Final Report

Total Server Implementation

By Colin Phan, Ken Lee Marquez, Gyu Beom Choi CGK LTD

Table of ContentsExecutive Summary………………………………………………………………………………….3

Introduction…………………………………………………………………………………………...4

Outcomes……………………………………………………………………………………………..5

Challenges……………………………………………………………………………………………6

Solutions………………………………………………………………………………………………7

Budget…………………………………………………………………………………………………8,9

Conclusion…………………………………………………………………………………………….10

Recommendations……………………………………………………………………………………11

References……………………………………………………………………………………………..12

Appendixes…………………………………………………………………………………………….13

Appendix A – Glossary……………………………………………………………………………….13

Appendix B- Technical User Manual (Server Setup)………………………………………………14

Appendix C – User Manual (Website)……………………………………………………………….38

2

Executive Summary

The project will be based on a company CGK requiring a functional intranet for their company to acquire better accessibility for their employees and an easier way to manage and process information. Our team will be implementing a secured windows server 2008 R2 with active directory, DNS, DHCP, Apache HTTP Server, mySQL database. The server will be installed on a dl385 G7 HP proliant server configured with RAID 5 using all six internal drives. As for the clients, we will be using an Intel computer (Intel core 2 duo) with the following specs: 2.33 GHz, 2331 MHz, 2 core(s), 2 logical Processors(s), 2 gigs of RAM and a 150 GB of Hard Disk Space. From there we’re hosting a website using apache that is based on special occasions. Clients will be able to connect and register to the website. Once connected clients will be able to upload/download images from the server, and view products available for order. Once the product is ordered, it will be logged into the mySQL database for confirmation of the order.

Throughout project progression our team had encountered several challenges. First we were unclear on how we’re going to host our intranet. Since in the beginning we decided to host the intranet on SAIT’s network, we later found out that we would encounter issues once we move our project to the showcase room. We would have to reconfigure the network because the showcase room was on a different network. The solution was to create our own private network with DHCP, DNS. The second challenge was deciding on how we were going to host our website. We thought of using an available IP from SAIT but we concluded that there would be too much responsibility required (security wise). Resulting we decided to use an apache http server and run the website through localhost. The third challenge was whether to use windows based OS or a linux one. Since each OS had its advantages, we concluded that we would be using a windows-based OS because we had more experience and that it is much more user-friendly compared to linux. The forth challenge we encountered was the programming aspect of the project. We had to do our own research based on what was required.

For this project, we had a budget of $12,000 for the time period: January 2012 – April 2012. We calculated that the total cost of our project is $6596, and the variance came out to be $5404. As for operating costs, each member had a rate of $40/hour. Ken Lee Marquez had 314 hours resulting in $12,560, Colin Phan had 264.5 hours resulting in $10,580 and Gyu Beom CHoi had 216.75 hrs resulting in $8670. The total for operating costs is $31,810. The cost for the total project including the operating cost came out to be $38,406.

The recommendations for this project mostly rely on the groups pre-planning phase. As it is very important to complete all of the project planning with accuracy to ensure the project’s completion.

Despite all the challenges we have went through we were able to create a basic intranet for CGK. We had learned many things during this project and we will use this experience to help us progress in the future.

3

Introduction

Total server implementation is based on a functional intranet with a private network that will be designed for CGK LTD. The intranet will include one windows server 2008 R2 and two windows 7 clients. From there we created a website that will be available on the network that the clients will be able to connect to, and it will be hosted using an apache HTTP server. This website will be based on special occasion planning where clients will be able to log in and register to have access to the website. Once the website is accessed, clients will be able to view and order specific items that CGK has to offer. Also clients will be able to upload/download files available on the server. Items will range from wedding planners to birthday cards, etc.

We will be creating a secured intranet by using all the knowledge we have learned over the past 2 years. Our server will be created on a HP Proliant DL385 G7. The Windows Server 2008 R2 will be installed with:

- RAID 5 using all 6 internal drives- Microsoft exchange/outlook (installed on member server)- Active Directory- DNS Role- DHCP Role- Apache HTTP Server- mySQL database

Our member server will similar to our main server but with just Microsoft exchange and outlook installed.

The client will be using an intel computer installed with Microsoft Windows 7 Professional x64 with the following specs:

- Intel® Core™2 Duo CPU- 2.33 GHz, 2331 Mhz, 2 core(s), 2 logical Processors(s)- 2 gigs of RAM- 150 GB of Hard Disk Space

4

Outcomes

- Windows server 2008 R2 installed- Windows 7 installed- Antivirus installed on all systems- Microsoft exchange functional- Active directory- Network drive functional- Apache HTTP server configured- DNS, DHCP servers functional- Sync with mySQL database- Microsoft outlook configured with MS exchange (on member server)- E-Mail system functional- Functional security features- Website created (upload/download/register/login/orderform features functional)- Sync with database

5

Challenges

Over the past 4 months of the capstone project, our team had encountered many challenges. These challenges had created many obstacles in our quest to completing our capstone project. Challenges ranged from hardware to software issues.

The first challenge our team encountered was how we were going to host our intranet’s network. At first we decided to host the intranet using SAIT’s network but we later found out that if we were going to use SAIT’s network there will be issues for our showcase since we were currently in a different network and the showcase area had a different network. If we wanted to use SAIT’s network for our intranet we would’ve had to configure everything again once we entered a different network.

The second challenge our team had was how we were going to host our website. We thought at first we could get a reserved IP/domain from SAIT but if we do there will be a major responsibility that comes with it. We would have to make sure that the IP/Domain provided by SAIT would be fully secured, not making it fully secured will allow outsiders to penetrate SAIT’s network causing major issues.

The third challenge was whether to use a windows based operating system or a Linux based operating system. Over the course of 2 years our team had experience with using both operating systems. We learned the pros and cons of each system but we had to finalize which to use because it can greatly affect the outcome of the project.

The fourth challenge our team encountered was the programming aspect of the project. As we are computer system majors, programming is not considered one of our strengths.

The final challenge our team encountered was installing Microsoft exchange. We had encountered many errors installing exchange on the domain controller. The errors were coming from the initial installation. With the installation, we also got errors configuring exchange to work with Microsoft outlook.

6

Solutions

The solution to the first challenge was to create our own private network. Since we are using Windows Server R2 2008 we’re able to create our own DNS and DHCP servers. By creating a DNS server we will be able to have our own domain that we can manage and from there we can add our users to the domain. A DHCP server will auto assign/generate an IP address according to the IP scope range configured.

The solution to our second challenge was to host the website in our own private network using Apache HTTP server. We will be using the HTTP server to host our website through the local host instead of buying a domain/ip from a different network.

We decided to use a windows based operating system for our project. This is because we have more experience with windows operating systems. Windows OS were more user-friendly compared to linux based OS based on our experience. Windows was more easily managed because there are helpful interfaces that can guide us through what we want to do. Compared to linux OS; most of the configuration is done through the terminal window, which to us wasn’t nearly efficient as windows.

As for the programming aspect of the project, we had to review our old work from previous semesters to re-learn the task required. Since we’re creating a website, we will be using our past experience from web essentials to aid us on how to conduct one. For the new features we want to add to our website we had to research on the internet and ask our fellow colleagues for extra help.

We managed to get Microsoft exchange working with Microsoft outlook. We first figured out that the installation of Microsoft exchange had to be installed on a member server and not on the domain controller. Once we installed MS exchange on a member server, it was successful. When we had to configure Microsoft exchange to work with Microsoft outlook we ran across some errors, users weren’t able to log into Microsoft outlook. We fixed this by creating new profiles in the control panel for the windows machines.

7

Budget

Budget for Total Server Implementation Project

Time period: January 2012 – April 2012

Budget: $12,000

Item Quantity Rate/unit Cost

[2]Server 1 $2000.00 $2000

[2]PC’s 2 $700 $1400

[2]Switch 1 $150 $150

[2]Cables 10 $10 $100

[2]UPS 1 $150 $150

[2]monitors 2 $100 $200

[2]keyboards 2 $40 $80

[2]Mouse 2 $20 $40

[2]Printer 1 $99 $99

[2]Editing software 4 Free (trial version)

$0

[2]Windows 7 Operating system 2 $150 $300

[1]Windows server R2 2008 1 $800 $800

[1]Windows server R2 2008 License 1 $1200 $1200

Total $6596

Total Cost of project: $6596

Budget – Total Cost of project = $12,000 - $6596 = $5404

Total Variance = $5404

8

Budget

Operating Costs:

Item Day/Hours Rate Cost

Ken Lee Marquez 314 hrs $40/hour $12,560

Colin Phan 264.5 hrs $40/hour $10,580

Gyu Beom Choi 216.75 hrs $40/hour $8670

Total $31,810

Total Operating Costs: $31,810

Total Expense (including project cost) = $31,810 + $6596 = $38,406

9

Conclusion

Overall, we managed to implement a functional intranet that contains: DNS, DHCP, Apache, Active Directory, Microsoft exchange configured with Microsoft outlook and a company website. The user accounts created within active directory have their appropriate permissions assigned and all users have access to a functional e-mail system (MS Outlook). The website hosted with apache is functional with all the features expected.

This final capstone project was a great experience for our team. We got to conduct our project in a real environment where important factors had to be considered. We learned many things from our project; time management, communication, productivity, team work. These factors played a major role for the success of this project. Even though we had encountered some problems throughout our project, we learned as a team to quickly resolve the issue to prevent further mistakes. We will be using this experience to prepare us for the future possibilities that we might have to endure. As this experience is very valuable to us, it will be considered as an important experience for our future.

10

Recommendations

Our team recommends the following for future success on implementation of this project:

Skills in software, hardware, networking and server administration are vital for the success of this project

Manage your time well, plan group meetings and progress meetings before actual class time to ensure full productivity during project work class.

Develop an accurate Gantt chart to help keep the project progression clear. Make minimal changes to the project to lessen the impact it can have in the future. Configure a network topology well in advance Practice the important aspects of the project in a VM first (DNS, Active Directory, DHCP,

Apache HTTP server installations) to prevent issues with the live hardware. Make daily backups Research all the necessary requirements for this project before the actual

implementation. Install Microsoft exchange on a member server Develop an accurate project charter Take note all of the new lessons learned to help aid you in the future Resolve issues/problems immediately so it won’t interfere with your project progression

11

References[1] WikiPedia “DHCP” [Website] Available at: http://en.wikipedia.org/wiki/DHCP [Accessed]: March.12.12

[2] WikiPedia “DNS” [Website] Available at: http://en.wikipedia.org/wiki/Domain_Name_System [Accessed]: March.12.12

[3] WikiPedia “Linux” [Website] Available at: http://en.wikipedia.org/wiki/Linux [Accessed]: March.12.12

[4] WikiPedia “IP” [Website] Available at: http://en.wikipedia.org/wiki/IP [Accessed]: March.12.12

[5] WikiPedia “Intranet” [Website] Available at: http://en.wikipedia.org/wiki/IP_address [Accessed]: March.12.12

[6] WikiPedia “Intranet” [Website] Available at http://en.wikipedia.org/wiki/Intranet [Accessed]: March.12.12

[7] Webopedia [Website] Available at http://webopedia.com [Accessed]: March 12.12

[8] Wikipedia [Website] Available at http://en.wikipedia.org [Accessed]: March.12.12

12

Appendix A - Glossary

[8]Client - – A system that has accessed a service made available by a server

[8]Server - A physical computer dedicated to run one or more services to serve the requests of other programs and or clients

[2]DNS – (Domain Name System) translates queries for domain names into IP addresses for the purpose of locating computer services and devices

[1]DHCP – (Dynamic Host Configuration Protocol) is a network configuration protocol for hosts on internet protocol networks.

[7]Active Directory - a database that keeps track of all user accounts and passwords

Apache HTTP Server - – A server that provides HTTP services

Windows – an operating system produced by microsoft

[3]Linux – an operating system assembled under the model of free and open source software

[7]Domain - A domain is a group of computers that are administered as a unit with common rules and procedures

[5]IP Address – a numerical label assigned to each device participating in a computer network that uses the internet protocol for communication

[4]IP (internet protocol) – a set of rules for sending data across a network

Localhost – hostname given to the address of the loopback network interface

IP Scope – range of IP addresses (192.168.1.10/24 – 192.168.1.50/24)

[6]Intranet – a computer network that uses the internet protocol technology to securely share any part of an organization’s information or network operating system within that organization

[7]RAID - Redundant array of independent disks – A system with multiple hard drives designed for sharing or replicating data

13

Appendix – B Technical Manual (Server Setup)

By Colin Phan, Ken Lee Marquez, Gyu Beom Choi

14

Table of Contents

Server Implementation ……………………………………………………………………………...………………………………………..17

IP Addresses …………………………………………………………………………………………………………………..……18

Installing Active Directory ………………………………………………………………………………………..………………...18

Configuring DNS Server……………………………………………………………………………………………….……………19

Creating a group for users ………………………………………………………………………………………..……….……….20

Creating Users for Client PC……………………………………………………………………………………..………………. 20

Joining Users to the group ………………………………………………………………………………………………...………..20

Creating a Network Drive ………………………………………………………………………………………………….………..20

Configuring DHCP server Role …………………………………………………………………………………….…..…………..21

Configuring an Apache HTTP Server ………………………………………………………………………………………………22

Using a Virtual Host…………………………………………………………………………………………………………………..23

Adding Virtual Host to DNS………………………………………………………………………………………………………….23

Testing the Virtual Host………………………………………………………………………………………………………………24

Installing MYSQL DATABASE ………………………………………………………………………………………….…………..25

Installing Microsoft Exchange/Outlook …………………………………………………………………………………26

Setting up the Domain Controller ………………………………………………………………………….…………...26

Setting up the Member Server ………………………………………………………………………………………….26

Intial MS Exchange Setup …………………………………………………………………………………………….…26

Installing prerequisites for MS Exchange ………………………………………………………………………………27

Preparing Active Directory ……………………………………………………………………………….………………27

Configure Hub Transport Role …………………………………………………………………………..………………28

Adding MX record to DNS …………………………………………………………………………………….…………28

Creating Mailboxes ……………………………………………………………………………………………..………..28

Setting up Windows 7 ……………………………………………………………………………………….…………..29

Creating a Mailbox-Enabled-Group …………………………………………………………………...……………….29

15

Installing Microsoft Outlook ……………………………………………………………………………...……………..30

Client Implementation

Installing the operating system ………………………………………………………………………………………………..31

Ip Addresses ……………………………………………………………………………………………………….……………31

Joining the Domain ………………………………………………………………………………………………….………….31

Security

Securing windows server 2008 R2 ………………………………………………………………………………………..….32

Disable the Following Services ………………………………………………………………………………………….…….33

Create a new firewall rule to block all incoming traffic. ………………………………………………………………….….33

Securing connections between all machines that are not DCs …………………………………………………….……...34

Blocking all ICMP settings ………………………………………………………………………………………………….….34

Securing Windows 7 ……………………………………………………………………………………………………….…..35

Disable the following services …………………………………………………………………………………………….…..35

Securing the private network ……………………………………………………………………………………………….…36

16

********Warnings*********

All the steps listed here are based on the steps that we used to implement our project, though errors may occur, we hold no responsibility for any damage that might occur. Make sure to perform regular backups and use these steps at your own risk.

********Warnings*********All programs and operating systems described in the manual are official versions that were purchased and validated with a license key. You must find your own sources to obtaining these operating systems and programs.

Server Implementation1. We are using a HP Proliant DL385 G7 server,the specifications are:

Processor

Processor family AMD Opteron™ 6100 SeriesAMD Opteron™ 6200 Series

Number of processors 1 or 2

Processor core available

8 or 12 or 16

Memory

Maximum memory 512 GB

Memory slots 24 DIMM slots

Memory type DDR3 RDIMM or UDIMM

I/O

Expansion slots 6

Network Controller (2) 1GbE NC382i Multifunction 4 Ports

Storage

Maximum drive bays (16) SFF SAS/SATA/SSD or(6) LFF SAS/SATA

17

Supported drives Hot plug 2.5-inch SASHot plug 2.5-inch SATAHot plug 3.5-inch SASHot plug 3.5-inch SATAHot plug SFF SSD

Storage Controller (1) Smart Array P410i Integrated

Taken from : http://h10010.www1.hp.com/wwpc/us/en/sm/WF06a/15351-15351-3328412-241644-241475-4132832.html?dnr=1

2. Next step is to install the operating system. We will be using Windows Server 2008 R2 iso image and making it bootable via CD-ROM .

3. Follow the instructions and install Windows Server 2008 R2 Full enterprise version.4. The next step is to change the computer name, then restart the computer.

5. IP Addresses

- Assign a static IP

6. Installing Active Directory.

This can be done by running “dcpromo.exe” from the command prompt or simply typing “dcpromo” into run in the windows task bar.Once dcpromo setup has finished, we can now continue with the installation.

Follow through the installation using these settings:- Use advanced mode installation- Create a new domain in a new forest- Type a fully qualified domain name (FQDN) of the new forest root domain (eg:

cgk.local)- Type a domain NetBIOS name; this is the name that users of earlier versions of

windows will use to identify the new domain- Select the forest functional level: Windows Server 2003- Select the domain functional level: Windows: Windows Server 2003- Select DNS server and global catalogue- Assign a static IP- Assign a password for the administrator account- The installation will now continue

18

7. Configuring a DNS server

- Install DNS service (if not already installed)- Server Manager >Roles > Add Roles > DNS Server

- Set up the zone files- Open DNS management snap-in tool under administrative tools, and right click on

the “Forward Lookup Zone”. Select add a new zone > select primary zone > uncheck “Store the zone in Active Directory.” > create a zone name eg:cgk.local > create a file with the zone name > Do not allow dynamic updates, this will ensure that you’re creating a static DNS server.

- Set up the resource records- Now you need to put static entries in the zone file. Put a host record in your zone file;

right-click your domain name and choose “New Host (A or AAAA)”- Now enter in the computer’s name that you want to add to the DNS server and the IP

address.- Update the Server files by right clicking on your server name: “Update Server Data

Files” then “Refresh”.- Now that the A records are added you can test it by using your client and trying to

ping the DNS server.

- Reverse lookup Zone- We can now query the reverse lookup zone file instead of using the forward lookup

zone file.- Using your client ping the server using the –a option to force a hostname lookup- The ping should be successful but no name will be given.- To create a reverse lookup zone file: right click Reverse Lookup Zone in DNS

manager > new zone > Primary zone, uncheck store zone in active directory > check IPv4 Reverse Lookup Zone >Enter in the IP of your server in Network ID > do not allow dynamic updates

- Once the file is created we now have to create a PTR record to point to the DNS server:

- Right click on the reverse lookup zone file > new pointer (PTR) > then browse for the host name of your server

- Refresh and update the server data file- Try to ping again with the –a option and the host name should appear.

19

8. Creating a group for the users

- Start > Administrative Tools > Active Users and Computers- Right click on the domain and create a group- Fill in the required information- Select “Global” and “Security”

9. Creating users for the client PC- Start > Administrative Tools > Active Users and Computers- Right click on the domain and create an organizational unit- In that organizational unit create users for the client PCs:- Right click on the organizational unit > New > user- Enter in the information required- Check “User must change password at next logon”- Enter in a temporary password so the user can log in.- The user is now created.- It now can be tested by logging in as the user created on the client PC

10. Joining the users to the group- Start > Administrative Tools > Active Users and Computers- Click on the organizational unit created earlier- Right click on the security group created and go properties- Click on the members tab- Add all the users created to this group

11. Creating a Network shared drive- Created a folder in the Local Disk (C:)- The folder created must now be shared in order for the users to have access to this

shared folder.- Right click on the folder > sharing tab > advanced sharing > check share this folder- Note the network share path because this information is needed for the next step

(Eg: \\SERVER\share- Go back to Active directory users and computers and right click on a user that will be

allowed to have access to the shared folder.- Properties > profile tab > home folder- Check connect, select any drive letter > enter in the network path (eg: \\SERVER\

share)- Now log on the user account and test if the user can access the shared folder.- Make sure to assign the appropriate sharing/security settings.

20

12. Configuring a DHCP server- Give the server static IP address- Add DHCP server role- Set up scopes- Set up lease information- Authorize the server- Activate the scope- Test DHCP server

1. Adding DHCP server role- Server manager > Add Roles > DHCP Server- Specify iPv4 DNS server settings- Assign parent domain to domain created earlier in DNS (eg. cgk.local)- Assign preferred DNS server IPv4 addresses (IP address of server)- WINS is not required for applications on this network- DHCP Scopes- Provide a scope name, starting IP address, ending IP address, subnet mask and

check activate this scope- Disable DHCPv6 stateless mode- Click install- Authorize the server by adding the server in DHCP options:- Right click DHCP > add server > authorize

** (TESTING PHASE) **To verify that DHCP server will assign an correct IP address:

- Log onto your windows 7 machine- Open up control panel > network and sharing center > change adapter settings >

right click on your connection.- set the client PC’s IP address information to “Obtain an IP address automatically”- Release and renew the IP address in the command prompt:- Ipconfig /release > ipconfig /renew- The IP address should now be assigned according to the scope range given in the

DHCP settings

21

13. Configuring an Apache HTTP Server1. First download the latest version of the http server software from:

- www.apache.org - Download the binary version for your OS, with the OpenSSL support

2. Secondly download the latest stable binary version of the PHP software from:- www.php.net - Follow through the instructions to continue with the installation:- Network Domain : localhost- Server Name: localhost- Typical installation- Accept the default installation location (C:\Program Files\Apache Software

Foundation\Apache2.2\)- Click install

3. Check the HTTP Server installation- Run a browser program- Navigate to localhost- You should see in the browser webpage “It Works!”

4. Installing PHP:- Accept the default installation location (C:\Program Files\PHP\)- Leave the default server type selection, and select Next (Apache 2.2x Module)- Ensure the apache configuration path to the install to is correct, then select next (C:\

Program Files\Apache Software Foundation\Apache2.2\conf\)- Open the “extentsions” node- Select MySQLi option- Click install

5. Check PHP installation- Create a file called test.php in the apache web pages directory: (C:\Program Files\

Apache Software Foundation\Apache2.2\htdocs)- The test.php file should look like this:

<html><body><?phpphpinfo();?></body></html>

22

- Navigate to the page: by using a web browser and pointing it to http://localhost/test.php , the php information website should show up

Using a Virtual Host:

- Open httpd.conf- Add following code to the bottom of the file:

SSLMutex noneSSLRandomSeed startup builtinSSLSessionCache none

NameVirtualHost 192.168.0.4:80

<VirtualHost *:80>ServerName cgkltd.comDocumentRoot "C:\Program Files (x86)\Apache Software Foundation\

Apache2.2htdocs\htdocs"

</VirtualHost>

<VirtualHost 192.168.0.4:80>ServerName cgkltd.comServerAlias cgkltd.comDocumentRoot "C:/Program Files (x86)/Apache Software

Foundation/Apache2.2/htdocs/myProject"

<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/myProject/index.php">

Options Indexes FollowSymLinks MultiViews IncludesAllowOverride AuthConfigOrder deny,allowAllow from all

</Directory>

</VirtualHost>

- Restart Apache

Add the virtual host into the DNS- Using the DNS tool- Go to your domain

23

- Add a “A” host record- Enter : cgkltd for the name- IP Address: 192.168.0.4- Add host- Reload your domain- Update server data files- Restart dns service

Testing the Virtual Host

****Note: The Client machine must be up and running before you can complete this step, refer to the “Client Implementation Step before proceeding”. ****

****Note: If you’re creating a virtual host you need to have created a website prior to this step, and host it using apache in order to have access to the website. ****

- Log onto the client machine- Open a web browser- Enter the following URL: cgkltd.cgk.local- The website should now be accessible

24

Installing mySQL Database

Now that apache is installed, we can install a SQL database

1. Download the Community Server (free) version of the MySQL server software from www.mysql.com

2. Use the following settings:3. Typical setup type4. “Configure the MySQL Server now”5. Detailed configuration6. Developer machine7. Transactional database only8. Online transaction processing9. Enable TCP/IP Networking, enable Strict mode10.Standard character set11. Install as windows service, include bin directory in windows PATH12.Modify security settings (create your own password)13.Execute.

** (TESTING PHASE) **Using the command line tool:– Run a command shell (cmd)– Type in: mysql --user=root --password=password

You should see:“Welcome to the MySQL monitor, commands end with : or /gYour MySQL connection id is “x”Server version: “X.X.XX-community MySQL Community Server (GPL)

- At the prompt type in: show databases;- Press enter- You should see: some default databases- Now that SQL is working we must installed mySQLyog- (it can be downloaded from http://code.google.com/p/sqlyog/downloads/list)- Once mysqlyog is installed, run the program- Select new connection- And entering the following information:- Host address : localhost

25

- Username: root- Password: (password you created earlier)- Port : 3306- Click connect- Now mysqlyog is configured, you can now start to build your database.- Installing Microsoft Exchange/Outlook

Setting Up the Main Domain Controller (only if OS/Active Directory isn’t installed)1. Install a copy of windows server 2008 R22. After OS installation, boot up the server and assign a static IP3. Run dcpromo in the run command- Use the following settings- New domain in a new forest- New domain name (Eg. cgk.local)- Forest Functional level 2008- Install the DNS role- Reboot the server to finalize settings

****NOTE: Installation of MS Exchange should be installed on a dedicated Windows Server 2008 R2 member server****

Setting up the member server1. Install a copy of windows server 2008 R22. After installation, add this server to the domain3. Right click My Computer > properties > change settings > computer name tab >

change4. Enter the domain in “Member of” (Eg. cgk.local)5. Restart the member server

Intial MS Exchange setup1. Before installing the actual Microsoft exchange we have to make sure the member

server meets the prerequisites.2. Active Directory: - Schema Master (x86 or x64): windows server 2003 Standard/Enterprise with SP1,

or Windows Server 2008 Standard/Enterprise, or Windows Server 2008 R2 Standard/Enterprise

- Global Catalog (x86 or x64): In each AD sites GC running, windows server 2003 Standard/Enterprise with SP1, or Windows Server 2008 Standard/Enterprise, or Windows Server 2008 R2 Standard/Enterprise

- Domain Controller (x86 or x64): In each AD sites writable DC running, windows server 2003 Standard/Enterprise with SP1, or Windows Server 2008 Standard/Enterprise, or Windows Server 2008 R2 Standard/Enterprise

- AD Forest: Forest Functional Level must be Windows Server 2003 or higher.3. AD Health Check (to check for AD replication, DNS errors)- To perform an AD health check, enter these following commands in the command

prompt:- Dcdiag /test:DNS /e /v /f:dcdiag.log ( DC diagnostic will be saved in dcdiag.log)- Nslookup gc._msdcs (will check global catalog)

26

- * if you have more than one DC then you can check replication using the following command:

- Repadmin /showrepl * > showrepl.log

Installing prerequisites for MS Exchange

1. Windows PowerShell 2.0 (automatically installed with windows server 2008 R22. Microsoft .Net Framework 3.53. WinRM 2.04. Microsoft filter pack x64 version need to be installed

(http://go.microsoft.com/fwlink/?linkid=137042 )5. All prerequisities can be installed using windows power shell

- Open windows powershell on the member server (make sure the account has admin privileges)

- Enter the following commands:- Import-Module ServerManager- Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-

Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart

- Wait for the installation to finish (reboot required)- Once the member server is rebooted, open powershell again and enter the following

command:- Import-Module ServerManager- Set-Service –Name NetTcpPortSharing –StartupType Automatic (This will start up

the service required for ms exchange)

Preparing Active Directory

****Note: Account used to setup exchange 2010 must be a member of the Schema, Domain, Enterprise Admins.****This step will prepare Active Directory to avoid installation problems. Open a command prompt on the member server and enter the following commands. Make sure the Microsoft exchange DVD is in the drive.

- /d:Setup /PrepareAD- If you come across and error use the following command: /d:Setup /PrepareAD

/OrganizationName:”First Organization”- Next command is: /d:Setup /PrepareSchema- And lastly : /d:Setup /PrepareDomain- Once these setups are complete: run the setup as administrator from the DVD drive- /d:Setup (this will launch the official installation)

27

- Use the following settings for the official installation

- Exchange language option – install only languages from DVD

- Accept the license agreement

- no error reporting

- custom installation: mailbox, client access, hub transport, management roles.

- “yes” clients use outlook 2003 or entourage

- Enter a FQDN for the client access server role for internet facing (eg Mail.myexchange.com)

- Now MS exchange will install

- Once finished reboot the server and exchange management console should come up where you can configure and finalize your setup.

Configure the hub transport role

There needs to be at least one accepted domain for the Exchange Server organization. An accepted domain is any domain namespace for which the Exchange server can send and receive SMTP email. By default, the FQDN of your forest's root domain is defined which is what we will be using.

- Click on the “Organization Configuration” in the left hand pane and select Hub Transport Role.

- Click on the “Accepted Domains” tab and you should see that by default your server is set up as a hub transport for the domain you created. (cgk.local)

Add your MX Record to DNS Open your DNS Admin tool.

a. Expand your server.b. Expand your Forward Lookup Zones.c. right-click on your domain and choose "New Mail Exchanger".d. add your domain controllers FQDN as the mail exchanger.e. Click Finish.

Creating mailboxesCreate mailboxes using the exchange management console

28

- EMS > Recipient Configuration – Mailbox and from the action pane “New Mailboxes then follow the wizard

- Create mailboxes for the users in your AD

Setting up Windows 7- (refer to client implementation below)- Once the pre setup is completed

**(TESTING PHASE)**- Log in as administrator- Open a web browser and enter: https:// yourserver.yourdomain.com /owa , a login box

should appear (eg. https://192.168.0.6/owa or https://member.cgk.local/owa)- Log in as one of your mailbox-enabled users- Try sending an email to another mailbox-enabled user- Then log in as that mailbox-enabled user and check to see if the message was

successfully sent.

Creating a mailbox enabled group- On the exchange server, recipient configuration, select “New distribution group”- When the group is created, select it’s properties and add users to the group

**(TESTING PHASE)**From the client machine (Windows 7), log in as one of your mailbox-enabled user and send an email to the distribution group created earlier. Once sent, the email should appear for all the users in that distribution group.

29

Installing Microsoft outlook 2010- Install Microsoft outlook 2012- Once the installation is complete, it will need to be configured to work with

Microexchange server.- Open control panel > mail > create a new profile- Manually set the server configuration- Uncheck “use cached exchange mode”- Enter the exchange server name (eg. member.cgk.local)- Enter a user account (eg phan@cgk.local)- Click the check button, (this will attempt to connect to the Microsoft exchange server)- once the account is created, open outlook, select the created profile.

**(TESTING PHASE)**Log in with the profile created earlier and check that you can send and receive e-mails using outlook. If successful, MS exchange/outlook configuration is complete.

30

Client Implementation

1. We will be using an INTEL computer for our clients. The Client PC specs are:Processor: Intel® Core™2 Duo CPU e6650 @ 2.33 GHz, 2331 MHz, 2 Core(s), 2 Logical Processor(s)

Memory: 2048MB RAM

Hard Drive: ATA Device ST3160815AS, 150 GB

Display: Intel® Q53 Express Chipset Family

2. Installing The Operating System

- Make a bootable windows 7 iso CD- Microsoft Windows 7 professional- Once installed, change the computer name

3. IP addresses

31

- Assign a static IP- Enter in the DNS server’s IP address for the preferred DNS server

4. Join the domain- Right click on my computer > Properties > Change Settings > Change- Enter in the domain name- Provide the user and password- Now the client PC is connected to the domain- You can verify the connection by pinging the domain name (ex: ping cgk.local)

Securing windows server 2008 R2

1. Use windows update to download all the updates available online.2. Consider strong password complexity3. Install an antivirus4. Using the domain controllers policy > computer configuration > policies > windows

settings > local policies > security options5. Use the guide below to enable and or disable each setting[1]:

  Security Settings          

9   Disable anonymous SID/Name translation. (default) 1.9.6   !    

10

  Do not allow Anonymous Enumeration of SAM accounts (Default) 1.9.37   !   5.5

11

  Do not allow Anonymous Enumeration of SAM accounts and shares. 1.9.38   !   5.5

32

12

  Disable the guest account. (Default) 1.9.5   !   5.12

13

  Digitally Encrypt or Sign Secure Channel Data (Always). (Default) 1.9.12       5.6

14

  Digitally Encrypt Secure Channel Data (When Possible). (Default) 1.9.13   !   5.6

15

  Digitally Sign Secure Channel Data (When Possible). (Default) 1.9.14   !   5.6

16

  Place the University warning banner in the Message Text for Users Attempting to log on.

1.9.27-28

§

!   5.10

17

  Disable the sending of unencrypted password to connect to Third-Party SMB Servers. (Default)

1.9.32   !   5.6

18

  Do not allow Everyone permissions to apply to anonymous users. (Default) 1.9.40   !   5.12

19

  Do not allow any named pipes to be accessed anonymously. 1.9.41   !   5.12

20

  Restrict anonymous access to Named Pipes and Shares. 1.9.43   !   5.12

21

  Ensure that no shares can be accessed anonymously. 1.9.44   !   5.12

22

  Choose "Classic" as the sharing and security model for local accounts. (Default)

1.9.45   !   5.12

23

  Do not store LAN Manager hash values 1.9.46   !   5.13

24

  Set LAN Manager Authentication level to NTLMv2 only

[1]“Windows Server 2008 R2 Hardening CheckList”, “Information Security Office” [Website] Available at : https://wikis.utexas.edu/display/ISO/Windows+2008R2+Server+Hardening+Checklist [Accessed]: Mar.2.12]

33

Disable the following services:

Remote Access Auto Connection Manager

Remote Access Connection Manager

Remote Desktop Configuration UserMode Port Redirector

Remote Registry

Remote Desktop Services

Create a new firewall rule to block all incoming traffic.

Start -> Administrative Tools -> Windows Firewall with Advanced Security:

- Right click Inbound Rule- New Rule- Custom Rule- All Programs- Protocol type: Any- Local, Remote IP addresses : Any IP Address- Block the Connection- Check Domain, Private, Public- Then Name the new firewall rule (eg. Block all Inbound Traffic)- Finish

Securing connections between all machines that are not DCs

Start -> Administrative Tools -> Windows Firewall with Advanced Security:

- Right click Connection Security Rules- New Rule- Custom Rule- Endpoint 1, Endpoint 2 : Any IP address- Require authentication for inbound and outbound connections- Default Authentication

34

- Protocol Type : Any- Apply the rule to Domain, Private, Public- Name new the firewall rule (eg. Client/server Domain isolation)- Finish

Blocking all ICMP settings

- Open a command prompt- Enter the following command- Netsh advfirewall firewall add rule name=”All ICMP V4” protocol=icmpv4:any,any

dir=in action=block

Securing Windows 7

***NOTE: Make sure to research on the services you require and not require, disabling certain services can damage your system***

35

1. Update windows 7 using Windows Update tool2. Update Windows Defender3. Password complexity4. Install a Antivirus

Disable the following services [2]:

Remote Desktop Configuration

Remote Desktop Services

Remote Desktop Services UserMode Port Redirector

Routing and Remote Access

SSDP Discovery

TCP/IP Net BIOS Helper

UPnP Device Host

[2]”How to secure your windows 7” [website] Available:http://technicallyeasy.net/2010/03/how-to-secure-your-windows-7-system-part-2/. [Accessed: April 1.2012]

Securing private network

1. Configure the BIOS to boot the computer from the hard drive only. Do not allow the computer to be booted from the diskette or CD-ROM drive.

2. Password protect the BIOS so changes cannot be made to the BIOS without authorization.

36

3. You can apply a power-up password to provide extra security, this can be done via the BIOS security settings

Appendix – C User Manual (Website)

37

Table of ContentsAccessing the web page ……………………………………………………………39

38

About us ……………………………………………………………………………….40

Contacts …………………………………………………………………………….…40

Calendar …………………………………………………………………………….…41

Login Page, How to Register……………………………………………………… 42

Login Page ………………………………………………………………………….…44

Logged on Status ……………………………………………………………………45

Services ……………………………………………………………………………..…45

Weddings …………………………………………………………………………..…46

Products ………………………………………………………………………………48

Valentine products …………………………………………………………….……49

Wedding songs ………………………………………………………………………51

My Page ………………………………………………………………………………..52

Message …………………………………………………………………………….…53

Message Info …………………………………………………………………….……54

Our Portfolio …………………………………………………………………….….…55

Upload/Download Feature…………………………………………………………..56

Upload……………………………………………………………………………………57

Download……………………………………………………………………………….58

Requesting Help………………………………………………………………………59

****Note: Our website is for demonstration purposes only; no items are actually been sold or dispersed. ****

39

****Note: Our website is not accessible in the open network; it only works within our private network we created. ****

Accessing the website:

Open up a web browser and enter the following URL: cgkltd.cgk.local

This is the home page, un-registered users only have access to the “About us”, “Contacts”, and “Calendar” tabs.

The About us webpage contains information about the project, group members, sponsor etc.

40

The Contact webpage contains contact information for the group members/sponsor

The calendar webpage displays a calendar containing events currently scheduled

41

In order to have access to services and products, a guest must register using the register link displayed on the home page

HOW TO REGISTER

42

***This page contains error checks, make sure the passwords match, and no fields are left blank***

1. Click on the register link on the home page2. Enter a username and password3. Confirm your password4. Click register

r

A dialog popup will appear indicating “User added”

43

Once “ok” is clicked, another dialog will appear asking if you want to login

If you click “ok” you will get redirected to the login page, if you press cancel it will redirect you to the register page

Now that you’re registered, you can click on the “Log-in” click displayed on the home page, it will redirect you to the login page.

44

***This page contains error checks, make sure no fields are left blank or incorrect***

Here you must enter in your username and password.

Once you enter the username and password and click “login” you will get redirected to the home page with logged on status

45

With login permissions, you can now access “Services” and “products” and “my page”.

The Services webpage displays the 3 services that CGK Ltd has to offer: Weddings, birthdays and graduations.

If you click on “weddings” you will get redirected to the weddings service page

46

In this page users will be able to select the type of wedding service they would like to order

(videography, photography or both)

Once the choice is selected, click “order” and a confirmation box will appear saying “order successful for videography etc”

47

You must also specify the date that you wish to purchase the service

The other two services have the same format as “weddings” but just a different service (graduation, birthdays). Choose which service desired.

48

Now for the products webpage, there are two available pages: valentines and wedding songs. If “Products” is clicked it will display two choices to pick; either valentines or wedding songs. Once a choice is selected you will get redirected to either the valentines webpage or the wedding songs webpage.

49

In the valentine’s webpage, several products will be seen:

Users will be able to select their choice of product for purchase (by checking the check box for the specified item)

Once all selections have been made, you can confirm all the orders by clicking on “submit” at the bottom of the screen

50

A dialog box will appear saying “Order Sent”

51

The wedding songs webpage will have songs that will be available for purchase

You can hear a sample of the song by clicking the playing button

Once all selections have been made you can check out at the bottom of the page.

52

A dialog box will appear showing the selections made

Aside from the products and services there is the “My page”

In this page it will display all the orders that you have purchased. There is also an email function that will allow users to send emails to other users that are registered to the webpage and you can send an email to the admin of the website. Users will be able to view messages that have been sent to them.

53

To conduct a message, go to “my page”.

**Note: you must be logged in to have access to this page.**

There will be a message section that you will be able to type in the user name, and the message.

The email inbox will display all messages that have been sent to you and by you.

The service order inbox will display all the purchases that you have selected in “services”

The Product Order inbox will display all the purchases you have selected in “products”

54

Each subject will contain a hyperlink that will redirect you to a page to view the message, service order, product order.

55

“Our Portfolio” webpage can be accessed from the navigation bar. Registered and non-registered users can view the page. This page displays pictures of weddings, birthdays and graduations. In order to view these pictures you must click on the 3 links available: Birthday Photos, Graduation Photos and Wedding Photos.

56

In My page, there is a upload/download function. Registered users will be able to upload images and download images using this feature.

57

To upload a file click on “Browse” and select the appropriate file to upload. Once the file is selected, click on “Submit”. The uploaded file will now appear in the file inbox list.

58

To download a file, simply pick a file from the upload/download list and click on “download”, and then save the file.

59

Requesting Help

If you have any questions on how navigate or access our webpage please email any of CGK LTD’s Group members

Colin Phan – Colin.Phan@edu.sait.ca

Ken Lee Marquez – KenLee.Marquez@edu.sait.ca

Gyu Beom Choi – Gyu-Beom.Choi@edu.sait.ca

60