1 / 33

ABC Corporation, Inc. Server Upgrade

ABC Corporation, Inc. Server Upgrade. Prepared by Team 2, ITEC495-V1WW, Franklin University December 9, 2007 Professor Wayne Smith. Team 2 Introduction. Brian Student – Project Manager, Research & Documentation (R&D) Sean Student –R&D – IT Developer

oistin
Download Presentation

ABC Corporation, Inc. Server Upgrade

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ABC Corporation, Inc.Server Upgrade Prepared by Team 2, ITEC495-V1WW, Franklin University December 9, 2007 Professor Wayne Smith

  2. Team 2 Introduction • Brian Student – Project Manager, Research & Documentation (R&D) • Sean Student –R&D – IT Developer • Jason Student – Technical Leader, R&D – Windows to Linux Experience • Jason Student – R&D – RedHat Administrator • Sara Student – R&D – Windows Network Administrator • Dr. Martin Advisor – Business Practitioner – Edison College Information Technology Professor

  3. Team 2 Objectives Team 2 Expects to Meet the Following Goals: • Apply Network Design to Small-to-Medium Network • Use Management Information Systems Foundations in Redesigning Network Infrastructure • Configure Network Tasks to Run and Update With Minimal Human Intervention • Employ IT Industry Best Practices to Plan, Implement, and Maintain Network Security

  4. ABC Corporation Background • Small Marketing Company with Microsoft-Based Network • Windows 2000 Server Domain Controller • Authentication, DHCP, Backups • Windows 2000 Server File and Print Server • Windows 2000 Professional Workstations • Windows XP Professional Workstations • Firewalled Business Cable Internet Access • Ten Employees

  5. ABC Corporation Dilemma • Windows 2000 File and Print Server at End of Lifecycle • ABC Concerned Over Microsoft Woes • Windows 2003 Server OS Expensive • Linux Offers Several Open-Source Options • Rest of ABC Network Currently Uses: • Microsoft 2000 Server • Microsoft Windows 2000 Pro • Microsoft Windows XP Pro

  6. Current ABC Network

  7. ABC Business Objectives • Contract with ITEC Business Solutions, Inc. to replace old server • Research costs and functionality of replacement hardware • Install Open Source operating system on new equipment • Migrate file and print services to new server • Maintain single authentication source • Minimize configuration changes and downtime • Simplify routine administration of Linux Server • Complete project on time and within budget

  8. ITEC’s Solution • ITEC Solutions proposed that file and print services be moved to a Linux server • Operating system chosen was Ubuntu Server 7.04 • Ubuntu is free and there is a wealth of community support for this distribution on the Internet • Samba can be configured to use Active Directory for authentication • Routine administration will be completed via web browser using Webmin • It will not be necessary to visit the Linux command line to perform routine administration

  9. Hardware Proposal • IBM X3200 Server Specifications • Dual Core Zeon 3040 Processor • 4 GB RAM • 3 Hard drives totaling 480 GB storage capacity • RAID 5 configuration for fault tolerance • RAID battery for up to 3 days data protection • 5-year warranty with onsite repair and 24X7 2-hour response time • Capable of upgrading to 3 TB storage and 8 GB RAM

  10. Costs • Projected Project Budget $8,000.00 • IBM X3200 Server $3,300.00 • Linux Ubuntu Server 7.04 OS $ 0.00 • ITEC Business Solutions, Inc. $4,000.00 • Under Budget Savings $ 700.00

  11. Risks • Blending a network with two platforms could create incompatibility issues • Client machines may require reconfiguration to access new services • Unforeseen configuration difficulties may require extra research and troubleshooting • Possible change in project scope could create need for revised planning • If Linux configuration failure seems imminent, revert to Windows Server 2003

  12. Changes to Infrastructure • One infrastructure change needed to be made for our solution • DNS entries were made so the existing file & print server is resolved via a DNS alias by the client • Changes are necessary in the login scripts and in the user home folder mappings • Using this method, the only changes required to the infrastructure at the time of cutover to the new Linux file and print server are in the DNS entries

  13. Samba • In order for Windows clients to connect to Linux file shares, Samba must be installed and configured on the Linux server • The /etc/samba/smb.conf contains the directives for the operation of the Samba daemon • The smb.conf file contains global settings affecting the Samba server operation and share settings • Samba allows a Linux server to join an Active Directory (Canonical, Inc., 2007)

  14. Samba • Samba supports ACLs based on the POSIX specification. • ACLs provide a more flexible method of securing an object than using standard Unix permissions • Supported on Reiser and Ext3 file systems • Does not provide all the features that Windows server-based ACLs, but provides the key components to adequately securing a file and folders (Canonical, Inc., 2007)

  15. CUPS • Print services are hosted on the Linux server using CUPS • Common Unix Printing System • The CUPS config file is /etc/cups/cupsd.conf • Contains the directives for operation of the CUPS daemon • CUPS utilizes IPP (internet printing protocol) • IPP allows print jobs to be sent over an intranet or an Internet (Debian Admin, 2007)

  16. Linux Server Setup & Migration • First step: Install the Ubuntu 7.04 Server, configure the network interface, update and upgrade the server, and download the components for file and print services • Second step: Edit /etc/fstab so the file system supports POSIX access control lists • Third step: Download and install Webmin • Webmin allows for administration of a Linux server through a web browser (Canonical Ltd , (2007)

  17. Security • Servers physically located in locked room • Firewall router between systems and Internet • Ubuntu access different from Windows and more secure by default • No open ports to be scanned • Configuration modifications to further secure server • Authentication using Kerberos and Windows Active Directory Services • Data backed up from Windows 2000 Server running Symantec Backup Exec 10.0 • RALUS configured on Linux server to facilitate connection

  18. Webmin

  19. Linux Server Setup • Fourth step: Configure NTP, nsswitch, Kerberos, and PAM • Time synchronization is important for authentication using Kerberos • Nsswitch.conf determines the method of resolving hostnames, groups, and password files • Kerberos required testing to ensure the configuration was correct • The PAM configuration files direct authentication and session management (Canonical Ltd , (2007)

  20. NTP.conf • Shown is the only section of the /etc/ntp.conf file that must be configured.

  21. Kerberos • This output is from the Linux server. It details that Kerberos is functioning.

  22. NSSWITCH.CONF • This shows what must be configured in /etc/nsswitch.conf.

  23. Linux Server Setup • Fifth Step: Configure Samba’s global directives, then test the configuration file for errors • Sixth Step: Test connections to Active Directory • Seventh Step: Join server to Active Directory (Canonical Ltd , (2007)

  24. Global Configurations in SMB.CONF • [global] • workgroup = ABCCOMPANY • realm = ABCCOMPANY.NET • server string = Ubuntu File & Print • security = ADS • password server = ABC-DC1 • enable privileges = Yes • encrypt passwords = yes • syslog = 0 • log file = /var/log/samba/log.%m • max log size = 1000 • domain master = No • dns proxy = No • panic action = /usr/share/samba/panic-action %d • invalid users = root • idmapuid = 1000-3000 • idmapgid = 1000-3000 • winbindenum users = yes • winbindenum groups = yes • printcap name = cups • printing = cups • cups options = raw • inherit permissions = yes • inherit acls = yes • map acl inherit = yes • acl compatibility = auto • dos filemode = yes • dos filetimes = yes • dos filetime resolution = yes • map archive = yes • map system = no • map hidden = no • ea support = yes • load printers = yes • [printers] • create mask = 0777 • comment = All Printers • browseable = no • printable = yes • public = yes • path = /var/spool/samba • guest ok = yes • writable = no • printer admin = root • [print$] • comment = Printer Drivers • writeable = yes • invalid users = • public = yes • path = /var/lib/samba/printers • write list = @"ABCCOMPANYdomainadmins",@"ABCCOMPANYdomain users“

  25. File Server Migration • First step: Creation of shares on the Linux server • Second step: Ensure connectivity to the shares • This is also a good time to check permissions • Third step: Migrate data • Fourth step: Configure further permissions as appropriate • Fifth: Change data DNS alias to resolve to the new Linux server • Sixth step: Reboot client workstations (Canonical, Inc., 2007)

  26. DNS Modifications DNS table before migration DNS table after migration

  27. Share Configurations in SMB.CONF • [home$] • comment = Home Folders • path = /samba/home • writeable = yes • public = yes • browseable = yes • ntacl support = yes • create mask = 0700 • directory mask = 0700 • acl group control = yes • store dos attributes = yes • [shared$] • comment = Shared Data • path = /samba/shared • writeable = yes • public = yes • browseable = yes • ntacl support = yes • create mask = 0760 • directory mask = 0760 • acl group control = yes • store dos attributes = yes

  28. Print Services Migration • If not already installed, download and install CUPS • Using Webmin, configure printers • Change print DNS alias to resolve to the new print server; then reboot all client workstations • On client workstations, connect to the print queue on the Linux server (Canonical, Inc., 2007)

  29. Revised ABC Network

  30. Future Considerations • Further services and administrative tasks can be migrated to Linux servers: • DNS • DHCP • Directory services • E-mail • Enforce disk quotas • Since Samba is using Active Directory for authentication, care must be taken when migrating directory services to Linux or upgrading the domain controller.

  31. Lessons Learned • Valuable research methods for searching for Ubuntu documentation • Valuable knowledge achieved • For understanding Ubuntu command-line interface • For configuring Ubuntu • For migrating file and printer shares • A good team work ethic is invaluable! • Team 2 members worked well together, complimenting each other’s strengths and augmenting individual weaknesses

  32. Conclusion • Ubuntu is a reliable alternative to Windows operating systems • There are fewer malicious attacks on non-Windows machines • Ubuntu OS has a smaller footprint, leaving disk space and memory to be utilized for file and printer shares • Ubuntu can be combined successfully in a primarily Windows environment • Configuring Ubuntu requires minimal code change

  33. References Canonical Ltd , (2007). User Documentation. Retrieved October 1, 2007 from Ubuntu Web site: https://help.ubuntu.com/community/UserDocumentation Debian Admin, (2007, September 10). Setup CUPS (Common UNIX Printing System) Server and Client in Debian. Retrieved October 15, 2007 from Debian Admin Web site: http://www.debianadmin.com/setup-cups-common-unix-printing-system-server-and-client-in-debian.html

More Related