Presentation is loading. Please wait.

Presentation is loading. Please wait.

ABC Corporation, Inc. Server Upgrade Prepared by Team 2, ITEC495-V1WW, Franklin University December 9, 2007 Professor Wayne Smith Prepared by Team 2, ITEC495-V1WW,

Similar presentations


Presentation on theme: "ABC Corporation, Inc. Server Upgrade Prepared by Team 2, ITEC495-V1WW, Franklin University December 9, 2007 Professor Wayne Smith Prepared by Team 2, ITEC495-V1WW,"— Presentation transcript:

1 ABC Corporation, Inc. Server Upgrade Prepared by Team 2, ITEC495-V1WW, Franklin University December 9, 2007 Professor Wayne Smith Prepared by Team 2, ITEC495-V1WW, Franklin University December 9, 2007 Professor Wayne Smith

2 Team 2 Introduction Brian Student – Project Manager, Research & Documentation (R&D) Sean Student –R&D – IT Developer Jason Student – Technical Leader, R&D – Windows to Linux Experience Jason Student – R&D – RedHat Administrator Sara Student – R&D – Windows Network Administrator Dr. Martin Advisor – Business Practitioner – Edison College Information Technology Professor Brian Student – Project Manager, Research & Documentation (R&D) Sean Student –R&D – IT Developer Jason Student – Technical Leader, R&D – Windows to Linux Experience Jason Student – R&D – RedHat Administrator Sara Student – R&D – Windows Network Administrator Dr. Martin Advisor – Business Practitioner – Edison College Information Technology Professor 2

3 Team 2 Objectives Team 2 Expects to Meet the Following Goals: Apply Network Design to Small-to-Medium Network Use Management Information Systems Foundations in Redesigning Network Infrastructure Configure Network Tasks to Run and Update With Minimal Human Intervention Employ IT Industry Best Practices to Plan, Implement, and Maintain Network Security Team 2 Expects to Meet the Following Goals: Apply Network Design to Small-to-Medium Network Use Management Information Systems Foundations in Redesigning Network Infrastructure Configure Network Tasks to Run and Update With Minimal Human Intervention Employ IT Industry Best Practices to Plan, Implement, and Maintain Network Security 3

4 ABC Corporation Background Small Marketing Company with Microsoft-Based Network Windows 2000 Server Domain Controller Authentication, DHCP, Backups Windows 2000 Server File and Print Server Windows 2000 Professional Workstations Windows XP Professional Workstations Firewalled Business Cable Internet Access Ten Employees Small Marketing Company with Microsoft-Based Network Windows 2000 Server Domain Controller Authentication, DHCP, Backups Windows 2000 Server File and Print Server Windows 2000 Professional Workstations Windows XP Professional Workstations Firewalled Business Cable Internet Access Ten Employees 4

5 ABC Corporation Dilemma Windows 2000 File and Print Server at End of Lifecycle ABC Concerned Over Microsoft Woes Windows 2003 Server OS Expensive Linux Offers Several Open-Source Options Rest of ABC Network Currently Uses: Microsoft 2000 Server Microsoft Windows 2000 Pro Microsoft Windows XP Pro Windows 2000 File and Print Server at End of Lifecycle ABC Concerned Over Microsoft Woes Windows 2003 Server OS Expensive Linux Offers Several Open-Source Options Rest of ABC Network Currently Uses: Microsoft 2000 Server Microsoft Windows 2000 Pro Microsoft Windows XP Pro 5

6 Current ABC Network 6

7 ABC Business Objectives Contract with ITEC Business Solutions, Inc. to replace old server Research costs and functionality of replacement hardware Install Open Source operating system on new equipment Migrate file and print services to new server Maintain single authentication source Minimize configuration changes and downtime Simplify routine administration of Linux Server Complete project on time and within budget Contract with ITEC Business Solutions, Inc. to replace old server Research costs and functionality of replacement hardware Install Open Source operating system on new equipment Migrate file and print services to new server Maintain single authentication source Minimize configuration changes and downtime Simplify routine administration of Linux Server Complete project on time and within budget 7

8 ITEC’s Solution ITEC Solutions proposed that file and print services be moved to a Linux server Operating system chosen was Ubuntu Server 7.04 Ubuntu is free and there is a wealth of community support for this distribution on the Internet Samba can be configured to use Active Directory for authentication Routine administration will be completed via web browser using Webmin It will not be necessary to visit the Linux command line to perform routine administration ITEC Solutions proposed that file and print services be moved to a Linux server Operating system chosen was Ubuntu Server 7.04 Ubuntu is free and there is a wealth of community support for this distribution on the Internet Samba can be configured to use Active Directory for authentication Routine administration will be completed via web browser using Webmin It will not be necessary to visit the Linux command line to perform routine administration 8

9 Hardware Proposal IBM X3200 Server Specifications Dual Core Zeon 3040 Processor 4 GB RAM 3 Hard drives totaling 480 GB storage capacity RAID 5 configuration for fault tolerance RAID battery for up to 3 days data protection 5-year warranty with onsite repair and 24X7 2-hour response time Capable of upgrading to 3 TB storage and 8 GB RAM IBM X3200 Server Specifications Dual Core Zeon 3040 Processor 4 GB RAM 3 Hard drives totaling 480 GB storage capacity RAID 5 configuration for fault tolerance RAID battery for up to 3 days data protection 5-year warranty with onsite repair and 24X7 2-hour response time Capable of upgrading to 3 TB storage and 8 GB RAM 9

10 Costs Projected Project Budget$8, IBM X3200 Server$3, Linux Ubuntu Server 7.04 OS$ 0.00 ITEC Business Solutions, Inc.$4, Under Budget Savings$ Projected Project Budget$8, IBM X3200 Server$3, Linux Ubuntu Server 7.04 OS$ 0.00 ITEC Business Solutions, Inc.$4, Under Budget Savings$

11 Risks Blending a network with two platforms could create incompatibility issues Client machines may require reconfiguration to access new services Unforeseen configuration difficulties may require extra research and troubleshooting Possible change in project scope could create need for revised planning If Linux configuration failure seems imminent, revert to Windows Server 2003 Blending a network with two platforms could create incompatibility issues Client machines may require reconfiguration to access new services Unforeseen configuration difficulties may require extra research and troubleshooting Possible change in project scope could create need for revised planning If Linux configuration failure seems imminent, revert to Windows Server

12 Changes to Infrastructure One infrastructure change needed to be made for our solution DNS entries were made so the existing file & print server is resolved via a DNS alias by the client Changes are necessary in the login scripts and in the user home folder mappings Using this method, the only changes required to the infrastructure at the time of cutover to the new Linux file and print server are in the DNS entries One infrastructure change needed to be made for our solution DNS entries were made so the existing file & print server is resolved via a DNS alias by the client Changes are necessary in the login scripts and in the user home folder mappings Using this method, the only changes required to the infrastructure at the time of cutover to the new Linux file and print server are in the DNS entries 12

13 Samba In order for Windows clients to connect to Linux file shares, Samba must be installed and configured on the Linux server The /etc/samba/smb.conf contains the directives for the operation of the Samba daemon The smb.conf file contains global settings affecting the Samba server operation and share settings Samba allows a Linux server to join an Active Directory (Canonical, Inc., 2007) In order for Windows clients to connect to Linux file shares, Samba must be installed and configured on the Linux server The /etc/samba/smb.conf contains the directives for the operation of the Samba daemon The smb.conf file contains global settings affecting the Samba server operation and share settings Samba allows a Linux server to join an Active Directory (Canonical, Inc., 2007) 13

14 Samba Samba supports ACLs based on the POSIX specification. ACLs provide a more flexible method of securing an object than using standard Unix permissions Supported on Reiser and Ext3 file systems Does not provide all the features that Windows server-based ACLs, but provides the key components to adequately securing a file and folders (Canonical, Inc., 2007) Samba supports ACLs based on the POSIX specification. ACLs provide a more flexible method of securing an object than using standard Unix permissions Supported on Reiser and Ext3 file systems Does not provide all the features that Windows server-based ACLs, but provides the key components to adequately securing a file and folders (Canonical, Inc., 2007) 14

15 CUPS Print services are hosted on the Linux server using CUPS Common Unix Printing System The CUPS config file is /etc/cups/cupsd.conf Contains the directives for operation of the CUPS daemon CUPS utilizes IPP (internet printing protocol) IPP allows print jobs to be sent over an intranet or an Internet (Debian Admin, 2007) Print services are hosted on the Linux server using CUPS Common Unix Printing System The CUPS config file is /etc/cups/cupsd.conf Contains the directives for operation of the CUPS daemon CUPS utilizes IPP (internet printing protocol) IPP allows print jobs to be sent over an intranet or an Internet (Debian Admin, 2007) 15

16 Linux Server Setup & Migration First step: Install the Ubuntu 7.04 Server, configure the network interface, update and upgrade the server, and download the components for file and print services Second step: Edit /etc/fstab so the file system supports POSIX access control lists Third step: Download and install Webmin Webmin allows for administration of a Linux server through a web browser (Canonical Ltd, (2007) First step: Install the Ubuntu 7.04 Server, configure the network interface, update and upgrade the server, and download the components for file and print services Second step: Edit /etc/fstab so the file system supports POSIX access control lists Third step: Download and install Webmin Webmin allows for administration of a Linux server through a web browser (Canonical Ltd, (2007) 16

17 Security Servers physically located in locked room Firewall router between systems and Internet Ubuntu access different from Windows and more secure by default No open ports to be scanned Configuration modifications to further secure server Authentication using Kerberos and Windows Active Directory Services Data backed up from Windows 2000 Server running Symantec Backup Exec 10.0 RALUS configured on Linux server to facilitate connection Servers physically located in locked room Firewall router between systems and Internet Ubuntu access different from Windows and more secure by default No open ports to be scanned Configuration modifications to further secure server Authentication using Kerberos and Windows Active Directory Services Data backed up from Windows 2000 Server running Symantec Backup Exec 10.0 RALUS configured on Linux server to facilitate connection 17

18 Webmin 18

19 Linux Server Setup Fourth step: Configure NTP, nsswitch, Kerberos, and PAM Time synchronization is important for authentication using Kerberos Nsswitch.conf determines the method of resolving hostnames, groups, and password files Kerberos required testing to ensure the configuration was correct The PAM configuration files direct authentication and session management (Canonical Ltd, (2007) Fourth step: Configure NTP, nsswitch, Kerberos, and PAM Time synchronization is important for authentication using Kerberos Nsswitch.conf determines the method of resolving hostnames, groups, and password files Kerberos required testing to ensure the configuration was correct The PAM configuration files direct authentication and session management (Canonical Ltd, (2007) 19

20 NTP.conf Shown is the only section of the /etc/ntp.conf file that must be configured. 20

21 Kerberos This output is from the Linux server. It details that Kerberos is functioning. 21

22 NSSWITCH.CONF This shows what must be configured in /etc/nsswitch.conf. 22

23 Linux Server Setup Fifth Step: Configure Samba’s global directives, then test the configuration file for errors Sixth Step: Test connections to Active Directory Seventh Step: Join server to Active Directory (Canonical Ltd, (2007) Fifth Step: Configure Samba’s global directives, then test the configuration file for errors Sixth Step: Test connections to Active Directory Seventh Step: Join server to Active Directory (Canonical Ltd, (2007) 23

24 Global Configurations in SMB.CONF [global] workgroup = ABCCOMPANY realm = ABCCOMPANY.NET server string = Ubuntu File & Print security = ADS password server = ABC-DC1 enable privileges = Yes encrypt passwords = yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 domain master = No dns proxy = No panic action = /usr/share/samba/panic-action %d invalid users = root idmap uid = idmap gid = winbind enum users = yes winbind enum groups = yes printcap name = cups printing = cups cups options = raw inherit permissions = yes inherit acls = yes map acl inherit = yes acl compatibility = auto dos filemode = yes [global] workgroup = ABCCOMPANY realm = ABCCOMPANY.NET server string = Ubuntu File & Print security = ADS password server = ABC-DC1 enable privileges = Yes encrypt passwords = yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 domain master = No dns proxy = No panic action = /usr/share/samba/panic-action %d invalid users = root idmap uid = idmap gid = winbind enum users = yes winbind enum groups = yes printcap name = cups printing = cups cups options = raw inherit permissions = yes inherit acls = yes map acl inherit = yes acl compatibility = auto dos filemode = yes dos filetimes = yes dos filetime resolution = yes map archive = yes map system = no map hidden = no ea support = yes load printers = yes [printers] create mask = 0777 comment = All Printers browseable = no printable = yes public = yes path = /var/spool/samba guest ok = yes writable = no printer admin = root [print$] comment = Printer Drivers writeable = yes invalid users = public = yes path = /var/lib/samba/printers write list users“ 24

25 File Server Migration First step: Creation of shares on the Linux server Second step: Ensure connectivity to the shares This is also a good time to check permissions Third step: Migrate data Fourth step: Configure further permissions as appropriate Fifth: Change data DNS alias to resolve to the new Linux server Sixth step: Reboot client workstations (Canonical, Inc., 2007) First step: Creation of shares on the Linux server Second step: Ensure connectivity to the shares This is also a good time to check permissions Third step: Migrate data Fourth step: Configure further permissions as appropriate Fifth: Change data DNS alias to resolve to the new Linux server Sixth step: Reboot client workstations (Canonical, Inc., 2007) 25

26 DNS Modifications DNS table before migration DNS table after migration 26

27 Share Configurations in SMB.CONF [home$] comment = Home Folders path = /samba/home writeable = yes public = yes browseable = yes nt acl support = yes create mask = 0700 directory mask = 0700 acl group control = yes store dos attributes = yes [home$] comment = Home Folders path = /samba/home writeable = yes public = yes browseable = yes nt acl support = yes create mask = 0700 directory mask = 0700 acl group control = yes store dos attributes = yes [shared$] comment = Shared Data path = /samba/shared writeable = yes public = yes browseable = yes nt acl support = yes create mask = 0760 directory mask = 0760 acl group control = yes store dos attributes = yes 27

28 Print Services Migration If not already installed, download and install CUPS Using Webmin, configure printers Change print DNS alias to resolve to the new print server; then reboot all client workstations On client workstations, connect to the print queue on the Linux server (Canonical, Inc., 2007) If not already installed, download and install CUPS Using Webmin, configure printers Change print DNS alias to resolve to the new print server; then reboot all client workstations On client workstations, connect to the print queue on the Linux server (Canonical, Inc., 2007) 28

29 Revised ABC Network 29

30 Future Considerations Further services and administrative tasks can be migrated to Linux servers: DNS DHCP Directory services Enforce disk quotas Further services and administrative tasks can be migrated to Linux servers: DNS DHCP Directory services Enforce disk quotas Since Samba is using Active Directory for authentication, care must be taken when migrating directory services to Linux or upgrading the domain controller. 30

31 Lessons Learned Valuable research methods for searching for Ubuntu documentation Valuable knowledge achieved For understanding Ubuntu command-line interface For configuring Ubuntu For migrating file and printer shares A good team work ethic is invaluable! Team 2 members worked well together, complimenting each other’s strengths and augmenting individual weaknesses Valuable research methods for searching for Ubuntu documentation Valuable knowledge achieved For understanding Ubuntu command-line interface For configuring Ubuntu For migrating file and printer shares A good team work ethic is invaluable! Team 2 members worked well together, complimenting each other’s strengths and augmenting individual weaknesses 31

32 Conclusion Ubuntu is a reliable alternative to Windows operating systems There are fewer malicious attacks on non-Windows machines Ubuntu OS has a smaller footprint, leaving disk space and memory to be utilized for file and printer shares Ubuntu can be combined successfully in a primarily Windows environment Configuring Ubuntu requires minimal code change Ubuntu is a reliable alternative to Windows operating systems There are fewer malicious attacks on non-Windows machines Ubuntu OS has a smaller footprint, leaving disk space and memory to be utilized for file and printer shares Ubuntu can be combined successfully in a primarily Windows environment Configuring Ubuntu requires minimal code change 32

33 References Canonical Ltd, (2007). User Documentation. Retrieved October 1, 2007 from Ubuntu Web site: https://help.ubuntu.com/community/UserDocumentation https://help.ubuntu.com/community/UserDocumentation Debian Admin, (2007, September 10). Setup CUPS (Common UNIX Printing System) Server and Client in Debian. Retrieved October 15, 2007 from Debian Admin Web site: system-server-and-client-in-debian.html system-server-and-client-in-debian.html Canonical Ltd, (2007). User Documentation. Retrieved October 1, 2007 from Ubuntu Web site: https://help.ubuntu.com/community/UserDocumentation https://help.ubuntu.com/community/UserDocumentation Debian Admin, (2007, September 10). Setup CUPS (Common UNIX Printing System) Server and Client in Debian. Retrieved October 15, 2007 from Debian Admin Web site: system-server-and-client-in-debian.html system-server-and-client-in-debian.html 33


Download ppt "ABC Corporation, Inc. Server Upgrade Prepared by Team 2, ITEC495-V1WW, Franklin University December 9, 2007 Professor Wayne Smith Prepared by Team 2, ITEC495-V1WW,"

Similar presentations


Ads by Google