Toàn tập về cấu hình mạng Intranet

Hướng dẫn triển khai, cấu hình các dịch vụ mạng như ADDS, Domain Controller, DNS, DHCP, Zone, Lan router, VPN - Client to Gateway, Web Services, Firewall, Terminal Services, Remote Desktop, https, FTP,...

Trang 1

1 Tran Minh Hoang | 200098090 | LTU08 | HUST

1 Deploy Active Directory Domain Services and Domain Controller sie.edu.vn, DNS: 1.1.What are Active Diretory Domain Services, Domain Controller and DNS?

a Active Diretory Domain Services:

Active Directory Domain Services (AD DS) is a management and certificate Centre for objects, such as: Group, User, Computer account,… AD DS supply all

of information of a object for the necessary services E.g.: It supple full of information for certifying when access to resources

When you use AD DS on Windows Server 2008, you can create a security infrastructure, manage user, computer account and other resources easily You can use AD DS to supply for applications which relative with Active Directory like Microsoft Exchange Server, Active Directory Right Management Services (RMS),…

Active Directory’s structure include those components: Forest, Tree, Domains, Organizational Units (OUs) A forest can have only or many Domain Tree and Domain, a Tree can have 1 or some domain In a domain, a server is set up AD

DS is called Domain Controller, the first default Domain Controller on forest root again which stores Global Catalog Global Catalog is a services certify for objects

in AD System Which Domain Controller Machine store Global Catalog is called Global Catalog Server In a forest or a domain, we can configure many Global Catalog Server to load balancing for certification

b Domain Controller:

Domain Controller is a dedicated computer or a server, it’s set up Windows Server and store the copy of Domain Directory A domain can have one or more domain controller, each domain controller have the copy of Domain Directory

Plysical network 192.168.X.0 255.255.255.0

Internal network 10.0.X.0

255.0.0.0 internet

Trang 2

Domain Controller has responsible for confirming User and ensure about privacy policies is implement

c DNS:

DNS is stand for Domain Name System DNS Server is a Server used to resolve domain to IP address and vice versa Above, we saw Domain Controller manage domain, then DNS is used to create domain for Domain Controller manage

1.2.The works have to do:

- Add role ADDS

- Run dcpromo to change server to Domain Controller manage sie.edu.vn and install DNS Server

1.3.The result of Demo:

Intall Active Directory Domain Services succeeded

Trang 3

Install Domain Controller and DNS Server succeeded

Trang 4

Exercise 1 completed

Trang 5

2 Rename Server to: <Student’s name>.sie.edu.vn

Establish Server with 2 Network card:

- Physical Network: 192.168.X.1 255.255.255.0

- Internal Network: 10.0.X.1 255.0.0.0

1.1 The works have to do:

- Change Server’s name to HoangTM.sie.edu.vn

- Configure 2 network card on Server

1.2 The result of Demo:

Changed Server’s name

Physical Network

Trang 6

Internal Network

Exercise 2 completed

Trang 7

3 Set up DHCP Service on Server to allocate dynamic IP for Internal Network

Address range from 10.0.X.2 to 10.0.X.254

3.1.What is DHCP Service?

DHCP is stand for Dynamic Host Configuration Protocol DHCP is an automatic

configure IP address Computer is configured automatically; so that it’s reduce

interfere into network system It supply a database center to follow all of computers

in the network system The important purpose is avoiding 2 computer have the same

IP address

If computer don’t have DHCP, it can be configured IP by traditional way Except

supplying IP address, DHCP also supply other configuration information, such as

DNS Nowadays, DHCP have 2 version: IPv4 and IPv6

- Add role DHCP

- Go to Administrative Tools/ DHCP/ HoangTM.sie.edu.vn to add Scope for IPv4

- Allocate address range

Install DHCP Server succeeded

Address range of dynamic IP from 10.0.X.2 to 10.0.X.254

Trang 8

4 Leave 10 first position (from 10.0.X.2 to 10.0.X.11) to allocate static IP Set up to the

computer have MAC address 00-11-22-33-44-55-66 always get IP address: 10.0.X.10

- Go to Administrative Tools/ DHCP/ HoangTM.sie.edu.vn/ Address Pool to add

Exclusion range to allocate static IP

- Go to Administrative Tools/ DHCP/ HoangTM.sie.edu.vn/ Reservations to set static

IP: 10.0.X.10 for the computer have MAC address 00-11-22-33-44-55-66

Leave 10 first position (from 10.0.X.2 to 10.0.X.11) to allocate static IP

Set up to the computer has MAC address 00-11-22-33-44-55-66

always get IP: 10.0.X.10

Trang 9

5 Create zone sie.edu.vn Create <Student’s name>.sie.edu.vn 192.168.X.2

5.1.What is DNS zone?

Every domain name, which is a part of DNS System and is managed by the DNS

System It has several DNS settings, also known as DNS records In order for these

DNS records to be kept in order, the DNS zone was created

- Go to Administrative Tools/ DNS/ HoangTM/ Forward Lookup Zones/ sie.edu.vn to

add host Because zone sie.edu.vn was created at Exercise 1, we only need add host

HoangTM to create HoangTM.sie.edu.vn with IP address: 192.168.X.2

Create HoangTM.sie.edu.vn 192.168.X.2 in zone sie.edu.vn

6 Establish Windows Server act as a LAN Router (Client can ping to real machine)

Set up to Client can connect to the Internet

6.1.What is Router?

a Router:

Router is Network equipment, used to transfer data packages throw a co-network

to terminals, via a Routing process Routing happens at 3rd floor of OSI Model

In most cases, a router acts as a bond between 2 or many network and transfers data package Router transfers them to routing table to find out the way to move

Routing table is configured static by network managers - meaning routing table is established 1 time and implemented manual, or dynamic – meaning the table know the way itself and the content is changed according to to-po network’s change

And specially, router is not a network switch

Trang 10

b NAT:

NAT is stand for Network Address Translation, is a technique was invented to solve IP shortage problem, but it gradually demonstrates multiple advantages that nobody can think about when it was invented Some of advantages of NAT

nowadays are most applied are:

o Share Internet connection with many computer in LAN (Local Area Network) with a IP address of WAN

o It works like Firewall, help us to hide all IP in LAN away from hackers

o It’s flexible and easy to manage

- Add role Network Policy and Access Services

- Go to Administrative Tool/ Routing and Remote Access/ HoangTM to enable and

configure Routing and Remote Access about NAT

- Go to Administrative Tool/ Routing and Remote Access/ HoangTM/ IPv4/ NAT to

add new interface

- Check if Internet connected

- Check if Client’s IP is now in domain: sie.edu.vn (in 10.0.25.1/24 range)

- Change Server’s Physical Network to obtain an IP address automatically to get IP

from Internet

Real machine’s IP

Trang 11

Client ping Real machine

Server is connected Internet

Trang 12

Client is connected Internet

7 Set up VPN Model – Client to gateway with new User: Student’s ID, pass: Hut11

7.1.What is VPN?

VPN is stand for Virtual Private Network, it’s a solution remote access base on the

public internet platform This is a economic solution with high security It’s a solution

of future

VPN is alow us to expand the local network range by using the advantages of the

internet VPN technique is alow us to connect with a very far host and make it

become a node or another PC in our LAN Other feature of VPN is the connection of

Client and your private network is quite secure like you is in LAN together

- Add role Network Policy and Access Services

- Go to Administrative Tool/ Routing and Remote Access/ HoangTM to enable and

configure Routing and Remote Access about VPN

- Go to Administrative Tool/ Active Directory Users and Computers/ sie.edu.vn/ Users

to create User: 20098090, pass Hut11

- Configure this User to be allowed access permission

- Start Windows XP and go to Control Panel/ Network and Internet Connections/

Network Connections/ Create a new connection about VPN

Trang 13

Install Network Policy and Access Services succeeded

Client in Windows XP join to VPN succeeded

Trang 14

IP address of Client in VPN

Server ping Client in VPN succeeded

8 Create a website: www.web.sie.edu.vn with the content is: Ten toi la: <Student’s

name>

8.1.Whats is ISS?

ISS is stand for Internet Information Service It’s a version for Web Server of

Microsoft ISS is designed to become a Web platform and flexible application and

most safety for Microsoft Microsoft designed ISS again from exist platform and

during development process, the design group focus on 5 field:

- Security

- Scalability

Trang 15

- Configuration and deployment

- Management and diagnostic

- Performance

- Add role Web Server

- Add Required Features

- Check http://localhost to confirm ISS operated

- Go to Administrative Tools/ DNS/ HoangTM/ Forward Lookup Zones/ sie.edu.vn to

add New Host named “web” or “www.web”

- Go to C:\initpub\wwwroot to create new folder name “web”

- Go to C:\initpub\wwwroot\web, create a txt file with the content “Ten toi la Tran

Minh Hoang” and save as this file to htm or.html with the name “index” So, we have

a simple html page Double click into this file to see the result

- Go to Administrative Tools/ Internet Information Services (ISS) Manager/ Start Page/

HoangTM/ site to add Web Site

- Fill the Site name and browse Physical Path to the folder contain index.html which

you have just created It’ll appear a warning dialog to warn you that your web site use

the same port with another website, don’t mind because we solve this right now

- Set the site Default Web Site stop active by Right click/ Manage Web Site/ Stop

(because both your website and it are using port 80)

- Start/ Active your web site

- Check your Web Site by go to address: http://web.sie.edu.vn or

http://www.web.sie.edu.vn on both Server and Client

Install Web Server (IIS) succeeded

Trang 16

Check http://localhost

Trang 17

Go to http://web.sie.edu.vn on Server

Trang 18

Go to: www.web.sie.edu.vn on Client

9 Establish Firewall:

- Create 2 command Inbound connection

- Create 2 command Outbound connection

Example: Create a command to ban from accessing to 1 service port on Server

Eg: port 80

9.1.What is Windows Firewall with Advanced Security?

What is Windows Firewall with Advanced Security on Windows Server 2008 is a

combine between personal firewall (host firewall) and IPsec, allow us configure to

filter the I/O connection on system

This tool allow us implement operation of configure easily on firewall Windows

firewall with Advanced Security use 2 kinds of rule to configure:

- Firewall rules: Use to define I/O connection which is allowed or banned

- Connection Security rules: Serve for security file extension purpose between 2

computers

Trang 19

- Go to Administrative Tools/ Windows Firewall with Advanced Security

- Choose Inbound/ Outbound Rules and choose New rule in tab Actions

- We can create rule about Program, Port,…  Here, we choose Port

- We have to choose TCP or UDP to apply for this rule

Acronym for: Transmission Control Protocol User Datagram Protocol or Universal Datagram

Protocol

Function: As a message makes its way across

the internet from one computer to another This isconnection based

UDP is also a protocol used in message

not connection based which means that one program can send a load of packets to another and that would be the end of the relationship

critical applications

UDP is used for games orapplications that require fasttransmission of data UDP's stateless nature is also useful for servers that answer small queries from huge numbers of clients

Speed of transfer: The speed for TCP is slower than

UDP

UDP is faster because there is no error-checking for packets

Reliability: There is absolute guarantee that the

data transferred remains intact and arrives in the same order in which it was sent

There is no guarantee that the messages or packets sent would reach at all

Header Size: TCP header size is 20 bytes UDP Header size is 8 bytes

Streaming of data: Data is read as a byte stream, no

distinguishing indications are transmitted to signal message (segment) boundaries

Packets are sent individually and are checked for integrity only if they arrive Packets have definite boundaries which are honored upon receipt, meaning a read operation at the receiver

Trang 20

socket will yield an entire message as it was originally sent

socket connection, before any user data can be sent TCP handles reliability and congestion control

UDP is lightweight There is no ordering of messages, no tracking connections, etc It is a small transport layer designed on top of IP

Data Flow Control: TCP does Flow Control TCP

requires three packets to set up a socket connection, before any user data can be sent TCP handles reliability and congestion control

UDP does not have an option for flow control

Error Checking: TCP does error checking UDP does error checking, but no recovery

options

number, 3 Data offset, 4 Reserved,

5 Control bit, 6 Window, 7 Urgent Pointer 8 Options, 9 Padding, 10

Check Sum, 11 Source port, 12

Destination port

1 Length, 2 Source port, 3 Destination port, 4 Check Sum

- Fill the port number which you want to apply

- Choose the action you want to match the specified conditions

- After finishing building rules, you’ll base on firewall profile to apply those rules for

the computer Windows Server 2008 has 3 kinds of firewall profile below:

o Domain: Applied when a computer is connected with domain

o Private: Applied when a computer became local network’s member but not connect with domain

o Public: Applied when a computer has connected with public network systems, such as internet

Tiêu đề	Toàn Tập Về Cấu Hình Mạng Intranet
Tác giả	Tran Minh Hoang
Trường học	Hanoi University of Science and Technology
Chuyên ngành	Information Technology
Thể loại	bài tập
Thành phố	Hà Nội

Định dạng
Số trang	35
Dung lượng	2,63 MB