You are on page 1of 25

Final Year Project

Directory Infrastructure And System Analysis Design

Group 3
Ma Kwong Kin (101385975) Distribution: 90% Yuen Wai Kwan (091280664) Distribution: 10%

Names and Placement of Domain Servers


The placement of the DNS servers and the number of DNS servers affects the availability of DNS. It is important to ensure that the placement of the DNS servers to allow for DNS availability and Active Directory availability. In our project design, we are going to name the domain servers as AD, since it is stand for Active Directory. Active Directory is fully integrated with DNS. To be fully functional, the DNS server must support SRV resource records or service records. To ensure that DNS is always available, we need to make sure that the DNS infrastructure does not include any single points of failure. In our LAN design, we place the pair of DNS servers on separate subnets by using virtual cluster features of Windows Server 2008 R2 to improve fault tolerance and load balancing, which will placed in the internal server farm on the 2nd floor. This configuration removes routers as potential points of failure.

Figure 1.1

Propose TWO Directory Services solutions


1. OpenLDAP

OpenLDAP Software is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project. It is released under its own BSD-style license called the OpenLDAP Public License. LDAP is a platform-independent protocol. Several common Linux distributions include OpenLDAP Software for LDAP support. The software also runs on BSD-variants, as well as AIX, Android, HP-UX, Mac OS X, Solaris, Microsoft Windows (NT and derivatives, e.g. 2000, XP, Vista, Windows 7, etc.), and z/OS.

Figure 2.1

2. Active Directory Explorer


Active Directory Explorer is a viewer and editor for Active Directory databases, from Microsoft. It can be used to navigate around and modify AD entries, view schema for objects as well as perform searches. It can also save AD snapshots for offline browsing.

Figure 3.1

Comparison
Price
LDAP Admin Tool 5.0 Price: $155.00 / Shareware Active Directory Tool 9.12.01 Price: $149.00 /Shareware So the price of AD is a bit cheaper but not a lot.

Scalability

If we want to extend our AD schema, AD will need to add schema elements via the Active Directory Schema Editor MMC console plug-in. After that, it's pretty straightforward. Define the attributes first and then the object classes. OpenLDAP will need to write an LDIF, which also requires attributes first and then object classes. Apache Directory Studio with OpenLDAP is an alternative GUI and admin tool which makes OpenLDAP near-AD ease of use. AD Explorer has a default query limit of 10,000. If we want to make every query in one shot, we have to use paging controls or modify the default query limit on the domain controller. However, paging controls can be problematic, since some LDAP clients don't seem to work correctly even though they claim they support paging controls (YMMV). In a comparison, OpenLDAP has a better scalability.

Manageability
As we are rather new to LDAP, we want to make it simple and easier to be managed. Now we are going to compare their manageability. OpenLDAP is empty after installation and has no structure (called a DIT). It doesn't even have a "top" entry out of the box. AD is going to ship with a basic structure and has the GUI tools ready for us to start populating users. We need to create the DIT by hand so we'll have to design a structure. So we have to plan out where we're going to put your users, groups and roles. Hence, manageability of AD is better than OpenLDAP.

Functionality
In OpenLDAP, we can design our DIT in many ways. We can follow the domain component (dc=foo,dc=bar) convention or we can use something organized by geographic region (o=foo,c=bar). AD Explorer uses the DC convention and doesn't have a choice but other LDAP servers can follow either convention. However, the main OS environment of our network design is Microsoft Windows Series, using AD Explorer will be easier to adapt to. Also, one of the advantages of AD is that it already contains user accounts for the internal users - these can be kept in synch with separate LDAP server though this adds complexity.

Decision and conclusion


Overall, the functionality of OpenLDAP is better than which of the AD, but we prefer using AD since it is easier to use. In addition, we need a better manageability since our project focus on user friendly. Scalability will not be a big problem since we will try to make the project perfectly in once. To conclude, the functionality and the scalability of OpenLDAP is better, while AD has a better price and manageability. In order to suit our knowledge and the time that we decide to spend on this part, we prefer using AD since it is easier to handle.

Directory Topology
The following figure (Figure 4.1) shows our directory design:

Figure 4.1

Groups and Distribution Lists


In computing, the term group generally refers to a grouping of users. In our project, the primary purpose of user groups is to simplify access control to computer systems. Without groups, administrator would give each staff permission to every department directory, unless he allocate the permission on each directory. This will be very unworkable and the workload of the administrator will increase. Hence, our group design is right below (Figure 5.1): Group name: HQ ED GM CS Sal AD Mar IT Log Admin User: The superior staff from the headquarter Executive Director of the company General Manager of each departments The staff of Customer Services Division The staff of Sales Division The staff of Administration Division The staff of Marketing Division The staff of IT Division The staff of Logistic Division The system admin of the AD server

Figure 5.1 The above group setting will be configured on the AD server. A distribution list is a group of email addresses, also known as a mailing list, which allows users to email multiple people at one time. LISTSERV is L-Soft International, Inc.'s software for managing mailing lists. It enables a large group of people to communicate effectively with one another without requiring each person to maintain a mailing list of all the other participants. Additionally, LISTSERV can archive postings in a searchable online database, send indexed digests to participants instead of individual messages, and make sets of files publicly accessible by email. LISTSERV is only one type of electronic mailing list software. Other types of shared public mailing lists include Majordomo lists, Procmail lists, and LISTPROC. LISTSERV is effective at combating spam, a frequent problem with shared mailing lists. Since LISTSERV servers communicate with each other, when one server detects a spam file, it notifies all the other servers, so that each server can cut off the unwanted messages.

The distribution list design (Figure 6.1) is as shown as follows by using LISTSERV: List: All GM CS Sal AD Mar IT Log Figure 6.1 Example: List: CS Member: sallywong@hotmail.com, peterlam@yahoo.com, johnchan@gmail.com Member: All staffs of the company General Managers of each departments The staffs of Customer Services Division The staffs of Sales Division The staffs of Administration Division The staffs of Marketing Division The staffs of IT Division The staffs of Logistic Division

Naming Convention
In large organizations that manage thousands of workstations and servers, a logical and standardized naming scheme is a must. Not only can this quickly identify the appropriate support personnel for that server/workstation, it can also be used as a security tool to identify the location of internal security threats without having to tear through the subnet tables.

Groups
Active Directory requires that all groups have unique names. This is achieved by including the acronym of the department that the group belongs to. Format: <DEPT>-<NAME> or <DEPT>-<SUBOU>.<TYPE> Examples: CS-Sally CS-Conference Room. Desktops1

Machines
Active Directory requires that all machines have unique names. In addition, it is good network etiquette to not duplicate any other machines name on the NCSU network. Use only letters (A-Z) and numbers (0-9) in your computer names. The scheme usually consists of a standardized location identification code, followed by the department code, a description of function, and a numerical sequence. Coding abbreviations PC Personal Computers SV Servers SW Switch MS Multilayer Switch PR Printers RT WR DC WWW AD Router Wireless Router Domain Controllers Web Servers Active Directory Servers

FTP SQL DHCP APP PRO SMTP FW

FTP Servers SQL Servers DHCP Servers Application Servers Proxy Servers Mail Servers Firewall

Example: 2CSSW03 It means the third switch in the Customer Services Department on the 2nd floor.

Strategy of information sharing


In our project design, we are going to use FTP Server as our information sharing method. Compare with the other FTP software such as CuteFTP and CaserFTP, FileZilla is the best choices of the FTP software in our project. It has many advantages: Free Fast and efficient Open source Handle large transfer Support both Windows and Linux Support FTP security with SSL and SSH Ease in usage Powerful Site Manager Remote control

However, I find many disadvantages after testing this software: Not fully support on Traditional Chinese Unicode Remote control not stable Easy to FC (Force Close) after resetting the port

On the point of view of a small company like our logistic company, I still prefer to use FileZilla as it is totally 0 costs and easy to manage, even a non-IT staff can handle it with the guide book. Since we use FreeNAS as our SAN strategy, there is a part of the file sharing contributed by FreeNASs SMB service.

Share folders and corresponding permissions


Group -> Folder V HQ Executive Director General Manager Custome r Services division Customer Services Sales Read/Write Read/Write Read/ Write Read/ Write Administration Read/Write Read/ Write Marketing Read/Write Read/ Write information Technology Logistic Read/Write Read/Write Read/ Write Read/ Write Public folder Read/Write Read/ Write Staffs Information Announcement Read/ write Applications Internal Read Read Read Read/ Write Read/ write Read Read/ write Read/ write Read Read/ write Read No Read No Read No Read No Read/Write No Read No Read Read Read Read Read Read Read/ Write Read/ Write Read/ Write Read/ Write Read/ Write Read/ Write Read/ Write Read Read/wri te No No Read/Write No No No Read/write Read/Write Read/Write Read/Write Read/Write No No No No No Read/Write No No No No Read/Write No No No No Read/Write No No No No Read/Write No No No Read/Wri te No Read/Write No No No No No No No No No Sales Division Administration Division Marketing Division Information Technology Division Logistic Division

Figure 7.1

Names and Placement of App/Enterprise Servers


In our project design, we are going to name the Application servers as App by the naming convention. An application server is a software framework that provides an environment in which applications can run, no matter what the applications are or what they do. To increase the availability of the App server, we need to ensure the server infrastructure does not include any single points of failure. In our LAN design, we place the pair of App servers on separate subnets by using virtual cluster features of Windows Server 2008 R2 to improve fault tolerance and load balancing which will placed in the internal server farm on the 2nd floor. This configuration removes routers as potential points of failure.

(Refer to Figure 1.1)

List of applications / services provided in each Server


The services provided in each is as shown as below (Figure 8.1): Server: App Internal FTP External FTP AD DHCP SQL WWW Proxy SMTP Figure 8.1 Services Java, .NET, PHP FileZilla, FreeNAS FileZilla, FreeNAS DNS, AD ISP DHCP MySQL IIS CCProxy 1st SMTP

Domain Structure
A domain structure is a cluster of computers which maintains their own security and accounts management locally, i.e.-on the primary domain controller. All logins for local accounts are done within the domain, and it has its own file and application servers for locally logged on users. It is generally part of a much larger corporate forest, consisting of other domains that may or may not "trust" each other, depending upon how they are set up. Setup for a domain is much more complex than a workgroup but scales really well as you add more computers. The cost of setting a domain up is much higher than a workgroup because of its reliance on a centralized database of users and groups. The domain structure design is as shown as below: Domain name: Administrative Domain Staff Domain Client Domain Programmer Domain Figure 9.1 Usage: For the administrator of the server For common staff For customers and public users For data programmers and software engineers

Performance Monitoring and Logging


In our project, performance monitoring is important since it provide you the following benefits: Correct problems before outages occur Reduce the costs of resolving problems when they do occur Meet your service level agreement obligations Plan for growth Share key system performance information with resellers and customers when appropriate Hence, we decide to use a non-free system monitoring software but it is entirely worth. Total Network Inventory 2 is a PC audit and software inventory solution. Which provides network scanning, software accounting, and centralize control of the software and the network with a simple and clear GUI. Plus using Kiwi syslog server to connect the other server logs of the network, The system monitoring and logging are barely perfect. The Kiwi can connect the log data of the firewall and which is the well-known and free software for log recording. It can record the log file of the server every hour.

Availability and Scalability


As we will use the Windows Server 2008 as most of the server, Network Load Balancing (NLB) feature will be used. It enhances the availability and scalability of Internet server applications such as those used on Web, FTP, firewall, proxy, virtual private network (VPN), and other mission-critical servers. A single computer running Windows Server 2008 R2 provides a limited level of server reliability and scalable performance. However, by combining the resources of two or more computers running one of the products in Windows Server 2008 R2 into a single virtual cluster, NLB can deliver the reliability and performance that Web servers and other mission-critical servers need. As we know there are 3 types of cluster, which are High Performance Computing Cluster, Load Balancing Cluster and High Availability Cluster. NLB combine the three types of above and which is free and easy to management. NLB increase the server scalability by support up to 32 computers in a single cluster and support the ability to add hosts to the NLB cluster as the load goes up, without bringing the cluster down. It also supports the ability to remove hosts from the cluster when the load goes down. That means we can easy to increase or reduce server according to the company's needs and will not affect the network. NLB can automatically detect and recover from a cluster host that fails or goes offline, to balance the network load when hosts are added or removed. Also, it can automatically recover and redistribute the workload within ten seconds. That means we can let our servers become fault tolerance servers, hence the availability will be increased.

Virtualization
Nowadays, Virtualization is a trend and it provides many advantages such as: Server Consolidation -- increase hardware utilization and lower the cost Help desk -- increase ability to represent multiple product environments Lab and deployment testing -- reduced physical system requirements Application isolation -- a security mechanism for separating running programs Higher availability Disaster recovery -- fewer servers to manage and recover/restore Security -- centralized management Hence, we decide to implement virtualization in our server to archive the above benefits. On the planning of virtualization, we are going to use VMware infrastructure as the virtualization method, since VMware has the most experience and has a very mature product suite. Compare with the other virtualization provider like Microsoft and Citrix, VMware is more focus on integrating IT process automation around virtualization. VMware vSphere provides advanced business continuity protection at lower cost, and the security and manageability for enterprise desktops. It can also simplify the infrastructure provisioning. The followings are the highlighted features of vSphere: Availability Management (vCenter Server Heartbeat) Disaster Recovery (SRM) Application Virtualization (presentation) (ThinApp) SDLC cost reduction (Lifecycle manager, LabManager) Capacity Planning (CapacityIQ) Application SLM (AppSpeed) Data Protection (Data Recovery) Cost Control (Chargeback) Client Virtualization (View)

Storage
In the storage phrase, we decide to use Network Attach Storage (NAS) as our storage method. Since there are many benefits as shown as follows: Allow multiple server access through a file-based protocol Allow administrators to implement simple and low cost load balancing and fault-tolerant systems Increase file access performance because of the CPU power of the NAS devices Better and easier control over shares

Low cost, load balancing and high performance, which means cost effective. It is hard to find another method which will better then it. FreeNAS is a well-known and well integrate software for the NAS. Which is a free, easy to use and full-function NAS software tailor-made for the Small and Mediate Business like our logistic company. RAID is a technology that is used to increase the performance and/or reliability of data storage. The abbreviation stands for Redundant Array of Inexpensive Disks. A RAID system consists of two or more disks working in parallel.

Figure 10.1 shows the RAID 5 struture

We will implement RAID5 in the FreeNAS storage on our project. The benefits of RAID 5 is that the read data transactions are very fast while write data transaction are somewhat slower (due to the parity that has to be calculated). Also, a failed disk can be recovered from other disks. Cost, per Megabyte, is less than for disk mirroring, which is very ideally applied in our case. It is a good all-round system that combines efficient storage with excellent security and decent performance.

Backup and Recovery


We will use the Windows Server Backup as the backup method since it is one of the functions of the Windows Server 2008. After considering the availability of the server networks, we decide to use the full backup of the Window Server Backup since it do not affect the service quality of the server while doing backup. On the other hand, RAID 5 of the data storage provides data recovery.

Reference 1
The below websites are visited on 25/10/2011:
http://en.wikipedia.org/wiki/Active_Directory AD http://en.wikipedia.org/wiki/Domain_Name_System DNS http://www.openldap.org/ OpenLDAP http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx AD explorer http://www.microsoft.com/en-us/server-cloud/windows-server/active-directory.aspx Active Directory http://www.brothersoft.com/downloads/ms-active-directory-price-list.html Price list of directory software http://wiki.answers.com/Q/What_are_FTP_advantages_and_disadvantages FTP advantages and disadvantages http://en.wikipedia.org/wiki/File_Transfer_Protocol File Transfer Protocol http://kb.iu.edu/data/ackj.html What is LISTSERV http://www.zimbra.com/docs/os/6.0.10/administration_guide/Managing_Accounts. 09.3.html Managing Distribution Lists http://labmice.techtarget.com/articles/computernaming.htm Naming

http://www.utexas.edu/its/help/austin-active-directory/56#computers AD naming http://www.wretch.cc/blog/breezr/16233559 CaserFTP and FileZilla Server http://filezilladownload.net/about.html FileZilla Key Features

Reference 2
The below websites are visited on 2/11/2011
http://blog.xuite.net/jiehui_prompt/dogoo/23489484 Application server http://uk.answers.yahoo.com/question/index?qid=20100922034924AAjECUC domain structure Kiwi Syslog Server install http://www.askasu.idv.tw/index.php/2010/09/07/1210/ Kiwi Syslog Server overview http://www.kiwisyslog.com/kiwi-syslog-server-download/ PRTG network monitor http://www.paessler.com/prtg/download PRTG network monitor function http://eddiesu.blogspot.com/2008/10/prtg-network-monitor.html Kiwi Syslog Server install http://www.askasu.idv.tw/index.php/2010/09/07/1210/ Free NAS http://tw.network01.net/modules/newbb/viewtopic.php?topic_id=94&forum=8 Free NAS feature http://www.freenas.org/about/news/item/freenas-801-rc2 Windows Server Backup http://technet.microsoft.com/zh-tw/library/cc732091(WS.10).aspx Windows Server Backup install 1 http://blog.miniasp.com/post/2009/07/31/Windows-Server-Backup-for-Win2k8-not es.aspx

Windows Server Backup install 2 http://technet.microsoft.com/zh-tw/magazine/2008.05.adbackup.aspx Free NAS http://viml.nchc.org.tw/blog/paper_info.php?CLASS_ID=1&SUB_ID=1&PAPER_ID=86 Raid 5 http://zh.wikipedia.org/zh-hk/RAID Raid 5 preview http://www.pcguide.com/ref/hdd/perf/raid/levels/singleLevel5-c.html http://www.youtube.com/watch?v=MCbFgy4SaxA&feature=player_embedded Total Network inventory 2 Windows Server 2008 (Network LoadBalance) http://www.dotblogs.com.tw/dotjason/archive/2009/04/27/8209.aspx Overview of Network Load Balancing http://technet.microsoft.com/en-gb/library/cc725691.aspx http://www.goodman-lai.idv.tw/2005/10/vmware-workstation.html VMware http://bbs.mychat.to/sindex.php?t740988.html freenas benefits