browser of the user.
• The login FCC file is configured with an @directive (@smretries) to redirect
users to a failed authentication page (login.unauth) after two failed
authentication attempts.
• A CA Single Sign-On

administrator has configured a form–based authentication scheme named

Auth1. The target of Auth1 is login.asp.

The following diagram illustrates the authentication process for this use case:
Centralized Server dynamic forms login:
1. A user requests a
protected resource.
2. The Web Agent
contacts the Policy
Server, which
determines that the
resource is protected.
3. The Web Agent
redirects the user
request to login.asp.
4. The user submits
invalid credentials.
The credentials are
posted to the login.fcc
Figure 2.0 Centralized Server
file and processed by Login Authentication

the FCC.
5. The FCC forwards the
credentials to the Policy Server.
6. The Policy Server determines that the credentials are invalid and notifies the
FCC.
7. The FCC inserts the SMTRYNO cookie into the web browser of the user and
redirects the user to the login page.
8. The login page refreshes with an error message. The error message states that
invalid credentials were supplied and to try again.
9. The user submits invalid credentials. The credentials are posted to the
login.fcc file and processed by the FCC.
10.The FCC forwards the credentials to the Policy Server.
11.The Policy Sever determines that the credentials continue to be invalid and
notifies the FCC.
12.The user has exceeded the maximum number of failed authentication attempts
and is redirected to a page that displays a failed authentication message.


Figure 3.0 Active Directory Service

Figure 1.0 showed how ABC company active directory service works. Active
Directory uses Lightweight Directory Access Protocol (LDAP). LDAP operates
above TCP/IP and defines ways of address and access to objects between the client
and Active Directory server. Accordingly to LDAP protocol each object in catalogue
has its unique Distinguished Name, and this name distinguishes the object from other
Active Directory objects and also prompts where the given object is located.
Distinguished Name consists of common name (CN) and domain component –
domain constituent.
Common name defines an object or a container in which this object is positioned
whereas the domain component defines the domain where this object is located.
Besides in the distinguished name there could be indicated the organization which
the object belongs to. Logical elements of the Active Directory are objects,
containers (OU), trees, domains and forests.

Object is a definite set of attributes having its unique name e.g. a user of the network.
Accordingly to LDAP protocol, each object in the catalogue has its unique
Distinguished Name and this name distinguishes it from other objects of Active
Directory and also hints us where the given object is located. Unlike the object, the
container does not have physical presentation, and presents the totality of objects
and other containers in the network structure.

ORGANIZATION UNIT PER DEPARTMENT

Figure 4.0 Accounting

Department Organizational
Unit

Figure 4.0 Showed how the accounting department organizational chart provides a
visual representation of how the accounting team is structured. It helps to define
roles and how they are related, and it allows for better communication both within
the team and between department.

Figure 5.0 Marketing Department

Organizational Unit

Figure 5.0 Showed the organizational structure of the marketing department of

company can vary according to the individual company. Overall, putting an
organizational structure in place helps marketing employees and other employees of
the company to understand what the role of each person in marketing department.

Marketing manager and marketing director are often interchangeable in the world of
marketing. A marketing manager typically has the responsibility of carrying out the
marketing strategy for the company. This includes creating marketing messages,
choosing mediums such as website advertising and print advertising, and carrying
out other marketing campaigns and programs to reach the target audience company.


Figure 5.0 IT Department

Organizational Unit

Figured 5.0 Showed the common structure of an IT department which can be applied
in ABCs Company. The IT department develops, manages and maintains an
organization’s technology-related assets (hardware, software, systems, etc.,)
policies, procedure and systems. This includes, but is not limited to, the
administration of the company email systems, business intelligence and enterprise
resource planning [ERP] platforms, network setup, data backup and retrieval and
document storage. The group also provides employees with day-to-day technology
support to ensure that technology-related problems do not interfere with their work.

The systems analyst group works with end users, business unit managers and
customers to understand business needs and develop requirement and specifications
for systems and application. IT analyst acts as intermediaries between technical
developers and in end users and hopes of aligning business needs with system
designs and usability. Activities commonly performed by IT Analysis Group include
use case development, business process mapping and design, end user/stakeholder
interviews and system modelling (UML, SysML, etc.)
 Figure 6.0 HR Department
Organizational Unit

Figure 6.0 Human Resource department are often organized along functions and may
be hierarchical in nature. Common units in human resource department:

1. Recruitment:

Recruitment is a vital task for HR department because it determines what kind of

people will work for the company – whether they have the right knowledge and
skills, and whether they are suitable for the position or not. To accomplish this
mission, they HR department need to develop and execute quality recruitment
strategies to ensure that recruitment meets all affirmative action commitments.
2. Compensation and Benefits:

HR manager needs to establish strategic compensation plans, ensuring wages and

reward programs are administrated equally throughout the workforce. They need to
provide employees with benefit options, including health insurance, retirement
planning, life insurance, etc. What’s more, they are responsible for authorizing
salary changes, position changing an election.

3. Employee Relations

HR department is also responsible for investigating and solving employee

complaints, conflicts and concerns. Many possible issues might arise in a
company. For example, an employee is not satisfied with his performance
assessment result and seeks for revision. If this kind of circumstance happens, the
HR department needs to research on this issue, and solve the problem by
negotiating with his superior.

4. Training and Development

Through effective training, employees could enhance their knowledge, skills and
work abilities, so that they can improve their job performance. Human resource
department conduct needs analysis to decide what training is necessary to improve
performance and productivity.

5. Workforce Safety

HR department needs to ensure every staff working in a safe environment. It’s

their obligation to research and develop safety policies for the company that is in
compliance with state and federal laws and regulation. They need to identify
unsafe conditions and make clear notice on potential dangerous matters such as
dangerous equipment, chemical drugs, radioactive substances, etc.
PRINTER SHARING PER UNIT

ACCOUNTING

MARKETING

IT

HR

Figure 7.0 ABCs Printer Sharing

Per Department

ABCs Company Printer Sharing is comprised of two major parts - the Server
software and the Controller hardware. Controllers are connected to each printer
that should be controlled by the Sentinel and the software is installed on the printer
server.

When a user prints a document, the print job is sent to the Sentinel instead of the
printer. The job is then saved on the server until the user identifies themselves at a
printer using their ID card or key code.
Once the user is identified, their job will be sent to the printer where they identified
and printed. This printer does not have to be the printer to which they sent the job,
it can be any Sentinel-controlled printer.

In this way, the user could print the job in one branch of the company, drive to
another branch, identify themselves to a printer at the other branch and print their
job on location.
Additionally, Sentinel can be programmed to limit access to certain printers or to
limit the type and/or amount of pages a given user can print. If the user then tries to
print at an unauthorized printer or over their page limit, their job will not print and
they will be sent a reminder message.

It comes with its own management and report system. Any user can access their
own printing information, but only an administrator can access information about
everyone. Users can delete print jobs waiting to be printed if they don't want to
print them anymore. Also, they can generate their own reports to see their print
activity and change their personal settings.

Administrators can change any user settings, including limiting users' print quota
or printer access. They can generate reports about companywide printing behaviour
and they can access and change the jobs waiting to be printed by any user.

FOLDER REDIRECTION PER ORGANIZATIONAL UNIT

What is Folder Redirection?

This shows you how simply you can redirect folder in Windows Server with group
policy. The folder redirection is the way to keep a profile folders to a network
location or other location in the local computer. Typically user profiles and settings
are stored in local profile. By redirecting folders, you can access to data regardless
of which computers you are logs in.

In addition to the immediate benefit of having that data on a file server that is
much easier to keep backed up, the user also gets the benefit of being able to go to
multiple computers in your organization and still have access to their data. Using
the default Windows settings and the default share settings on your file server,
these redirection will be even made available offline automatically for your users.
The Policy-Based QoS node

This quality of service (QoS) node, known as the Policy-Based QoS node, defines
policies that manage network traffic. For example, you might want to ensure that
users in the Finance department have priority to run a critical network application
during the end-of-year financial reporting period. You can do that by using the
Policy-Based QoS node.
In the User Configuration node only, the Windows Settings folder contains the
additional Folder Redirection node. With folder redirection, you can redirect user
data and settings folders such as AppData, Desktop, Documents, Pictures,
Music, and Favorites from their default user profile location to an alternate
location on the network, where you can manage them centrally.

Create a Shared Folder

1 – On DC-CLOUD, on the taskbar, click the File Explorer icon, In the

navigation pane, click This PC.
2 – In the details pane, double-click Local Disk (C:), and then on the Home tab,
click New folder.

3 – In the Name text box, type Redir, and then press Enter.
4 – Right-click the Redir folder, click Share with, and then click Specific people.

5 – In the File Sharing dialog box, click the drop-down arrow,

select Everyone, and then click Add on and on this part you can add
Accounting, Marketing, IT and HR folder.
6 – For the Everyone group or you can choose the department that you created
a folder for Accounting, Marketing, IT and HR, click the Permission
Level drop-down arrow, and then click Read/Write.

7 – Click Share, and then click Done.

 Close the Local Disk (C:) window

02 – Create a GPO to redirect the Documents folder

1 – In Server Manager, click Tools and then click Group Policy Management.

2 – In the navigation pane, right-click the Windows.ae domain, and then

click Create a GPO in this domain and Link it here.
 3 – In the New GPO dialog box, in the Name text box, type Folder
Redirection, and then click OK.

4 – In the navigation pane, right-click Folder Redirection, and then click Edit.
5 – In the Group Policy Management Editor window, under User
Configuration, expand Policies,expand Windows Settings, and then
expand Folder Redirection.

6 – Right-click Documents, and then click Properties.

 7 – In the Document Properties dialog box, on the Target tab, click
the Setting drop-down arrow, and then select Basic-Redirect everyone’s folder to
the same location.

8 – Ensure that the Target folder location box is set to Create a folder for each
user under the root path.
9 – In the Root Path text box, type \\DC-CLOUD\Redir, and then click OK.

10 – In the Warning dialog box, click Yes.

 lose the Group Policy Management Editor

03 – Test Folder Redirection

1 – Sign in to CLIENT-10 as Windows\Administrator with the

password asd@123.

2 – Right-click Start, and then click Command Prompt.

3 – In the Command Prompt window, type the following command, and then press
Enter: Gpupdate /force

4 – In the command prompt window, when prompted, type the following, and then
press Enter:

Y
5 – Sign in to CLIENT-10 as Windows\Administrator with the
password asd@123.

6 – On the taskbar, click the File Explorer icon.

7 – In the navigation pane, in the Quick Access section, right-click Documents,
and then click Properties.

8 – Verify that on the General tab, the Location field has a value of \\DC-
CLOUD\redir\Administrator.

If this is not successful, repeat steps 2 through 7, and then check the
redirection once again.

9 – Sign out of CLIENT-10.

 FOLDER MAPPING PER ORGANIZATIONAL UNIT

ABC Company Main Folder Figure Shows how organized

the ABC files can be with the
Department
use of folder mapping there is
also an easiest way to locate
Marketing some files.
If your computer is part of a
Accounting
LAN and you want to use files

IT
that are stored in folders on a
networked computer, you’ll

HR want to map a drive letter to

that network folder to make it
HR Director easier to access. Mapping a
network folder in Windows 7
Employees locating the folder quick and
easy.
Customers
Email When you map a drive,
Windows shows the network
Customers
Email folder as a drive in the Network
Location section of Windows
Explorer. It will also appear in the Open dialog boxes of most programs (in the
Computer section of the Navigation pane).

1. Open the Computer window by choosing Start→Computer.

2. Click the Map Network Drive button on the toolbar to open the Map Network
Drive dialog box.

To be able to map a network folder to a local drive, the folder must be shared and
you must have network permission to access it on the other computer.

3. Select an unused drive letter for the network folder in the Drive drop-down list.
4. In the Folder text box, enter the network share pathname. When you’re done, click
OK.
You can type the path like the \servershare example shown, or you can click the
Browse button and locate the shared network folder. If you want to select a
previously mapped folder, you can select it from the drop-down list of previously
entered pathnames.
5. (Optional) Select the Reconnect at Logon check box to tell Windows to map this
same drive every time you start the computer.
Also, if you’re not an administrator, select the Connect Using Different Credentials
check box. Then ask an administrator on your network to enter their username and
password in the Windows Security dialog box that appears before you click OK.

6. Click the Finish button.

When you click Finish, Windows creates the network drive and automatically
opens it in Windows Explorer. After that, you can access any of the folder’s
subfolders and files by simply opening the network drive in the Computer window.

Setting quota limit for every Active Directory users of 1024 MB

Problem

Configuring disk quota limits for a particular user.

Using a graphical user interface

1. Open Windows Explorer.

2. Browse to the drive on which you want to enable quotas, right-click it, and
select Properties.
3. Click the Quota tab.
4. If quotas are enabled, click the Quota Entries button. If quotas are not
enabled, enable them as described in Recipe 3.15.
5. To configure a new quota entry for a user, select Quota → New Quota
Entry from the menu.
6. Use the object picker to locate the target user and click OK. The Add New
Quota Entry dialog will open.
7. If you've configured a default quota, that limit will be selected by default. You
can disable disk quota enforcement for this user or set new limit and warning levels.
After you are done, click OK.
Using a command-line interface

The following command configures a quota for a particular user:

> fsutil quota modify <Drive>

<WarningBytes>
<LimitBytes>
<Domain\User>

The following example sets a quota for user AMER\rallen with a ~381 MB
warning and ~1024 MB limit:

> fsutil quota modify d: 400000000 500000000 AMER\rallen

Using VBScript

' This code configures a quota for a particular user.

' ------ SCRIPT CONFIGURATION ------

strComputer = "."

strUser = "<User>" ' e.g., rallen

strUserDomain = "<Domain>" ' e.g., AMER

strDrive = "<Drive>" ' e.g., D: intLimit = 1024 * 1024 * 600 ' = 600 MB
intWarning = 1024 * 1024 * 350 ' = 350 MB ' ------ END CONFIGURATION -----
---- set objWMI = GetObject("winmgmts:\\" ...
IV. EXECUTIVE SUMMARY

ABC Company is medium scale financial business lending company providing

assistance to retires (pensioners) it helps to cultivate and managing customer
relationship. Storing large quantities of sensitive customer information in one server
with data security concern. All information and structure above was an assumption
for making a firm company structure and easiest way to connect the information
gathered by each department. Assuming that there will be 250 users provided below
IP address per client and its subnet mask as per required information needed..

Net bits IP Address Subnet Mask Total-addresses

20 192.168.1.1 255.255.240.0 64
21 192.168.1.2 255.255.248.0 32
22 192.168.1.3 255.255.252.0 16
23 192.168.1.4 255.255.254.0 8
24 192.168.1.5 255.255.255.0 4
V. CONCLUSION

This case study presents the manner of managing and functioning of the designed
server of ABC company including Accounting, Marketing IT and HR creating a
server based network within the organization. The presented structures can be used
by public companies aside from ABC involved in similar identical activities. The
structured designed by the group was based on what they have research. This was a
learning process for us encountering unfamiliar codes and names. We have learned
so much by just an assumption of collective information. Theoretical this has been
observed by other researched to be effective.

VI. RECOMMENDATION

Hackers are always on the look out for server vulnerabilities. It is your responsibility
to ensure your data is safe and secure. Minimize risks and be confident your data is
safe on secure servers by implementing our server security tips and best practises.

• Establish and use a Secure Connection

• Use SSH Keys Authentication
• Secure File Transfer Protocol
• Monitor Login Attempts
• Manage Users
• Establish Password Requirements
• Upgrade and Update Software Regularly
VII. REFERENCES

https://docs.microsoft.com/en-us/windows-server/storage/folder-

redirection/deploy-folder-redirection

https://iproject.com.ng/computer-science/automated-loan-lending-management-

system/index.html

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-

software/layer7-identity-and-access-management/single-sign-on/12-52-

02/implementing/implementing-ca-single-sign-on/authentication-and-a-

centralized-login-server.html

https://blog.netwrix.com/2019/06/20/map-network-drives-or-shared-folders-using-

group-policy-in-8-easy-steps/