LOMBA KETERAMPILAN SISWA SEKOLAH MENENGAH KEJURUAN TINGKAT PROVINSI BALI TAHUN 2017 MODUL 1 SYSTEM INTEGRATION ISLAND IT NETWORK SYSTEMS ADMINISTRATION LKS2017_ITNSA_MODUL1 KEMENTERIAN PENDIDIKAN DAN KEBUDAYAAN DIREKTORAT JENDERAL PENDIDIKAN MENENGAH DIREKTORAT PEMBINAAN SEKOLAH MENENGAH KEJURUAN LKS2017_ITNSA_MODUL1 Page 1
NETWORK SPECIFICATION SPECIFICATIONS WINSRV Server name: Operating System Domain Name: Administrator name: Administrator password: IP address: Domain NetBIOS Name: LNXSRV IP Hostname name Admin Password LNXRO External IP (eth0) Internal IP (eth1) Hostname name Admin Password WINSRV MS Windows 2012 R2 inaskills.net Administrator 10.202.178.2/29 (bridge) INASKILLS 10.202.178.3/29 (bridge) LNXSRV root 172.20.200.65/27 (LAN segmen) 10.202.178.1/29 (bridge) LNXRO root WINCLT Computer name: WINCLT Operating System MS Windows 8.1 name: Password: Domain name: inaskills.net IP address: DHCP WINSRV DOMAIN USER LIST Group Members Password IT itxx (01 50) Marketing mktxx (01 50) Visitors vtrxx (01-30) Employees IT, Marketing LNXSRV (autentication) Password user11 to user20 LNXSRV (user directory) Password 01 to user20 LKS2017_ITNSA_MODUL1 Page 2
NETWORK SPECIFICATION LNXSRV (user mail) budi ani LNXSRV (SSH) remote Password Password LNXSRV (Cacti) master Password LKS2017_ITNSA_MODUL1 Page 3
NETWORK SPECIFICATION NETWORK DIAGRAM MODUL 1 INTEGRATION ISLAND Windows 8.1 Hostmachine (PC 2) Virtual Linux Router LNXRO eth1: 10.202.178.1/29 Virtual Windows Client WINCLT eth0: DHCP Client Windows 8.1 Hostmachine (PC 1) Virtual Windows Server Windows Server 2012 WINSRV Virtual Linux Server LNXSRV eth0: 172.20.200.65/27 System Functions: - Routing - Reverse Proxy - Firewall - DHCP Server System Functions: - Join Domain - DHCP Client Windows Client pre install eth0: System Functions: - Active Directory - DNS - GPO Windows Server pre install eth0: System Functions: - RAID - CA - HTTP & HTTPs - FTP & FTPs - Mail, Web Mail - SSH - System Monitoring (Cacti) 10.202.178.2/29 10.202.178.3/29 LKS2017_ITNSA_MODUL1 Page 4
ISLAND 1 SYSTEM INTEGRATION ISLAND CONTENTS This Test Project proposal consists of the following document/file: LKS2016_ITNSA_MODUL1.pdf INTRODUCTION The competition has a fixed start and finish time. You must decide how to best divide your time. Please carefully read the following instructions! When the competition time ends, please leave your station in a running state. Please do not touch the VMware configuration as well as the configuration of the VM itself except the CD-ROM / HDD drives PHYSICAL MACHINE (HOST) FOLDER PATHS Virtual Machine : C:\Virtual Machine ISO Images : C:\Apps WORK TASK CABLING Create Straighthrought cable with standard T568B LKS2017_ITNSA_MODUL1 Page 5
WORK TASK INSTALLATION (WINSRV, LNXSRV, LNXRO) Note: Please use the default configuration if you are not given the details. WORK TASK SERVER WINSRV Configure the server with the hostname, domain and IP specified in the appendix. o Modify the default Firewall rules to allow ICMP (ping) traffic o Install Active Directory Domain Services for inaskills.net. Create a new Organization Unit named InaSkills2017. All new users and groups must be created in this OU. Create the user and security global group with members as indicated in the table in Appendix. Use as the password for all user accounts. o DNS Create a forward zone called inaskills.net Create a reverse zone for the IP range. Create 4 subdomain: - router.inaskills.net LNXRO - mail.inaskills.net LNXSRV - internal.inaskills.net LNXSRV - modul.inaskills.net LNXSRV - info.inaskills.net LNXSRV o GPO Password Policies Ensure the company user password must meet the following criteria: - Domain passwords will be at least 6 characters. - Strong passwords need not be enforced. - Passwords will not be stored with reversible encryption. - Passwords will be changed exactly every 90 days. - Accounts will be locked out for 30 minutes after three invalid logon attempts. The password of the users in IT group must meet the following criteria: - Domain passwords will be at least 10 characters. - Strong passwords will be enforced. - Passwords will not be stored with reversible encryption. - Passwords will be changed exactly every 30 days. - Accounts will be locked out for 15 minutes after two invalid logon attempts. o GPO Security Policies At logon on WINCLT, users should see this message before logging in: Message Title: Welcome to InaSkills2017 with Message Text Only authorized personnel allowed to access. and prohibit this message on all servers. All users, except the IT group, are not allowed to access the display settings on the Control Panel. disable "First Sign-in Animation" for all Windows 8.1 clients disable the use of cmd and run for the Visitor group hide all local drives for the Visitor group o Windows server pre install without network configuration LKS2017_ITNSA_MODUL1 Page 6
WORK TASK SERVER LNXSRV Note: Please use the default configuration if you are not given the details. Configure the server with the hostname, domain and IP specified in the appendix o Configure the disk and partitions Add 3 disks with 5 GB of each disk. Use the three virtual disks to create a software RAID 5. Mount it as /data o Install the services: 1. CA (openssl) Configure as CA CA attributes should be set as follows - Country code is set to ID - Organization is set to LKS2017 Create a root CA certificate Store the certificate in directory /cert 2. Web Server (apache2 including php5) Create info.php in the http://info.inaskills.net/info.php to check the php version installed. Use the following code for info.php <?php phpinfo();?> Create website http://internal.inaskills.net and http://modul.inaskills.net - Use the following code for index.html in the http://internal.inaskills.net <html> <h1>welcome in the internal inaskills</h1> </html> - Use the following code for index.html in the http://modul.inaskills.net <html> <h1>welcome in the Modul inaskills</h1> </html> Make sure http://internal.inaskills.net is protected by authentication - Allow users from user11 to user20 Enable HTTPs for both sites - Use a certificate signed by CA - Make sure no certificate warning is shown. Create virtual webpages for user01 to user20 - Ex. http://internal.inaskills.net/~user09 3. FTP (proftpd) Enable FTPS - Use a certificate signed by CA LKS2017_ITNSA_MODUL1 Page 7
Each user (user01 to user20) will have a home directory. must have access to update their own virtual webpage via FTP Make sure the user are jailed in their respective website document root directories. Make sure file transfer to the server is possible. 4. Mail and Webmail (Squirrelmail) Create users budi and ani Make sure they have access via POP3, IMAP and SMTP Before you finish your project make sure you send an email message from budi to ani and another message from ani to budi Do not delete these email messages. 5. SSH Server Install SSH Server Root account is not allowed to login. Create user remote with password. That has the same permission as root account. Change SSH port default to 2017 6. Monitoring Server (Cacti) Install Cacti Create an admin-user master with password Create a graph showing the statistics of the CPU, Memory and interfaces traffic of the LNXSRV and LNXRO WORK TASK SERVER LNXRO Configure the server with the hostname, domain and IP specified in the appendix o Install the services: 1. Routing - Enable routing 2. Firewall (iptables) - Block the ICMP packet from external network to the LNXRO - Ensure the external network can access any service on LNXSRV 3. DHCP Range : 172.20.200.71 172.20.200.80 Netmask : /27 Gateway : 172.20.200.65 DNS : 10.202.178.2 4. Proxy (nginx) Configure a reverse proxy for http://router.inaskills.net website, which is hosted by LNXSRV WORK TASK INSTALLATION WINCLT LKS2017_ITNSA_MODUL1 Page 8
Note: o Windows client pre install without network configuration o Please use the default configuration if you are not given the details. WORK TASK WINCLT Note: Please use the default configuration if you are not given the details. o Join the client to the domain inaskills.net LKS2017_ITNSA_MODUL1 Page 9
LKS2017_ITNSA_MODUL1 Page 10