kkk_completely_combined

Installation and Configuration

Michael F. Ryan Jr.IT326-1403B-01 Network Infrastructure AdministrationSeptember-08-2014Thomas McClainContents

TOC o “1-3” h z u Target Organization PAGEREF _Toc396807324 h 3Proposed Network Solution PAGEREF _Toc396807325 h 4Network Design PAGEREF _Toc396807326 h 5Installation and Configuration PAGEREF _Toc396807327 h 7Maintenance and Troubleshooting PAGEREF _Toc396807328 h 11Remote Access PAGEREF _Toc396807329 h 12Network Pro Prep Toolkit PAGEREF _Toc396807330 h 13

Target OrganizationThe organization that has been selected for the individual project is the Department of Health. The purpose of the Department of Health is to serve the citizens of the Commonwealth by ensuring that they have constant access to health services and interconnect multiple agencies. Currently there are over 650 employees that work for the health department as well as annuitants and contractors. The main purpose behind the department’s network is to allow for secure reliable connections.

The Department of Health’s network configuration will be broken down into seven layers. Each layer that is listed will include specific physical elements and show how it will interact with other levels. The logical topology that is being utilized in DOH’s network is the bus topology along with a physical star topology for the office setup.

Proposed Network SolutionThe design of the new DOH network will involve the use of DHCP, DNS and IP Routing. Each layer of the TCP/IP protocol sticks function on its own thus making our network move. The DOH will be upgrading the server OS to Windows Server 2008

Equipment that is being used to update the network is Cisco 2911 routers and Cisco Catalyst 3560 switches. Current technology dictates that upgrades to the current equipment be completed within the six month time frame that has been set forth. The network will have less than ten listed static IP’s for firewall clearance and the rest of the host machines will all be set to DHCP so that their IP’s are automatically assigned.

Some protocols in use for the network are HTTPS because all traffic that is being exchanged is secured against unintended viewing since DOH handles all public records such as SSN, Name, Address and other pertinent information for treatment. SFTP implementation will ensure that the files such as for emails and video are delivered successfully and securely.

The email servers that are being implemented are using SMTP and IMAP. SMTP will be used between the other agency servers and the DOH as well as IMAP so that as a user may be teleworking or in a different location they can log into the server via their VPN account and pull their emails that way. The integrity of information and its security are of the utmost important factors in the network design for DOH. Below is a list of the TCP/IPlayer protocols that are used for the Department of Health design.

Application: DNS (Host Name), DHCP (Host Configuration), SNMP (Network Management), SFTP (Files), SMTP and IMAP (Emails), HTTPS (Internet) and Telnet (Virtual Support)

Transport: TCP (Guaranteed Delivery)

Internet: IPv4 (Internet Protocol), ICMP (Ping Requests)

Network Interface: Cat5 (Ethernet Cabling), SLIP (Serial Line Interface), LAN/MAN/WAN (Hardware Drivers).

All of the listed protocols that are listed are the basic building blocks that are used when we design our network. The application layer shows how the network will give support to the host machines such as the automatically assigned IP addresses that are currently operating on the present subnet. The security of the network and the many facets of the protocols to choose from yielded what the secretary of health wanted when the design proposal was submitted. All elements such as the listed protocols cover all areas of the network for a base product and if decided upon later changes to the protocols and equipment can be revisited.

Network DesignBased upon the recommendations of the instructor I will be discussing services that are required for the day to day activity of the administrators of the Department of Health’s network team. The next topic that is being mentioned in discussion is how emails are encrypted. I will explain the two topics I have mentioned first and move from there to include the other aspects of my network.

Upon mention of the upgrades to all of the equipment the most important aspect will be the servers. Currently the DOH utilizes servers that do not have Microsoft Server 2008 in which case we must upgrade the OS to better utilize the latest technology. The administrative team will be responsible for monitoring all networks that are placed throughout Pennsylvania. Some daily tasks that are handled range from basic over the phone troubleshooting, site visitation to replace broken or older equipment and monitoring networks via Wireshark and Juniper. The admin staff will consist of two personnel back in the main office while the onsite technician will visit clinics and other agencies to work through problems. Daily trouble tickets are handled in the main office and the administrative team will monitor the Service Now ticket submission service to track what needs to be addressed.

After discussing the daily activities of my network section we can start to look at some basic components that are utilized. The network that I will explain possesses multiple elements which are DNS, DHCP, Certificate Services and IP Routing.

The DOH has been looking through different ideas about how to configure their network to work seamlessly. The overall structure of the network will allow for both access via a VPN account while the employees travel while on business or if they are accessing the server while teleworking. The first component of the network will be the server and how it is set up and then I will discuss the components from there.

The topology that is being included in the design of the network is the logical bus topology that can be useful while disseminating information such as patches while we maintain a physical start topology with network closets on all three floors in the IT building. There will be multiple servers but one server will be designated as a DHCP server in which case host machines will have access to the internet and the intranet while having IP’s assigned to the machines.

The network will possess Cisco 2911 series routers to operate the WAN for the virtual connections of employees operating outside of the office as well as communication among the LANs for all state agencies and clinics to communicate back and forth. The main component to the network access for employees who are out of the office will be the firewall instituted so that traffic will not access the servers that is not part of the rules in the firewall. All data going to and from the network must pass through the firewall and if it does not meet specifications it will be blocked.

The network will consist of a couple of topologies for the TCP/ IP suite and thus will be well defined to explain how each is implemented to work on the system. Telnet will be a protocol used for connection to hosts on the network for troubleshooting clinic sites and agencies freeing up the desktop team for troubleshooting.

At the application layer there are going to be multiple protocols utilized for daily activities. SMTP will be used when sending emails across the email servers throughout the agency while IMAP and POP3 are used for accessing the mail via Outlook. The protocol used for the internet will be HTTPS while browsing over the web due to the fact that some pages must transfer information securely.

The transmission of files whether via a cloud platform or directly on the servers themselves will implement FTP which will implement UDP for live video streams and TCP for when documents must be received and tracked for location. The two network protocols that are implemented will be SNMP and NTP. When implementing SNMP all networks will be informed of changes in the implementation and NTP will cover time synchronization for DOH’s network.

The remote access of the network will be used for VPN access whether through DSL, Dial-up and wireless. Telnet is implemented in the suggested network allowing the network, desktop and server teams to have access for troubleshooting. A common prompt that will appear on host machines will be like a DOS prompt for them to except the incoming connection for work to their systems.

The LAN will be set up via DHCP with the exception of certain static machines. The configuration of the actual layout of the network will be based on the three levels of the building and the location of the DEMARC which comes into the first floor network closet. The entire network will feature IPv4 with hosts utilizing the DNS and DHCP that have been configured in the DHCP server while some employees have an alternate configuration stored on their machines for taking their workstations to and from work.

The physical connection to the network will be done through CAT5 cables to the network jacks in each office and cubical on the facility. The WAN design will involve the use of a T1 connection giving it a speed of 1.544 Mbps for data transfer and voice transfer.

Department of Health Network Diagram

Installation and ConfigurationProvide detailed installation steps for each of the major components and protocols planned for the system.

Discuss configuration considerations for installation of these components and protocols.

Include configuration of the system for remote access.

Installation and Configuration

Provide detailed installation steps for each of the major components and protocols planned for the system.

In order to install a fully functional remote system, several steps have to be undertaken to guarantee the efficiency of the system. The steps involved are described in details in order to give out a clear instruction on how the installation process was carried out. Since it is a remote connectivity system, a lot of considerations have to be put in place to ensure that the system functions properly with respect to the expectations placed on it upon its creation. As such, things such as hardware as well as applicability necessity, the security of the system, its troubleshooting as well as maintenance concerns must be considered with a lot of care to ensure that the system created works best for the benefit of the company. As such, the steps given below best describe how the system was installed.

To start the whole installation process, the company must ensure that it has a basic SQL in its servers. Failure to have this server will deny the company the ability to install the components and protocols needed for its system.

First, the company’s programmer must download the file responsible for the installation process required. This calls for the company’s computer to be running on a windows server 2008 that supports either the 64-bit or the 32-bit server (Microsoft.com, 2014).

The next step requires that the programmer logs on to the server that will be the SQL server for the company’s computer. In order to carry out this successfully, the programmer will need to be able to access a .NET Framework that is 3.5.1 version before he can go about setting up the launch of the SQL server. Upon launching the server, the company’s system will reflect such information of its screen:

Success Restart Needed Exit Code Feature Result

>—————– ————— —————–

True No Success {.NET Framework 3.5.1, .NET Environment, C

However, a couple of prerequisites must be conducted

If the company’s computer was by any chance using any other server, it must configure it to ensure that it start using the SQL server as its main server. In order to doo this, the programmer must ensure that she opens the server manager and navigates it in order to configure it, then to local users and groups and finally to groups. Thereafter the programmer must double-click on the administrators button, then click add so that she can change the object types of the company to includes things such as computers and press enter the company’s SQL server name. After this, the programmer must check the names and click OK, clicking OK the second time allows for the saving of the changes made to the Administrators group.

After this, the next step involves accounting for the local administrator. This is done on the company’s computer’s local SQL box. In order to be able to do this, the programmer opens the server manager, navigates through its settings to configure the settings, local users and groups as well as groups. She then double-clicks on the administrators and upon clicking add, she changes the object types on the computer (Microsoft.com, 2014). The programmer finalizes this step by entering the company’s SQL server name. The whole operation is concluded by clicking names, then OK. Changes made, including the administrators group, on the computer are then saved upon clicking OK again.

Once the programmer is through with installing the server, she then carries on to install the major components and protocols planned for the system. The steps involved in this operation include the following;

The programmer opens the SQL server and on its media, s/he navigates through the systems setup folder that allows her to launch the setup.exe. She goes ahead to click next in order to have an overview of the screen.

A setup option is provided for the programmer to typically install the primary stand alone site that is viewed by all who use the server.

Upon clicking next, the program grants access to the licensing terms that provides the user of the computer with the” I accept these license terms”

A location for saving the updates provided on downloading, or creation of a new location on the server is provided by clicking next. It is then followed by downloading the SQL updates as well as its requirements, which saves the programmer from manually performing the installation process. At this point, it is highly recommended for the programmer to copy the downloaded updates for future installations.

Language confirmation for the server is provided with the completion of these downloads. By clicking next, the programmer confirms the server’s language for the user. This is made sure by clicking next again.

The next step involves entering the sites code along with its descriptions.

The server then prompts the programmer to install an existing SQL hierarchy. By doing this, s/he is provided with the option to ‘install the primary site as a stand-alone site’ for the computer. By clicking next, the programmer confirms to the server that there will not be a chance to be part of any hierarchy after installation.

The server details are then entered. This requires the use of a different site code should the user choose to migrate from the SQL server to another. At this point, there is a change in the naming pattern in the database. This is changed from “SMS <site code> to CM < site code>”. The programmer then enters the name found in the SQL server and accepts all other defaults that are available. Then the programmer clicks next.

The site is then confirmed to host SMS provider by clicking next (Microsoft.com, 2014).

The method of communication is then selected with HTTPS being the preferred choice. This choice offers HTTP together with a “site system-by-site system basis”. In order to have maximum flexibility of the server, the programmer is provided with a “configure the communication method on each site system role”.

The server is the made open for the management as well as the distribution point. Depending on the previous options provided, the server is made optional to the programmer. She then clicks next for the next step.

In order to view the customer experience options that are locked for display in the remote system, the programmer only needs to click next.

After the completion of its installation, the programmer is expected to see the confirmation message that tells her of the installation success as well as features and roles played part in the process.

The programmer then clicks the run button to run the program on the company’s computer.

Discuss configuration considerations for installation of these components and protocols.

Before any installation is done, the programmer needs to be aware of some of the things that are a must for an installation to be successful. Some of the things s/he needs to know are the reasons for using the PHP, which contains three major parts. Namely;

Desktop or commonly known as GUI applications

Scripting (common line), and

Server-side scripting (web applications and websites)

In order to conduct an installation, there are three most familiar forms involved. In these forms, the things required include a web server, a PHP, and a web browser. Many companies’ are known to have their own servers as well as web browsers and as a result of this, setting up a server is not hard. The only thing needed for the installation to carry on through is the overwriting of the PHP scripts.

For configuration of a remote system to take effect, a couple of things must be paired together to ring about the effectiveness of the system. Through remote access, the server is able to connect with compatible devices such as the smart phone, any computer within the facility or any pocket PC that may be within the area. By allowing remote access, the programmer is granted a chance to make any necessary repairs needed for the computer as well as troubleshoot the computer itself. This is made possible by the use of either a cable connection or a modem.

Configuration of the system for remote access

The steps involved in configuring a remote access are briefly described below.

The programmer signs in the company’s computer as the administrator. S/he is able to do this by the use of the computers users menu that allows her to boot up. Acting as the administrator, he is enabled to configure the systems remote access (Microsoft.com, 2014).

She then clicks the control panel on the start button, followed by the performance and maintenance irrespective of which operating system the programmer is using.

This if followed by clicking system option in the performance and maintenance or the system and security upon which the programmer is given access to click the remote access tab.

In the remote access tab, the programmer then clicks the select group or users tab that allows her location to object types. This gives her the room to check out the names found in the dialog box.

Firewall configuration is made complete by clicking remote user access in the manufacturers guide.

The process is finalized by opening a dialog box found in the windows firewall where the programmer then clicks the general tab.

Maintenance and TroubleshootingDescribe the maintenance procedures planned for the proposed network, including a schedule of maintenance activities and the steps required for each activity.

Identify the network operations that will be monitored, the information that will be gathered, and the meaning of the information as it relates to potential system problems.

List at least 3 potential network problem scenarios, and identify the troubleshooting procedure that will be used if this scenario occurs.

The maintenance of my system will be done monthly. Some mandatory maintenance that must be completed is security patches, hardware replacements/upgrades, Re-configurations, Server reboots and fail-over testing (Microsoft.com, 2014).

The maintenance timeline will scheduled to take place from 17:00 to 2100 on a daily or monthly basis whichever is deemed necessary by the administrative team. If problems arise such as network connection issues then a member of our network team will stay after hours and even on weekends to complete the listed tasks(Microsoft.com, 2014).

Security Patches- With the portion of patch updates in my network maintenance window I will need to ensure that I follow the patch management process. The four main areas to focus on when managing patches are detect, assess, acquire, test, deploy and maintain. There are going to be three tools that are used in the patch management process and they are Microsoft Baseline Security Analyzer (MBSA), Latest Mssecure.cab and Microsoft Software Update Service (SUS) (Microsoft.com, 2014).

MBSA: The main role that MBSA is designed for scanning computers for vulnerable configurations and detect security updates that Microsoft has released. Some areas that are checked for by MBSA are Windows vulnerabilities, weak passwords, IIS vulnerabilities, SQL vulnerabilities and security updates(Microsoft.com, 2014).

Detect: The first step in detecting will be to utilize MBSA for missing patches. MBSA can be utilized in one of two ways either through GUI or through the command line. The command line method will have a schedule set to run every night at 20:00(Microsoft.com, 2014).

Steps that must be taken to run MBSA are listed below in order for the GUI (Microsoft.com, 2014).

Double click the desktop icon

Click scan computer (Select scan more than one computer and select the IP range you would like)

Clear every box but leave Check for security updates

Start scan

If needed find and download any missing updates

Steps for command line interface (Microsoft.com, 2014)

Type mbsacli /i 127.0.0.1 /n OS+IIS+SQL+PASSWORD

If you would like to specify the exact computer name type mbsacli /c domainmachinename /n OS+IIS+SQL+PASSWORD

Specifying the IP range type mbsacli /r 192.168.0.1 – 192.168.0.254 /n OS+IIS+SQL+PASSWORD

You have the option of scanning the domain but for this assignment I will not be listing how to.

Assessing: Once you have the missing patches identified by MBSA scan identify the vulnerabilities that pose a greater risk. Check Microsoft to see their security bulletin in which a detailed technical report helps in determining threat levels that your system may face (Microsoft.com, 2014).

Acquire: In order to get the needed patches you can do it several ways and they include using the MBSA report details, Windows Update and HotFix& Security Bulletin Search (Microsoft.com, 2014).

MBSA Report: In the report there is a link that is provided that will lead you to the bulletin that contains the patch or how to obtain the patch. From the link you can click on the link to download the patch and save it on your local network. Once you have the patch downloaded you can install it on one or multiple computers.

Windows Update: Use internet explorer to install updated on the server that you need updates installed on, go to Microsoft.com to select the required updates.

Hot Fix: MBSA has the knowledge Base ID number for the corresponding article for the security bulletin. Upon accessing the security bulletin site you can use the ID to find the matching bulleting describing how to get the patch for your network (Microsoft.com, 2014).

Testing: Before you fully implement the patch to your system verify that no negative changes occur and if a breaking change is to be expected determine how to work around it. There are two methods that can be utilized to test a security patch (Microsoft.com, 2014).

Test the patch against a test mirror of the live server configuration. The mirror testing method allows an offline method for you to see how your virtual server works with the changes without affecting your system.

The other affective way of ensuring that the patches are compatible with your networkis to test them on a few systems on the network. When implementing this method it can be done so that if no other live network has your configuration. The network team will provide a backup of the system before the changes in the event that it degrades the performance (Microsoft.com, 2014).

Deploying: Upon selection of the patches for the DOH’s system there are two ways that we will deploy the patches. Options that we are using are Windows Server Update Services (WSUS) and Systems Management Server (SMS) (Microsoft.com, 2014).

WSUS will automatically deploy the critical updates to DOH’s systems on our network. Because all updates are automatically completed the network admin team will not have to visit each host machine and write script.

SMS is a tool that will deliver configurations and change management to the server and operating system of host machines (Microsoft.com, 2014).

Maintaining: In the final stage of the network the maintaining of the system is the most important. With the use of MBSA you regularly discover if your system is vulnerable and when these vulnerabilities are found you can go through the listed process of correcting them. There are two methods for maintaining your system and they are Performing security assessments and Using security notification services (Microsoft.com, 2014).

Performing security assessments uses MBSA to look for the security risks in your network and since it can be configured to run daily.

Using security notification services aids the administrator in our network to receive bulletins that Microsoft releases (Microsoft.com, 2014).

Failover Testing

The failover test allows DOH to ensure that backup system is functioning in the event of hardware failures and or service interruption. In the network diagram you can see two cores because a redundant system is set in place. Below are steps taken to conduct failover testing

Right-click the fail over cluster manager and click manage cluster

Remote Access Remote Connectivity:

Discuss the remote connectivity needs for the system.

Identify the applications and hardware necessary to address the remote connectivity requirements.

Address security, troubleshooting, and maintenance for the remote connectivity.

Remote Connectivity:

Discuss the remote connectivity needs for the system.

For an effective running system, the company must consider the following characteristics to facilitate its network connectivity. Some of the things to be considered include system requirements such as Local Area Network (LAN). This consists of virtual private networks (VPNs), dial-up remote access, and wireless networks. Other important facts that must be put in place when considering the needs for a remote connectivity system are;

Security: for a secure, manageable as well standard –based remote connectivity system, the company must ensure that the system is user friendly to all its employees. This is done as a way to ascertain the employees that they are valued equally the same in the firm’s activities. It has been known that employees take part in the various activities that make up the corporate offices. In addition, branch offices, off road as well as home offices too. To be in a position that guarantees the security of the system, the organization must comprise all its employees in the system.

Management complexity: the use of integrated solutions in the remote connectivity of a system provides a way of challenging the centralized policies and authentications. This is made possible by the use of wireless clients in the organization. As a result of this, many organizations have been made to offer products that are dedicated with little integrations on their infrastructure as well as products (Microsoft.com, 2014).

Lowering cost: for an organization to run a secure networking, it must incorporate the use of separate licensing, training of its employees to be technologically equipped, and support contracts that will facilitate its networking in their aim of supplying technologies and multiple products to the clients. In order to secure the use of a VPNs, the organization is required to acquire a separate certificate that gives authorities and authenticates a model used in that organization. In addition, additional firewalls as well as server gateways and client side software’s must be in place to facilitate this.

Identify the applications and hardware necessary to address the remote connectivity requirements

In order for a remote computer to effectively run system connectivity, there are a couple of requirements that must be put in place. The major concern lies in the hardware of the computer being used to run this system. Failure to have the right requirements can ensure that the installation of the computers server is not successful, which in turn will interfere with the systems operations. It is therefore required that the hardware of the system must have a minimal of 1 GHz CPU, 512MB RAM, 10 GB Hard Disk space, DVD-Rom driver, Super VGA monitor, and keyboard and a mouse.

Address security, troubleshooting, and maintenance for the remote connectivity

Security for remote connectivity

In order for an organization to have network access, it must open up its internal networks to its clients, partners, suppliers as well as its stakeholders. Though it might come with its challenges, this move requires the company to employ higher levels of security that will safeguard any unauthorized access (Microsoft.com, 2014).

Remote Computer Maintenance

For remote computer maintenance to take effect, the administrator must ensure that she assists customers who are in the remote areas. This is done to reduce the need to travel the places where the problem is at. The administrator must ensure that the operating system of the remote computer windows XP that will give chance to perform the maintenance process remotely. This can only take place once the administrator connects to any PC computer and from there work to ensure that the configurations of the remote computer have been done. This whole process is done in three simple steps which include; enabling of the remote computer, remote user selection, and remote computer connection.

Remote Computer Troubleshooting

For a remote computer to troubleshoot, a windows operating system must be present. However, this can be altered with if the remote computer is firewall protected and in order to change the computers settings, one needs to be the administrator for her own computer (Microsoft.com, 2014). The steps involved in performing this task include; connection testing, remote computer enabling, and firewall configuration.

Network Pro Prep ToolkitLab 0.0

Section 0.2.2

Section 0.2.4

Lab 1.0

Section 1.1

Section 1.2.3

Section 1.3.5

1.4.4

Section 1.5.6

4.1

7.1

7.2.5

7.2.6

References

How To: Implement Patch Management. (2014). Retrieved September 18, 2014, from http://msdn.microsoft.com/en-us/library/ff647981.aspx

Telnet. (2014, August 16). Wikipedia. Retrieved September 1, 2014, from http://en.wikipedia.org/wiki/Telnet