Friday, July 15, 2011

Digital Connectivity... The Power of VOIP

Our morning began with a discussion about VOIP (Voice over Internet Protocol) and then we proceeded to setup VOIP software on our computers. According to Valdes and Roos from the How Stuff works website, VOIP converts analog signals into digital signals allowing for voice to be transmitted over the Internet. This means that you can use the Internet to make phone calls, or to participate in video conferencing. Valdes adn Roos from How Stuff Works http://communication.howstuffworks.com/ip-telephony.htm have put together a quick video to explain VOIP.

During our class discussion Lyle reminded us that QOS is key when using VOIP and, or video conferencing to ensure that packets are transmitted with limited interruption. This service requires gold bandwidth.

For our activity we installed x-lite software to setup a softphone on our computers. Then we used the Wireshark software to conduct a packet sniff and confirmed that our packets were being prioritised correctly using DVSCP 46. To help us with this task we looked up the hexadecimal number in this chart online http://www.ascii.cl/conversion.htm.

The rest of our morning was spent on a fieldtrip to Chinook High School in Lethbridge. It was interesting to see the high tech equipment that has been installed to enhance learning opportunities for students.

As today is my last reflective entry for the course I thought I would take a moment to say thanks to all of you for sharing your knowledge and expertise with me. I especially want to thank my partner Sean who is so knowledgeable and patient! During the past two weeks he has gone out of his way to make sure I was understanding the networking terminology and concepts and he was always willing to share his expertise with others in the class as well. Thank you to Lyle and Maurice for challenging us to step outside of our comfort zones and be risk takers.

Have a wonderful summer break.

Thursday, July 14, 2011

Security Roles and Responsibilities of IT Leaders

Maurice shared some insightful thoughts encouraging us to think more critically about Network Security:

It is important to have policies in place, but at times these policies may not be followed and this can cause security problems.

As an IT leader we need to consider who or what we are protecting: access to people, access to data, access to resources (finances/equipment).

There can be diversity from district to district in terms of security - some enforce policies more than others.

When putting in a server room an IT leader should consider:
- Who has access?
- How secure is the equipment at a physical level?
- How secure is the data that is being transmitted?
- How simple or complex are the passwords that are being used? (i.e. a strong password will include symbols, numbers and letters in both upper and lower case)
- Are there policies in place for password sharing?
- Is there a policy for passwords? Length is important, the more complex the password, the more secure it is.
- Are there policies for password sharing?
- Can/should a group policy be set up to run screen saver ever x number of minutes to force log on? This can be tricky though, 15 min. is too short when teachers are teaching SMART lessons, but 2 hours would not be secure enough. Maurice suggested that context is an important consideration (student/teacher/sub, versatility is key).
- Is email secure? When data is encrypted it is more secure but in the end, assume that all data transmitted through email can be "read" by others in plain text.

Lyle explained how "honey pot" is used for defence against potential hackers. This provides false opportunities for a hacker to attack and can derail them by getting them caught up in decryption.

Redundancy provides other paths (back up generators, dual hardware etc.) to ensure continued operation if there is a single point of failure. This type of duality can enable consistent service.
Maurice also talked about provisioning for back up storage and he reminded us to consider policies for on-line storage as this can be tricky (Patriot Act in the States for example allows US government to access your information anytime).

An interesting software program we learned about today is Wireshark, which can test a network to see if data is transferring how you want it to. This software hooks into a port on the switch.

The greatest "ah ha" today arose when Lyle stressed how insecure email is!

Our networking activity today involved setting up remote services using Virtual Box Virtual Machine.

Wednesday, July 13, 2011

Today’s class began with a review of some of the AD network management concepts:
Group policies - you can centrally manage from any file server (when it is a domain controller).
We were able to shut down/re-start machines by using the program Spec Ops GP Update.
We built a common Start menu (remember to go into Group Policy and hide the local programs).

I found today’s activities to be more successful than previous days. Perhaps this is because we are becoming more familiar with the networking terminology or, as I am learning in IT... because the stars aligned and we didn’t experience any major glitches!

Today we deployed a printer using group policies. To complete this task we installed a postscript driver and setup the printer with a static address. To get the printer operating so that a page could print we:
- assigned a TC/IP port to the address 192.168.24.51 (this was our standard)
- then we download and installed Xerox Postscript (PS) driver from the manufacturer’s website
- we assigned a static IP address 192.168.24.51
- under control panel, we selected printer, add a local printer, create a new port, select standard TCP/IP port, next, add the IP address 192.186.24.51 (Rocky and Gail’s server)

When we printed from the server and the workstation, we knew that we had been successful - yipee!

Field Trip

Part of our class today was spent touring a new data centre here in Lethbridge. It was interesting to see the sophisticated architecture of both the building and the equipment within. The centre was designed to accommodate for growth therefore they housed large scale equipment including air conditioners, generators, a server room/data office, and an electrical room. This centre is classified as a Tier3 centre for their ability to maintain consistent network connectivity.

Some of the equipment housed in this facility I was familiar with from our previous course including:
Cat 5e cables and single and multi-mode fibre optic cabling.

Some points of interest:
A special chemical was used for fire extinguishing. This is a chemical that will not harm the equipment and was very cool. Something that surprised me was that they did not have a dust eater.

Tips from today:
Cooling and security are essential for large scale network servicing.

Tuesday, July 12, 2011

During our class discussion today we learned about setting group policies within Active Directory.

Lyle talked about using a single sign on service policy and explained how important this is in a large organization. I was unsure why and asked for clarity. It was explained that this policy enables a user to log on to any computer and have consistent access. To confirm that we had correctly set-up single service, we signed on to other classmembers’ networks using our usernames.

Next we discussed mapping, which involves using drive letters (i.e. f- z) as virtual drives. I learned that I can map a drive letter to a drive share, which means no matter which computer I log onto I can access a particular drive share. To map a drive letter one must use login scripts. A script is a set of instructions for the computer.

To create a new script we clicked on start, opened notepad and typed the command: net use $:\\scservered5769-dc

Lyle provided a break down of this script using Jen’s server address as an example. He typed the command: \\neserver/c$ . In this script
- \\ this means go on the network to find something
- the next part of the scrip is the name of the server
- the next \ tells the computer to go to the drive share
- $ means it is a hidden script

I really appreciate when Lyle breaks things down into Laymen terms... I often find that I am confused because I don’t have time to look up the information/definitions or acronyms during the class due to the fast pace.

A caution about security:
If I type \\ name of the server \ in the run command prompt I can see all the drive shares on the server. Lyle suggested that we do not allow students to access the run command.

Additional words of wisdom:
Organizing groups can save a lot of time, and setting permissions is critical to ensure FOIP has been addressed.

Moving into our activities for the day... we assigned a group policy to a particular group in the active directory. Below I have included the steps we followed while completing this Mini Exercise.

Mini Exercise 1: Login Scripts Using Group Policy
Login script ChristinaSean
- make up a batch file
- must know syntax of a command
-should store in netlogon

To begin we checked the File share permissions to make sure that the security was set correctly:
start, computer, ... shared folder, right click, properties, go into security and look at administrators to see access permissions, then check students

Create file Logon Christina Sean.bat
net use s: \\scserver2008\Shared
Open Notepad type the command:
net use s: add the UNC path to the folder, in this case add \\ed5769-dc\shared, file save as

login.bat - to get here drive share
c:\windows\sysvol\network5769.local/scripts

Make a policy
- Call it Login Script Christina Sean
- policies, windows settings, scripts (logon/login)

Next we added teacher and student accounts to all teacher and all students groups:

Open Active Directory users and computers, Open network5769.local, Sean-Christina, students, right click on student account: Sean student, Add to group,
When we got here we were unable to locate the groups: all students, all teachers

Mini Exercise 2: Folder Redirection
Our goal in this exercise was to create a home folder. As identified in Lyle’s notes, a home folder can be set-up on the network by an administrator so that the end user can save/retrieve files from the server as opposed to using the hard drive of the local workstation.

Creating a home folder:

Open my computer, double click on the C drive, file, new folder, home

Start, administrative tools, share and storage management, click provision share, a wizard will open, browse to c:\home, click next, next, next, type “user home directories” in the description box and click next, select Administrators have full control, all other users and groups have only read and write access, next, next, create, close

We now have our home directory.

To make home directories for the student and teacher accounts we completed the following steps:

Open Active Directory users and computers, Open network5769.local, Sean-Christina, students, right click on student account: Sean student, properties, click on profile, under home folder, local path set the profile tab to c:\home\%username% click apply, you will see c:\home\sean.student in the local path section, click ok

Repeat the process for teacher:
Open Active Directory users and computers, Open network5769.local, Sean-Christina, teachers, right click on teacher account: Sean teacher, properties, click on profile tab, under home folder, local path set the profile tab to c:\home\%username% click apply, you will see c:\home\sean.teacher in the local path section, click ok

To redirect to “My Documents” we completed the following steps:
Start, administrative tools, group policy management, select the Sean-Christina OU, right click and select create a GPO in this domain and link it here, New GPO, name: Documents Redirection Christina Sean, ok, right click on the GPO Documents Redirection Christina Sean, edit, User Configuration, policies/windows settings, folder redirection, documents, right click properties, change the setting to Basic-redirect everyone’s folders to the same location, Target folder location select Redict to the user’s home directory

Challenges and Errors of the Day:

Our server was trying to replicate active directory from the wrong server. To correct this we opened active directory sites and services and reconfigured our server to replicate from the main server.

Another issues we had today: our server was not recognizing one of our computer workstations so we took this computer off the domain, renamed it and rejoined it to the domain.

References

Shaurya. (2009, January 1). Re: Configuring Folder Redirection in Windows 2008 [Online forum comment]. Retrieved from http://www.itechtalk.com/thread1958.html

Monday, July 11, 2011

Our task today was to set-up Active Directory on Windows Server 2008.

To begin we searched for 'best practices' / documentation that provided step-by-step instructions and found helpful information on the following sites:

Documentation: Joining Windows 7 to Domain


Joining windows 7 to a domain. (2009). Retrieved July 11, 2011, from http://www.elmajdal.net/win7/Joining_Windows_7_To_Domain.aspx

Step by step guide for windows server 2008 domain controller and DNS server setup. (2008). Retrieved July 11, 2011, from http://www.windowsreference.com/windows-server-2008/step-by-step-guide-for-windows-server-2008-domain-controller-and-dns-server-setup/

Windows 7: join active directory domain [Video file]. (2009, August 3). Retrieved from http://www.youtube.com/watch?v=-X1wHX5Ra08

Resources for Windows Server 2008:

Amaya, N. (n.d.) How to install active directory on windows server 2008 [Web log post]. Retrieved from http://forevergeeks.com/how-to-install-active-directory-on-windows-2008

Microsoft. (2010). Installing an additional domain controller by using the graphical user interface (GUI). Retrieved July 11, 2011, from http://technet.microsoft.com/en-us/library/cc753720(WS.10).aspx

Petri, D. (2009, January 8). Installing active directory on windows server 2008. Retrieved July 11, 2011, from http://www.petri.co.il/installing-active-directory-windows-server-2008.htm

During the setup process we documented our steps using screen capture. These steps can be viewed on youtube. I believe that this will be very useful when completing assignment 3.

DAILY CHALLENGES

Unfortunately, today we had some difficulty with our DNS settings that required some additional problem solving. We finally determined that we needed to point our DNS to the main server.

Another error we made today... we misnamed our server and advised Lyle to delete this from Active Directory. On our end we were unable to demote the server from being a domain controller and we were also unable to rename our server. As a result, we had to reinstall Windows server 2008, DNS services, DHCP server and File sharing.

The LESSON of the DAY.... make sure you have everything correct before you set-up Active Directory (darn typos!)

Friday, July 8, 2011

I found today that the terminology and processes were starting to become more familiar... finally! I thought it was extremely helpful to review my classmates' reflections from the previous few days to deepen my understanding of the concepts and for review.

The objective of our work today was to install the Windows 7 Enterprise Operating System on two computers. We found the following resources helpful to complete the install:

Finest Daily News. (2010). How to install windows 7. Retrieved July 8, 2011, from http://www.finestdaily.com/how-to/windows-how-to/how-to-install-windows-7.html

Microsoft. (2011). Installing and reinstalling windows 7. Retrieved July 8, 2011, from http://windows.microsoft.com/en-CA/windows7/Installing-and-reinstalling-Windows-7

Microsoft. (2011). Manual installation of windows 7 overview. Retrieved from http://www.microsoft.com/download/en/confirmation.aspx?id=22946

Strider. (2008, November 4). Re: Windows 7 installation guide / tutorial windows 7 [Online forum comment]. Retrieved from http://www.techtalkz.com/windows-7/514412-windows-7-installation-guide-tutorial.html

Prior to this work we needed to activate the server and confirm that the DHCP and DNS settings were working.

To activate the product ID: >Start>right click on computer>Properties>Activate>add product ID: 55041-394-5224555-76165. This was an important step; If we did not activate the product ID the computer/server would shut down.

Note:
Microsoft has different methods of activation (we used the MAK method):
MAK - multiple activation key
authenticates to the internet, only so many activations allowed
KMS - Key management server
The product talks with the a local server running KMS that allows it to authenticate. If the product does not communicate
with the server 180 days, the authentication fails.

To allow our server to look up domain names from other servers we changed the DNS on the network adapter:
DNS on network adapter and server entries point to 192.168.181.50. We added two forwarders to ensure connectivity if one server was down.

Next we changed the DHCP entries
Change DNS entries
Change DHCP entries


Initial Configuration Task (this opens on startup):

To begin – select Enable Remote Desktop



To allow remote access:

Click OK


Click OK

Select Configure networking









Click properties


Change the preferred DNS server:



Delete alternate DNS server

OK, close


Change DNS settings




Edit



Add the Ed 5769 network IP address



We added a second server address so if one server could resolve a name, we can request DNS services from another server.



OK
Installing Windows 7


DHCP





To change DNS settings on DHCP:



We followed the steps below to Install Windows 7 Enterprise Operating System:

Boot machine
- press F12 to bring up boot menu

Insert windows 7 DVD
- choose boot from CD Rom
- press any key to boot from CD

Set the following:
Language - english (Canada)
Time and currency English (Canada)
Keyboard or input method: US

Click install now

Accept license
Custom
Drive options (Advanced)
Delete all partitions
Create new partition the entire disk
Format the new partition
Click next

Name - admin
computer name - SCworkstation

password admin5769
hint - no

recommended settings for updates
mountain time zone
work network

To install drivers we went to the manufacturers website (Dell) and downloaded and installed the missing Chipset drivers.

Next we repeated the steps to install Windows 7 on another workstation. We assigned this station the name: SCworkstation2. We did have an issue on this computer so we started over and re-installed Windows 7.

Overall I think things ran quite smoothly today and I look forward to reviewing the documentation as we work on assignment 3 this weekend.

Thursday, July 7, 2011

Today I opened a terminal to use as an interface instead of Coolterm. In the terminal I typed ifconfig return to confirm that I was on the switch. Then I typed telnet, return to start a connection between my computer and the switch. Telnet is a network protocol that enables us to connect remotely with other switches.

In order to confirm that the network connection was working I opened a terminal and pinged Ken using his client address 192.168.16.101. I was able to connect with Ken.

I kept two terminals open, one to use for telnet. To connect to the switch I typed the command: telnet 192.168.25.254, return
login: admin
password: swtich

I also kept another terminal open.

I learned that it is faster to use the command prompt to configure switches.

To open the WebView I typed the address 192.168.25.254 in the address bar.
login: admin
password: switch

We used Webview to open and review our routing tables. To get into Webview we typed the address of our switch (192.168.25.254) into the web browser. Once in Webview, we went to open network, IP, routes, then select the table we wanted to see (i.e. forwarding).

To compare the routes on telnet vs. Webview, we typed the command: show ip route into telnet. Figure 1 is a picture of our table and identifies the addresses our switch will forward to.


Figure 1

After learning about the routing tables we began our task of updating the server by adding DNS services, a File server and a DHCP server.

After booting our workstation using the Knoppix operating system we began the initial configuration (this Initial Configuration Task opened upon booting). Next under the section: Customize this server we selected >Add features.

First we enabled file sharing; we captured screen shots of the steps required to share files and these pictures are house on Google Doc:

Then we added DNS services. We captured screen shots of the steps required to add DNS services. These pictures are house on Google Doc:
https://docs.google.com/document/d/1TXN3-aTTxfuFRJ1a8iH7mTwzcH3YXbnVU_Yg3gxjfd0/edit?hl=en_US

Next we added a DHCP server. We captured screen shots of the steps required to add a DHCP server. These pictures are house on Google Doc:
https://docs.google.com/document/d/1mysX0kmehxQUm4BEJ_vQ1AAfwN5oGYind3OljP-f-Jc/edit?hl=en_US

One challenge today arose when we were trying to install the DHCP server because we were not sure about the Domaine Name. Sandie told us to use network5769.local and explained that this will allow us to manage our computers.

The greatest challenge today was identifying missing drivers. This required some investigation and experimentation but finally we were able to find the three missing Chipset drivers. Finally we downloaded the correct drivers from the Dell site.

To check connectivity we opened a terminal and pinged the following addresses:

- our network: 192.168.25.69
- switch Vlan 1: 192.168.25.254
- our switch Vlan 2: 10.0.25.254
- our server: 192.168.25.50
- the core switch Vlan 1: 10.0.1.254)
- he core switch Vlan 2 (10.10.1.100)
- the firewall (192.168.1.1)

When all of these connected we knew that we would be able to connect both in and outside of our Vlan.