Upload
alaina-blake
View
219
Download
3
Tags:
Embed Size (px)
Citation preview
ABC Corporation, Inc.Server Upgrade
ABC Corporation, Inc.Server Upgrade
Prepared by Team 2, ITEC495-V1WW, Franklin University
December 9, 2007 Professor Wayne Smith
Prepared by Team 2, ITEC495-V1WW, Franklin University
December 9, 2007 Professor Wayne Smith
Team 2 IntroductionTeam 2 Introduction
Brian Student – Project Manager, Research & Documentation (R&D)
Sean Student –R&D – IT Developer Jason Student – Technical Leader, R&D –
Windows to Linux Experience Jason Student – R&D – RedHat Administrator Sara Student – R&D – Windows Network
Administrator Dr. Martin Advisor – Business Practitioner –
Edison College Information Technology Professor
Brian Student – Project Manager, Research & Documentation (R&D)
Sean Student –R&D – IT Developer Jason Student – Technical Leader, R&D –
Windows to Linux Experience Jason Student – R&D – RedHat Administrator Sara Student – R&D – Windows Network
Administrator Dr. Martin Advisor – Business Practitioner –
Edison College Information Technology Professor 2
Team 2 ObjectivesTeam 2 Objectives
Team 2 Expects to Meet the Following Goals: Apply Network Design to Small-to-Medium
Network Use Management Information Systems
Foundations in Redesigning Network Infrastructure
Configure Network Tasks to Run and Update With Minimal Human Intervention
Employ IT Industry Best Practices to Plan, Implement, and Maintain Network Security
Team 2 Expects to Meet the Following Goals: Apply Network Design to Small-to-Medium
Network Use Management Information Systems
Foundations in Redesigning Network Infrastructure
Configure Network Tasks to Run and Update With Minimal Human Intervention
Employ IT Industry Best Practices to Plan, Implement, and Maintain Network Security
3
ABC Corporation Background
ABC Corporation Background
Small Marketing Company with Microsoft-Based NetworkWindows 2000 Server Domain Controller
Authentication, DHCP, BackupsWindows 2000 Server File and Print ServerWindows 2000 Professional WorkstationsWindows XP Professional WorkstationsFirewalled Business Cable Internet Access
Ten Employees
Small Marketing Company with Microsoft-Based NetworkWindows 2000 Server Domain Controller
Authentication, DHCP, BackupsWindows 2000 Server File and Print ServerWindows 2000 Professional WorkstationsWindows XP Professional WorkstationsFirewalled Business Cable Internet Access
Ten Employees
4
ABC Corporation DilemmaABC Corporation Dilemma
Windows 2000 File and Print Server at End of Lifecycle
ABC Concerned Over Microsoft WoesWindows 2003 Server OS ExpensiveLinux Offers Several Open-Source
OptionsRest of ABC Network Currently Uses:
Microsoft 2000 ServerMicrosoft Windows 2000 ProMicrosoft Windows XP Pro
Windows 2000 File and Print Server at End of Lifecycle
ABC Concerned Over Microsoft WoesWindows 2003 Server OS ExpensiveLinux Offers Several Open-Source
OptionsRest of ABC Network Currently Uses:
Microsoft 2000 ServerMicrosoft Windows 2000 ProMicrosoft Windows XP Pro
5
Current ABC NetworkCurrent ABC Network
6
ABC Business ObjectivesABC Business Objectives
Contract with ITEC Business Solutions, Inc. to replace old server Research costs and functionality of replacement
hardware Install Open Source operating system on new
equipment Migrate file and print services to new server Maintain single authentication source Minimize configuration changes and downtime Simplify routine administration of Linux Server Complete project on time and within budget
Contract with ITEC Business Solutions, Inc. to replace old server Research costs and functionality of replacement
hardware Install Open Source operating system on new
equipment Migrate file and print services to new server Maintain single authentication source Minimize configuration changes and downtime Simplify routine administration of Linux Server Complete project on time and within budget 7
ITEC’s SolutionITEC’s Solution
ITEC Solutions proposed that file and print services be moved to a Linux server Operating system chosen was Ubuntu Server 7.04 Ubuntu is free and there is a wealth of community
support for this distribution on the Internet
Samba can be configured to use Active Directory for authentication
Routine administration will be completed via web browser using Webmin It will not be necessary to visit the Linux
command line to perform routine administration
ITEC Solutions proposed that file and print services be moved to a Linux server Operating system chosen was Ubuntu Server 7.04 Ubuntu is free and there is a wealth of community
support for this distribution on the Internet
Samba can be configured to use Active Directory for authentication
Routine administration will be completed via web browser using Webmin It will not be necessary to visit the Linux
command line to perform routine administration8
Hardware ProposalHardware Proposal
IBM X3200 Server SpecificationsDual Core Zeon 3040 Processor4 GB RAM3 Hard drives totaling 480 GB storage capacityRAID 5 configuration for fault toleranceRAID battery for up to 3 days data protection5-year warranty with onsite repair and 24X7 2-
hour response timeCapable of upgrading to 3 TB storage and 8 GB
RAM
IBM X3200 Server SpecificationsDual Core Zeon 3040 Processor4 GB RAM3 Hard drives totaling 480 GB storage capacityRAID 5 configuration for fault toleranceRAID battery for up to 3 days data protection5-year warranty with onsite repair and 24X7 2-
hour response timeCapable of upgrading to 3 TB storage and 8 GB
RAM 9
CostsCosts
Projected Project Budget $8,000.00 IBM X3200 Server $3,300.00 Linux Ubuntu Server 7.04 OS $ 0.00 ITEC Business Solutions, Inc. $4,000.00
Under Budget Savings $ 700.00
Projected Project Budget $8,000.00 IBM X3200 Server $3,300.00 Linux Ubuntu Server 7.04 OS $ 0.00 ITEC Business Solutions, Inc. $4,000.00
Under Budget Savings $ 700.00
10
Risks Risks
Blending a network with two platforms could create incompatibility issues
Client machines may require reconfiguration to access new services
Unforeseen configuration difficulties may require extra research and troubleshooting
Possible change in project scope could create need for revised planning
If Linux configuration failure seems imminent, revert to Windows Server 2003
Blending a network with two platforms could create incompatibility issues
Client machines may require reconfiguration to access new services
Unforeseen configuration difficulties may require extra research and troubleshooting
Possible change in project scope could create need for revised planning
If Linux configuration failure seems imminent, revert to Windows Server 2003 11
Changes to Infrastructure Changes to Infrastructure
One infrastructure change needed to be made for our solution
DNS entries were made so the existing file & print server is resolved via a DNS alias by the client Changes are necessary in the login scripts and in
the user home folder mappings
Using this method, the only changes required to the infrastructure at the time of cutover to the new Linux file and print server are in the DNS entries
One infrastructure change needed to be made for our solution
DNS entries were made so the existing file & print server is resolved via a DNS alias by the client Changes are necessary in the login scripts and in
the user home folder mappings
Using this method, the only changes required to the infrastructure at the time of cutover to the new Linux file and print server are in the DNS entries 12
SambaSamba
In order for Windows clients to connect to Linux file shares, Samba must be installed and configured on the Linux serverThe /etc/samba/smb.conf contains the
directives for the operation of the Samba daemon
The smb.conf file contains global settings affecting the Samba server operation and share settings
Samba allows a Linux server to join an Active Directory (Canonical, Inc., 2007)
In order for Windows clients to connect to Linux file shares, Samba must be installed and configured on the Linux serverThe /etc/samba/smb.conf contains the
directives for the operation of the Samba daemon
The smb.conf file contains global settings affecting the Samba server operation and share settings
Samba allows a Linux server to join an Active Directory (Canonical, Inc., 2007)
13
SambaSamba
Samba supports ACLs based on the POSIX specification.ACLs provide a more flexible method of
securing an object than using standard Unix permissions
Supported on Reiser and Ext3 file systemsDoes not provide all the features that
Windows server-based ACLs, but provides the key components to adequately securing a file and folders (Canonical, Inc., 2007)
Samba supports ACLs based on the POSIX specification.ACLs provide a more flexible method of
securing an object than using standard Unix permissions
Supported on Reiser and Ext3 file systemsDoes not provide all the features that
Windows server-based ACLs, but provides the key components to adequately securing a file and folders (Canonical, Inc., 2007)
14
CUPSCUPS
Print services are hosted on the Linux server using CUPSCommon Unix Printing System
The CUPS config file is /etc/cups/cupsd.confContains the directives for operation of the
CUPS daemonCUPS utilizes IPP (internet printing
protocol)IPP allows print jobs to be sent over an intranet
or an Internet (Debian Admin, 2007)
Print services are hosted on the Linux server using CUPSCommon Unix Printing System
The CUPS config file is /etc/cups/cupsd.confContains the directives for operation of the
CUPS daemonCUPS utilizes IPP (internet printing
protocol)IPP allows print jobs to be sent over an intranet
or an Internet (Debian Admin, 2007)15
Linux Server Setup & MigrationLinux Server Setup & Migration
First step: Install the Ubuntu 7.04 Server, configure the network interface, update and upgrade the server, and download the components for file and print services
Second step: Edit /etc/fstab so the file system supports POSIX access control lists
Third step: Download and install WebminWebmin allows for administration of a Linux
server through a web browser (Canonical Ltd , (2007)
First step: Install the Ubuntu 7.04 Server, configure the network interface, update and upgrade the server, and download the components for file and print services
Second step: Edit /etc/fstab so the file system supports POSIX access control lists
Third step: Download and install WebminWebmin allows for administration of a Linux
server through a web browser (Canonical Ltd , (2007)
16
SecuritySecurity
Servers physically located in locked room Firewall router between systems and Internet Ubuntu access different from Windows and more
secure by default No open ports to be scanned Configuration modifications to further secure server
Authentication using Kerberos and Windows Active Directory Services
Data backed up from Windows 2000 Server running Symantec Backup Exec 10.0 RALUS configured on Linux server to facilitate connection
Servers physically located in locked room Firewall router between systems and Internet Ubuntu access different from Windows and more
secure by default No open ports to be scanned Configuration modifications to further secure server
Authentication using Kerberos and Windows Active Directory Services
Data backed up from Windows 2000 Server running Symantec Backup Exec 10.0 RALUS configured on Linux server to facilitate connection
17
WebminWebmin
18
Linux Server SetupLinux Server Setup
Fourth step: Configure NTP, nsswitch, Kerberos, and PAMTime synchronization is important for
authentication using KerberosNsswitch.conf determines the method of
resolving hostnames, groups, and password files
Kerberos required testing to ensure the configuration was correct
The PAM configuration files direct authentication and session management(Canonical Ltd , (2007)
Fourth step: Configure NTP, nsswitch, Kerberos, and PAMTime synchronization is important for
authentication using KerberosNsswitch.conf determines the method of
resolving hostnames, groups, and password files
Kerberos required testing to ensure the configuration was correct
The PAM configuration files direct authentication and session management(Canonical Ltd , (2007)
19
NTP.confNTP.conf
Shown is the only section of the /etc/ntp.conf file that must be configured.
Shown is the only section of the /etc/ntp.conf file that must be configured.
20
KerberosKerberos
This output is from the Linux server. It details that Kerberos is functioning.
This output is from the Linux server. It details that Kerberos is functioning.
21
NSSWITCH.CONFNSSWITCH.CONF
This shows what must be configured in /etc/nsswitch.conf.
This shows what must be configured in /etc/nsswitch.conf.
22
Linux Server SetupLinux Server Setup
Fifth Step: Configure Samba’s global directives, then test the configuration file for errors
Sixth Step: Test connections to Active Directory
Seventh Step: Join server to Active Directory
(Canonical Ltd , (2007)
Fifth Step: Configure Samba’s global directives, then test the configuration file for errors
Sixth Step: Test connections to Active Directory
Seventh Step: Join server to Active Directory
(Canonical Ltd , (2007)
23
Global Configurations in SMB.CONF
Global Configurations in SMB.CONF
[global] workgroup = ABCCOMPANY realm = ABCCOMPANY.NET server string = Ubuntu File & Print security = ADS password server = ABC-DC1 enable privileges = Yes encrypt passwords = yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 domain master = No dns proxy = No panic action = /usr/share/samba/panic-
action %d invalid users = root idmap uid = 1000-3000 idmap gid = 1000-3000 winbind enum users = yes winbind enum groups = yes printcap name = cups printing = cups cups options = raw inherit permissions = yes inherit acls = yes map acl inherit = yes acl compatibility = auto dos filemode = yes
[global] workgroup = ABCCOMPANY realm = ABCCOMPANY.NET server string = Ubuntu File & Print security = ADS password server = ABC-DC1 enable privileges = Yes encrypt passwords = yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 domain master = No dns proxy = No panic action = /usr/share/samba/panic-
action %d invalid users = root idmap uid = 1000-3000 idmap gid = 1000-3000 winbind enum users = yes winbind enum groups = yes printcap name = cups printing = cups cups options = raw inherit permissions = yes inherit acls = yes map acl inherit = yes acl compatibility = auto dos filemode = yes
dos filetimes = yes dos filetime resolution = yes map archive = yes map system = no map hidden = no ea support = yes load printers = yes
[printers] create mask = 0777 comment = All Printers browseable = no printable = yes public = yes path = /var/spool/samba guest ok = yes writable = no printer admin = root
[print$] comment = Printer Drivers writeable = yes invalid users = public = yes path = /var/lib/samba/printers write list = @"ABCCOMPANYdomain
admins",@"ABCCOMPANYdomain users“
dos filetimes = yes dos filetime resolution = yes map archive = yes map system = no map hidden = no ea support = yes load printers = yes
[printers] create mask = 0777 comment = All Printers browseable = no printable = yes public = yes path = /var/spool/samba guest ok = yes writable = no printer admin = root
[print$] comment = Printer Drivers writeable = yes invalid users = public = yes path = /var/lib/samba/printers write list = @"ABCCOMPANYdomain
admins",@"ABCCOMPANYdomain users“
24
File Server MigrationFile Server Migration
First step: Creation of shares on the Linux server
Second step: Ensure connectivity to the sharesThis is also a good time to check permissions
Third step: Migrate data Fourth step: Configure further permissions as
appropriate Fifth: Change data DNS alias to resolve to the
new Linux server Sixth step: Reboot client workstations (Canonical, Inc.,
2007)
First step: Creation of shares on the Linux server
Second step: Ensure connectivity to the sharesThis is also a good time to check permissions
Third step: Migrate data Fourth step: Configure further permissions as
appropriate Fifth: Change data DNS alias to resolve to the
new Linux server Sixth step: Reboot client workstations (Canonical, Inc.,
2007)25
DNS ModificationsDNS Modifications
DNS table before migrationDNS table before migration
DNS table after migrationDNS table after migration
26
Share Configurations in SMB.CONF
Share Configurations in SMB.CONF
[home$] comment = Home
Folders path = /samba/home writeable = yes public = yes browseable = yes nt acl support = yes create mask = 0700 directory mask =
0700 acl group control =
yes store dos attributes =
yes
[home$] comment = Home
Folders path = /samba/home writeable = yes public = yes browseable = yes nt acl support = yes create mask = 0700 directory mask =
0700 acl group control =
yes store dos attributes =
yes
[shared$] comment = Shared
Data path = /samba/shared writeable = yes public = yes browseable = yes nt acl support = yes create mask = 0760 directory mask =
0760 acl group control =
yes store dos attributes =
yes
[shared$] comment = Shared
Data path = /samba/shared writeable = yes public = yes browseable = yes nt acl support = yes create mask = 0760 directory mask =
0760 acl group control =
yes store dos attributes =
yes 27
Print Services MigrationPrint Services Migration
If not already installed, download and install CUPS
Using Webmin, configure printersChange print DNS alias to resolve to
the new print server; then reboot all client workstations
On client workstations, connect to the print queue on the Linux server(Canonical, Inc., 2007)
If not already installed, download and install CUPS
Using Webmin, configure printersChange print DNS alias to resolve to
the new print server; then reboot all client workstations
On client workstations, connect to the print queue on the Linux server(Canonical, Inc., 2007) 28
Revised ABC NetworkRevised ABC Network
29
Future ConsiderationsFuture Considerations
Further services and administrative tasks can be migrated to Linux servers: DNS DHCP Directory services E-mail Enforce disk quotas
Further services and administrative tasks can be migrated to Linux servers: DNS DHCP Directory services E-mail Enforce disk quotas
Since Samba is using Active Directory for authentication, care must be taken when migrating directory services to Linux or upgrading the domain controller.
Since Samba is using Active Directory for authentication, care must be taken when migrating directory services to Linux or upgrading the domain controller.
30
Lessons LearnedLessons Learned
Valuable research methods for searching for Ubuntu documentation
Valuable knowledge achieved For understanding Ubuntu command-line
interfaceFor configuring UbuntuFor migrating file and printer shares
A good team work ethic is invaluable!Team 2 members worked well together,
complimenting each other’s strengths and augmenting individual weaknesses
Valuable research methods for searching for Ubuntu documentation
Valuable knowledge achieved For understanding Ubuntu command-line
interfaceFor configuring UbuntuFor migrating file and printer shares
A good team work ethic is invaluable!Team 2 members worked well together,
complimenting each other’s strengths and augmenting individual weaknesses
31
ConclusionConclusion
Ubuntu is a reliable alternative to Windows operating systems
There are fewer malicious attacks on non-Windows machines
Ubuntu OS has a smaller footprint, leaving disk space and memory to be utilized for file and printer shares
Ubuntu can be combined successfully in a primarily Windows environment
Configuring Ubuntu requires minimal code change
Ubuntu is a reliable alternative to Windows operating systems
There are fewer malicious attacks on non-Windows machines
Ubuntu OS has a smaller footprint, leaving disk space and memory to be utilized for file and printer shares
Ubuntu can be combined successfully in a primarily Windows environment
Configuring Ubuntu requires minimal code change
32
ReferencesReferences
Canonical Ltd , (2007). User Documentation. Retrieved October 1, 2007 from Ubuntu Web site: https://help.ubuntu.com/community/UserDocumentation
Debian Admin, (2007, September 10). Setup CUPS (Common UNIX Printing System) Server and Client in Debian. Retrieved October 15, 2007 from Debian Admin Web site: http://www.debianadmin.com/setup-cups-common-unix-printing-system-server-and-client-in-debian.html
Canonical Ltd , (2007). User Documentation. Retrieved October 1, 2007 from Ubuntu Web site: https://help.ubuntu.com/community/UserDocumentation
Debian Admin, (2007, September 10). Setup CUPS (Common UNIX Printing System) Server and Client in Debian. Retrieved October 15, 2007 from Debian Admin Web site: http://www.debianadmin.com/setup-cups-common-unix-printing-system-server-and-client-in-debian.html
33