Server build document

marlinlineInternet και Εφαρμογές Web

31 Οκτ 2013 (πριν από 3 χρόνια και 9 μήνες)

61 εμφανίσεις

Server Build



INFAPPTST01.AUCKLAND.AC.NZ






Server build document


INFAPPTST01

InfoEd Test Application Server







Server Build



INFAPPTST01.AUCKLAND.AC.NZ

Document History


Author

Group

Version

Date

Comments

Brad Inch

ESG

0.1

2
6/03/2009

Initial document
.
















Server Build



INFAPPTST01.AUCKLAND.AC.NZ

Table of Contents

Ser
ver build document

................................
................................
................................
........

i


INFAPPTST01
................................
................................
................................
........................

i


InfoEd Test Application Server

................................
................................
.........................

i

1 Introduction

................................
................................
................................
.........................

1

2 System Hardware Specifications

................................
................................
..................

2

3 System Software Specifications

................................
................................
....................

3

4 Applications

................................
................................
................................
........................

6

5 Sign
-
off Sheet

................................
................................
................................
.....................

8


ITS ESG Windows

1

of 20

1

Introduction

1.1

Purpose of this Document

This document outlines

the steps taken to build a server. The document
should be kept with any other relevant support documentation for this
server.


1.2

Scope of this Document



The scope of this document is restricted to the server

INFAPPTST01.AUCKLAND.AC.NZ.


1.3

High level build
tasks

Create VM / Configure VM

Install Operating System

Configure Operating System

Install VMware Tools

Network

Firewall

Domain

WSUS

Install Antivirus

Patch Operating System

Create user / group accounts

Install InfoEd required applications / services

Patch

Operating System

Run Security Scan





ITS ESG Windows

2

of 20

2

System Hardware Specifications

2.1

Hardware

The University of Auckland use VMware ESX3 for physical server
hardware virtualisation. Unless there is a stated need for a physical
platform servers are virtualised.

2.1.1

VMware

VMw
are ESX is not a new concept to the University. It has been trialled in
several high profile installations at the University, most notably in the
Exchange and CMS projects. The University VMware host servers are
reliable, scalable and fault tolerant.

2.1.2

VMwar
e Guest Configuration

VMware virtual machines can be allocated specific amounts of resource
from the host server


in fact, the sizing of these virtual machines can
literally be changed at anytime (requires a reboot).





Infapptst01


NDC VM Data centre


Prod_NDC3i Resource Pool




2x Virtual CPUs / 4GB RAM




1x Floppy Disk drive




1x CD/DVD drive




1x Network adapter (NDC 248 Subnet)




1x LSI Logic SCSI HD Controller utilising SAN connected storage




2x Hard Disk drives (VMDK files on separate SAN
VDisks)


Disk Drive

Size

Format

C: (SYSTEM)



Operating System volume

15GB

NTFS

D: (DATA)



Application binaries and data volume

30GB

NTFS




ITS ESG Windows

3

of 20

3

System Software Specifications

3.1

Operating System

The server has been built with a Windows Server 2003, Standard Ed
ition,
Volume License media with SP2 integrated.

3.1.1

Configuration

The following manual configuration changes have been made to the file
system, registry, system files or access control lists.



File and Print Service removed



Windows Updates configured for UoA W
SUS



File ACL for D:
\
ORACLE
\
PRODUCT
\
10.2.0
\
CLIENT_1

o

Added Local user IUSR_INFAPPTST01 with R/W/E rights



DEP configured as “ON for all programs and services”

o

DEP exclusion configured for “Nagios Client”



RDP enabled for Administrators / Remote Desktop Users g
roups

o

RDP configured with “Negotiate” security layer

o

RDP configured with “FIPS Compliant” encryption level

o

RDP configured to disable



Windows printer mapping



LPT port mapping



COM port mapping



Audio mapping



Initial program launch

3.1.2

Windows Updates

The Windows
automatic updates service has been configured to use the
UoA WSUS Server.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE
\
SOFTWARE
\
Policies
\
Microsoft
\
windows
\
WindowsUpdate]

"WUServer"="http://wsus.auckland.ac.nz"

"WUStatusServer"="http://wsus.auc
kland.ac.nz"

"TargetGroup"="Servers"

"TargetGroupEnabled"=dword:00000001

"ElevateNonAdmins"=dword:00000000

[HKEY_LOCAL_MACHINE
\
SOFTWARE
\
Policies
\
Microsoft
\
windows
\
WindowsUpdate
\
AU]

"UseWUServer"=dword:00000001

"AUOptions"=dword:00000003

"AutoInstallMinorUp
dates"=dword:00000000



ITS ESG Windows

4

of 20

"DetectionFrequency"=dword:00000005

"DetectionFrequencyEnabled"=dword:00000001

"NoAutoRebootWithLoggedOnUsers"=dword:00000001

"NoAutoUpdate"=dword:00000000

"RebootRelaunchTimeout"=dword:0000001e

"RebootRelaunchTimeoutEnabled"=dword:00
000001

"RebootWarningTimeout"=dword:0000000f

"RebootWarningTimeoutEnabled"=dword:00000001

"RescheduleWaitTime"=dword:0000001e

"RescheduleWaitTimeEnabled"=dword:00000001


All available Windows Updates from the WSUS server have been applied
as at 2009
-
03
-
26
.

3.1.3

Local Services

The following local services have been changed from their defaults



Alerter


disabled



Windows Time


disabled

3.1.4

System Software

The following system level applications have been installed.



Eset NOD32 Antivirus Business Edition v4.0.314.0



IBM

Tivoli Storage Manager client v5.5.1



UoA Nagios Monitoring Agent v1.13.1




ITS ESG Windows

5

of 20

3.2

Network Overview

The server is configured with 1 Network Interface Card on the
130.216.248.0/24 subnet and has the local Windows firewall enabled.

It has been joined to the UoA.auck
land.ac.nz domain and its computer
object is located in the following OU:

UoA.auckland.ac.nz/UoA
-
SRV/UoA_RIMS/Research+ Servers

3.2.1

Network settings

Subnet

Location

Description

248

NDC

NDC Front
-
end addresses


Primary NIC


vLAN248

o

IP Address : 130.216.248.2
6

o

Subnet Mask : 255.255.255.0

o

Gateway : 130.216.248.254

o

Primary DNS Suffix : auckland.ac.nz

o

DNS Server 1 : 130.216.190.1

o

DNS Server 2 : 130.216.191.1

o

WINS Server 1 : 130.216.191.10

o

WINS Server 2 : 130.216.191.11

3.2.2

Firewall settings

The server is configured w
ith the Windows firewall turned on for the primary
NIC (vLAN248) and has the following exceptions configured:

o

Allow RDP (TCP 3389) from ANY source




ITS ESG Windows

6

of 20

4

Applications

4.1

InfoEd Application

The Research+ system utilizes InfoEd’s core Enterprise Platform
application.

This platform provides the web
-
based portal and the basis for
other InfoEd modules.

Additional modules provided by InfoEd may be introduced to the system
in the future. See
Schedule A


Product Specifications

for information on
modules.


User content is serviced by InfoEd application servers, which in turn feed
content to viewers via IIS6.

4.2

Required 3
rd

Party Software

In addition to the InfoEd
application and modules the application servers
will also require the following software to be installed.



Microsoft Office 2003 Standard



Active PDF Tool
kit v4.0 Standard



AutoTask2000

(Production environment only)



PK
-
Zip for Windows Standard



PL/SQL Developer



Filezilla FTP Client / Server



Adobe Acrobat

Reader



Oracle

10g Client v10.2.0.2 and Oracle Provider for OLE DB
v10.2.0.1



7
-
Zip File a
rchive tool

Source files are available in D:
\
SOURCE

4.3

IIS6

A core service of the Windows 2003 operating system, IIS6 is both tried
and tested within the University, and is well supported by Microsoft
courtesy of regular patches.

IIS is installed with the fol
lowing components:

Application Server Console

ASP.NET

Network COM+ access

Network DTC access

Internet Information Services Manager

World Wide Web Service



ITS ESG Windows

7

of 20

4.4

Authentication

In addition to the standard Windows users the following users exist on the
server:

User
name

Description

Admin

InfoEd

InfoEd Administration account

Yes

umcmorris

InfoEd IIS Service account

No


In addition to the standard Windows groups the following groups exist on
the server:

Group name

Description

NONE



4.5

Security Scan

Disable Windows F
irewall

Run Nessus Security Scan

Enable Windows Firewall

Attach Security Scan with build document

Completed date : 2009
-
03
-
26

Completed by : binc002





ITS ESG Windows

8

of 20

5

Sign
-
off Sheet


Approval


Systems Team Leader, Mark Finlay




_________________________ ____________
__

Signature

Date



Approval


Windows Team Leader, Anne Jackson



_________________________ ______________

Signature

Date