LOMBA KETRAMPILAN SISWA

TINGKAT JATENG 2016

MODUL 3
SYSTEM INTEGRATION ISLANDS
DINAS PENDIDIKAN & KEBUDAYAAN PROVINSI JATENG
DINAS PENDIDIKAN PEMUDA DAN OLAHRAGA SURAKARTA
Sekertariat : SMK NEGERI 2 SURAKARTA
JL. LU. Adi Sucipto No. 33 Surakarta
Jawa Tengah
2016
MODULE 3 – SYSTEM INTEGRATION ISLANDS

CONTENTS
This Test Project proposal consists of the following document/file:
LKSJATENG2016-MODUL3.pdf

INTRODUCTION
The competition has a fixed start and finish time. You must decide how to best divide your
time. Please carefully read the network topology schema bellow !

The Third Module | System Integration Islands 2

PART 1 – SETUP HARDWARE
Please, install and configure the appropriate instructions below :
1. VIRTUALHOST1 COMPUTER
Spesifications of VIRTUALHOST1
Operating system Proxmox 4.0
Hostname VIRTUALHOST1
IP Address Using available IP on the subnet
User for administrator Username : root
Password : admin1

2. VIRTUALHOST2 COMPUTER
Spesifications of VIRTUALHOST2
Operating system Windows 8.1
Hostname VIRTUALHOST2
IP Address Using available IP on the subnet
User for administrator a. Username : administrator
b. Password : admin2
Application Install VMWare on this PC.

3. WINCLIENT COMPUTER
Spesifications of WINCLIENT
Operating system Windows 8.1
Hostname WINCLIENT
IP Address DHCP
Partition a. Primary partition for Drive C using 100% space of
harddisk and using NTFS file system
User for administrator a. Username : klien
b. Without password
Application a. Driver of network must be installed
b. Filezila
c. Putty

The Third Module | System Integration Islands 3

4. RB_OUT (MIKROTIK)
Spesifications of RB_OUT
Operating system Mikrotik (Integrated in Hardware)
Hostname RB_OUT
Wireless Client mode, connected to AP of judge. The spesification
of AP :
a. SSID : lks_jateng
b. Mode : hidden
c. Password : backtrack442
Wlan IP Address 200.100.100.X/25, X is number of competitor (etc:
200.100.100.12)
Ether2 IP Address VLAN 1 with name "Default": 10.90.90.80/24
VLAN 100 with name "To_R2": 10.1.102.53/28
VLAN 150 with name "To_R3": 11.2.120.35/28
Ether3 IP Address 192.168.10.1/26
Gateway 200.100.100.126
User for administrator a. Username : root
Password : admin269?
Port winbox 2950
Telnet Disabled
Interface Disable all interface,except the connected switches and
wifi.

RB_OUT should be able to reach Judge Server at 200.100.100.125.

5. Router_2 (MIKROTIK)
Spesification of Router_2
Operating system Mikrotik (Integrated in Hardware)
Hostname Router_2
Ether1 IP Address 10.1.102.55/28
Ether2 IP Address 20.102.1.5/28
Ether3 IP Address 202.143.16.2/29
User for administrator a. Username : root
b. Password : admin5
Port winbox 2951
Telnet Disabled
Interface Disable all interface,except the connected switches.

The Third Module | System Integration Islands 4

6. Router_3 (MIKROTIK)
Spesification of Router_3
Operating system Mikrotik 5.20
Hostname Router_3
Ether1 IP Address 11.2.120.35/28
Ether3 IP Address 202.145.16.2/29
Bridge1 (Ether2 & 4) IP Address 120.102.1.6/28
User for administrator a. Username : root
b. Password : admin6
Port winbox 2952
Telnet Disabled
Interface Disable all interface,except the connected switches.

7. WINSVR1 (Windows Server 2012 Datacenter Core)

Spesification of WINSVR1
Operating system Windows Server 2012 R2
Computer Name WINSVR1
IP address 202.143.16.3/29
Domain Name manahan.go.id
Administrator User name Administrator
Administrator Password SmKbIsA123
Domain NetBIOS name MANAHAN

8. LNXSVR1
Spesification of LNXSVR1
Operating system Linux Debian 8.3
Computer Name LNXSVR1
IP address 202.145.16.3/29
User name root
Password admin8

9. MAIN_SWITCH
Spesification of MAIN_SWITCH
Operating system Build in hardware
System Identity name MAIN_SWITCH
IP Address 10.90.90.90/24
Password admin9

The Third Module | System Integration Islands 5

Spesification of VLAN
ID VLAN VLAN NAME PORT
1 Default 1-6
100 To_R2 7-10
150 To_R3 11-14

10. CABLING
Connect wires according to the picture
Device Port Port Device
RB_OUT 2 10 MAIN_SWITCH
RB_OUT 3 2 MAIN_SWITCH
Router_2 1 7 MAIN_SWITCH
Router_2 2 4 MAIN_SWITCH
Router_3 1 11 MAIN_SWITCH
Router_3 2 5 MAIN_SWITCH

The Third Module | System Integration Islands 6

PART 2 – CONFIGURE WINSVR1
WORK TASK WINSVR1
Note: Please use the default configuration if you are not given the details.
Configure the server with the hostname, domain and IP specified in the appendix

o Install the service

A. Sync NTP Client with NTP Server
B. Active Directorty
 Create a Forest Root Domain name “manahan.go.id”
 Create BIOS Domain Name “MANAHAN”
 Create Organizational Unit: MANAHAN2016
 Create Group IT: NET,IT
 Create user: client01, client02 as member of NET group
 Create user: gatot, koco as member of IT group
C. File Sharing
 Create and share folder on the D:\\manahan.go.id\skills\NET\ with read and
write pemission. Map to drive Z:
o Only NET group can access this Map Drive
o Limit the storage capacity of only 20MB
o It is not allowed to save files with extension .exe and .3gp
 Create redirect folder for My Documents folder in client machine to the
following directory D:\\manahan.go.id\skills\shareddocument
 Create and share folder on the D:\\manahan.go.id\skills\IT with read and write
pemission. Map to drive Y:
o Only IT group can access this Map Drive
 Give Label Name to each Map Drive (NET for Z:\ And IT for Y:\)

D. DNS Server
 Create Forward Zone under the name “manahan.go.id”
 Create a subdomain:
- stadion.manahan.go.id (202.143.16.3)
- info.manahan.go.id (202.143.16.3)
- gatotkaca.manahan.go.id (202.143.16.3)
- debian.manahan.go.id (202.145.16.3)
- nginx.manahan.go.id (101.143.17.1)
 Create Reverse Zone for each IP
E. GPO
 Password Policies
Create Policies for users who are on the NET groups in accordance with the
following condition:
 Minimum of 6 characters for passwords
 Does not require strong passwords arrangement

The Third Module | System Integration Islands 7

  Not stored with reversible encryption
 The password will be changed after 90 days
 The account will be locked for 30 minutes after a failed login three times

Create Policies for users who are in the IT group in accordance with the
following condition:
 Password must contain at least 10 characters
 A strong password is required Not stored with reversible encryption
 Passwords are not stored with reversible encryption
 The password will be changed after 30 days
 The account will be locked for 15 minutes after a failed login twice
 GPO – Security Policies
 At logon client displays a message with the title "Sugeng Rawuh" with the
message "Monggo Mlebet Ngagem User Kaliyan Password Ingkan Sampun
Disedianipun Kalihan Administrator"
 All users except the IT group can not access the Display Control Panel
 Disable the "First Sign-In Animation" on client Windows 8.1
 Disable "cmd" and "run"

The Third Module | System Integration Islands 8

PART 3 – CONFIGURE LNXSVR1
WORK TASK SERVER LNXSVR1
Note: Please use the default configuration if you are not given the details.
Configure the server with the hostname, domain and IP specified in the appendix

o Install the services:

A. Setting OpenVPN server with the following condition
 Give a name to the key server "server_debian"
 Gave the name to key client "client_windows"
 The contents of the file cert should contain data such as the following condition:
- KEY_COUNTRY = ID
- KEY_PROVINCE = Jawa Tengah
- KEY_CITY = City’s Name of Competitor
- KEY_ORG = TKJ
- KEY_EMAIL = debian@manahan.go.id
- KEY_OU = SMK Se-Jawa Tengah
- KEY_NAME = server_debian
 Store keys file to /mnt/lnxsvr1/raid6/keys/
 The IP is provided to the client 172.16.0.0/28
 Creating a Log File on /mnt/lnxsrv1/raid6/access.log

B. Configure as NTP Server for WINCLIENT, and WINSVR1. Set the date to 17 February
2017 for testing the configuration.

C. DNS Setting Replication with the following conditions:
 Service if DNS LNXSVR1 will be running to be DNS Server when WINSVR1 shutdown
 Store The Bind File to /var/cache/bind

D. Web Server (apache2 including php5) running at port 8080

 Support HTTP and HTTPS
 Store index.html for “http://debian.manahan.go.id” at /mnt/lnxsvr1/raid6/web
 Create website “http://debian.manahan.go.id”
 Use the following code for index.html in the http://debian.manahan.go.id
<html>
<h1>Selamat Datang Di Website LKS-JATENG 2016</h1>
</html>
 Crate phpinfo page in http://debian.manahan.go.id
 Create user 1-100. Configure user to cannot login locally.
 Create user directory website for each user.
 Use the following code for index.html in the user website
<html>
<h1> Selamat Datang Di Virtual User LKS-JATENG 2016</h1>
</html>

The Third Module | System Integration Islands 9

E. Reverse Proxy
 use nginx application
 reverse make proxy "http://nginx.manahan.go.id:69" to "http: //server-lks.id"
 reverse make proxy "http://nginx.manahan.go.id" to "http:
//debian.manahan.go.id"
 Use the following code for index.html in the http://nginx.manahan.go.id at port
6969
<html>
<h1>Selamat Datang Di Secondary Website LKS-JATENG 2016</h1>
</html>
 Create a user authentication file configuration and store it to
/mnt/lnxsvr1/raid6/secondaryweb/
The user is allowed: lks2016, nginx, lksjateng. With password is
“LKSJATENG2016”
 create a user authentication page when opening the
"http://nginx.manahan.go.id:6969" with the message “Harap Login Untuk
Mengetahui Isi Konten”

F. RAID Configuration
 Create 4 virtual hardisk when each of hardisk is 20 Gb
 Use MDADM to configure as RAID 6
 Create volume with ext4 filesystem.
 Mount RAID Device to /mnt/lnxsvr1/raid6

The Third Module | System Integration Islands 10

PART 4 – CONFIGURE RB_OUT
WORK TASK RB_OUT
Note: Please use the default configuration if you are not given the details.
Configure the server with the hostname, domain and IP specified in the appendix

A. Configure VLAN and IP Address based on specification

B. Configure OSPF routing:
- Area 0 named backbone for To_R2 network
- Area 0 named backbone for To_R3 network
C. Add interface bridge with the name of the loop with the ip 1.1.1.1/32
D. Set OSPF router id 1.1.1.1
E. Configure interface Ether1, Ether4, Ether5 in disable condition
F. NAT on RB_OUT firewall configuration that leads to server with the comment judge NAT
G. DHCP configuration for Ether3 network with IP range 192.168.10.3 – 192.168.10.7

PART 5 – CONFIGURE Router_2

WORK TASK Router_2
Note: Please use the default configuration if you are not given the details.
Configure the server with the hostname, domain and IP specified in the appendix

A. Configure OSPF routing:

- Area 0 named backbone for Ether1 network
- Area 0 named backbone for Ether2 network
- Area 1 named area1 for Ether3 network
B. Add interface bridge with the name of the loop2 with the ip 2.2.2.2/32
C. Set OSPF router id 2.2.2.2

PART 6 – CONFIGURE Router_3

WORK TASK Router_3
Note: Please use the default configuration if you are not given the details.
Configure the server with the hostname, domain and IP specified in the appendix
A. Create bridge between Ether1 and Ether4 so WINCLIENT can get IP address from DHCP
in RB_OUT
B. Configure OSPF routing:
- Area 0 named backbone for Ether1 network
- Area 0 named backbone for Ether2 network
- Area 1 named area1 for Ether3 network
C. Add interface bridge with the name of the loop3 with the ip 3.3.3.3/32
D. Set OSPF router id 3.3.3.3

The Third Module | System Integration Islands 11