DOCX - WordPress – www.wordpress.com

raspgiantsneckΔιακομιστές

9 Δεκ 2013 (πριν από 3 χρόνια και 4 μήνες)

181 εμφανίσεις

















The Children’s Campaign

Network Hardware

& Active Directory Restructuring











Nicholas Williams


July 24,
2011










2


Table of Contents

EXECUTIVE SUMMARY

................................
................................
................................
................................
............................

3

INTRODUCTION

................................
................................
................................
................................
................................
.......

4

GOALS & OBJECTIVES

................................
................................
................................
................................
..............................

5

SCOPE AND SPECIFICATIONS

................................
................................
................................
................................
..................

6

ASSUMPTIONS AND CONSTRAINTS

................................
................................
................................
................................
........

6

WORK BREAKDOWN SCHEDULE

................................
................................
................................
................................
.............

7

BUDGET

................................
................................
................................
................................
................................
...................

8

ALTERNATIVES

................................
................................
................................
................................
................................
........

9



















3


EX
ECUTIVE SUMMARY





The Children’s Campaign hosts a Microsoft Windows 2008 Small Business Server as well as a CentOS
Linux server. This SBS server is critical to the daily functionality of the office. There are currently two issues
with the SBS server that require attention
. The installed hardware memory is currently operating at 93%
capacity. Best Practices requires servers to operate hardware memory at or below 50% capacity under a
normal load. The second issue involves the Active Directory running on the SBS server. A
ctive Directory is
used to grant permissions to users on the network. Currently, the AD is used only to grant the ability to use
color printing on the Kyocera office printer, however no settings are in place for added security for the
organization. It sh
ould be noted that the current network is completely functional, and none of these
problems are currently interfering with the ability for the Children’s Campaign to conduct regular business.
However, these problems could prevent smooth operation in the f
uture.


SBS Server Memory



Two things can be done to solve the SBS memory issue. First, additional RAM can be installed on the
server. The machine is currently running 5 GB of memory, but can support up to 8 GB of memory. In order to
ensure the memory runs as efficiently as possi
ble, the purchase and installation of 8 GB of memory is
suggested. This will ensure the individual memory sticks are fully compatible with the server and with each
other.


Should the memory upgrade alone be insufficient to bring the memory usage below 5
0%, the services
of DHCP and DNS running on the SBS server can be migrated to the CentOS server. Doing this will reduce
some demand on the SBS server’s memory.


Active Directory Reconfiguration



To add a layer of security to the Children’s Campaign net
work, the Active Directory requires a slight
reconfiguration. The logical structure of the AD is already in place, but does little than to grant specific users
the ability to print color. Properly implemented, the AD should be preventing the unauthorized

access to
certain files, and limiting the ability for some users to perform tasks on their computer stations as well on the
network.



It is suggested that the systems administration team perform an audit of the technical requirements of
the users at th
e Children’s Campaign in order to properly set permissions on the AD. This will ensure that no
consequences of user error or maliciousness will result in compromised information or infrastructure at the
Children’s Campaign.


Budget



Costs of this project

include additional hardware as well as labor for troubleshooting, researching and
implementing these fixes.

Total:
$1,897

4


INTRODUCTION





The Children’s

Campaign (CC) is a non
-
profit
organization with a mission to influence public policy for the
benefit of children across the state of Florida.

The CC works with politicians, organizations, and individuals on
a regular basis in order to accomplish their goals.

Many systems are in place to help the CC spread their
message including email, telephone
s, calendar synchronization, web sites, and a central office network.

The
daily functioning and effectiveness of the CC is reliant upon all of these systems running smoothly and
efficiently.

While the current configuration of the office network is functi
onal, inefficiencies are present

in the
handling of user organization, data, and critical system services.


Two servers currently operate in the CC to manage office network functionality.

The current network
configuration includes a Microsoft Windows 200
8 Small Business Server (SBS) handles user data, file and print
services, an active directory domain, DHCP, DNS, and a SQL database.

The CC network

also hosts a CentOS
(Linux) server that hosts local back
-
up data from the SBS server.

This CentOS server a
lso manages the off
-
site
backup to Dropbox.


The CC employs several interns in the communications,

political science, public polic
y, web design, and
networking fields, each specializing in different tasks for the organization.

Depending on their roles
within the
CC, these users require varying levels of permissions on the network.

These user permissions are a critical
aspect of any network and should be based on the principle of ‘least privilege’.


Users should not be given
permissions that exceed thei
r needs for data access and connectivity in order to accomplish their jobs.

Improper permissions for users can lead to security breaches or the mishandling of information if a user has
access to data, settings, or accounts that their job does not need the
m to access.


The current Active Directory, while functional, does little to make use of the logical structure that it has
been given.

Users are currently divided into 6 separate organizational units (OU) with only one of these
maintaining a specific gro
up policy setting, namely that office administrators are allowed to print in color.

Specific permissions, such as those granted to System Administrators, are granted on an individual user basis.

Due to the structure of the OUs and the implementation of s
ome group policy on these OUs, it is apparent
that a previous project concerning the active directory had been started but never completed.

An audit of the
technical requirements of the users at the CC is mandated in order to establish proper group policy

to
implement on the active directory.

This implementation of group policy will tighten security on the network
by limiting critical permissions by unauthorized users.





The SBS server hosts an

SQL database that manages vital organizational

data.

Th
is database is accessed
regularly by staff and must be available at all times. The nature of the SQL server is to consume a large amount
of memory, even when running under optimal conditions and as the only service installed on a server.

Because the SBS s
erver provides much of the other network functionality in addition to hosting the SQL
database, it is experiencing daily memory loads in excess of 90% of total memory.

Because of this, there is
insufficient available memory for the use of other programs a
nd services.

Best practices require that servers
5


operate at less than 50% of total memory capacity under normal circumstance
s so that when under a heavy
load
, they do not prevent or slow the use of other programs and services due to insufficient memory.


In order
to maximize up
-
time and availability of all network services at CC, some services will be migrated from the SBS
server to

the CentOS server in order to alleviate excess

demand on SBS system resources.

Additionally, the
SBS server will require a m
emory upgrade to 8GB in order to ensure high availability under peak load
conditions for the SQL database.

GOALS & OBJECTIVES



There are two primary goals in this project; to implement proper group policy on the active directory and to
bring the Windows
SBS server memory usage down to below 50%, in line with Best Practices.


The hardware in the SBS server is not the maximum the server motherboard is capable of supporting.

The
first objective to meet the goal of maximizing memory efficiency will be instal
ling the maximum suppor
ted
memory for the server of 8GB
. This will require the purchase of compatible RAM from a vendor.

To
supplement this hardware change, a secondary objective of migrating DHCP and DNS to the CentOS server will
also aid in the reductio
n of memory used.







The second goal of the project is to implement proper group policy into the active directory.

The first
objective in meeting this goal will be to find out the exact technical needs of the employees of the CC. Once
the
requirements for the various positions can be quantified, building a group policy can begin.

Current group
policy can be evaluated and amended based on its value after the audit of employee needs has concluded.



SUCCESS FACTORS


Success of the project w
ill be determined by the following factors:


+Idle memory use of both the Windows SBS server and CentOS server to be below 50%, while maintaining
complete functionality


+Active directory group policy will give users proper permissions on the network, incl
uding printing, file
access, remote access, installation rights, etc, that their position in the organization requires.








6


S
COPE AND SPECIFICATIONS



This project will focus on the Windows SBS 2k8 server and the CentOS

server.

Hardware memory upgrades
for the network will be installed on the Windows SBS server only.

The Winsows SBS server memory upgrade
will be the maximum memory supported by the server hardware, no more memory can be installed in the
future.

No othe
r hardware changes are part of this project plan.


Roles of DHCP and DNS will be migrated to the CentOS server.

No other services are to be transferred per the
scope of this project.



The CC active directory will be reviewed for implementation of cor
rect user policies.

Users at the CC may
be asked what features of technology their jobs require.

No other personal settings of user systems will be
changed.




A
SSUMPTIONS AND CONSTRAINTS




Assumptions for this project include virtual and physical
access to the Windows 2k8 server and CentOS
server by the senior network administrator of the CC, honest and correct feedback regarded job requirements
of CC staff for correct active directory policy, the use of the CC funds to purchase hardware memory for

the
Windows SBS server, and the ability for the network administrator to temporarily bring the network down for
the hardware upgrades.



Constraints of this project include the availability of the Windows SBS server to CC staff during normal
business
hours Monday through Friday 9am to 5pm, the availability of funds for the purchase of memory for
the Windows SBS server, the maximum amount of physical memory supported by the Windows SBS server
hardware( 8 GB ), and the available personnel on site for thi
s project (1).








7


WORK BREAKDOWN SCHEDULE


Task Name
Duration
Start
Finish
Pre
req.
Resource
Names
1. Network Hardware Evaluation
5 days
7/11/2011 8:00
7/15/2011 17:00
Nick
1.1 Evaluate System Hardware
3 hrs
7/11/2011 8:00
7/11/2011 11:00
Nick
1.2 Evaluate system performance
1 hr
7/12/2011 8:00
7/12/2011 9:00
2
Nick
1.3 Determine cause of performance
issues
1 day
7/13/2011 8:00
7/13/2011 17:00
3
Nick
1.4 Determine solutions for
performance issue
2 days
7/14/2011 8:00
7/15/2011 17:00
4
Nick
2. Network Security Evaluation
5 days
7/18/2011 8:00
7/22/2011 17:00
Nick
2.1 Evaluation of current security
practices
1 day
7/18/2011 8:00
7/18/2011 17:00
Nick
2.2 Evaluation of security software
1 day
7/19/2011 8:00
7/19/2011 17:00
7
Nick
2.3 Evaluation of software updates
1 day
7/20/2011 8:00
7/20/2011 17:00
8
Nick
2.4 Evaluation of Group Policy
1 day
7/21/2011 8:00
7/21/2011 17:00
9
Nick
2.5 Determine improvements for
security practices
1 day
7/22/2011 8:00
7/22/2011 17:00
10
Nick
3. Implemenation of Network
Hardware Upgrades
5.39 days?
7/18/2011 8:00
7/23/2011 11:05
Nick
3.1 Ordering of new server RAM
1 hr
7/18/2011 8:00
7/18/2011 9:00
5
Nick
3.2 Awaiting delivery of RAM
5 days?
7/18/2011 9:00
7/23/2011 9:00
13
Nick
3.3 Installation of RAM
0.14 days
7/23/2011 9:00
7/23/2011 10:05
Nick
3.3.1 Shutting down of server
15 mins
7/23/2011 9:00
7/23/2011 9:15
14
3.3.2 Removal of server from rack
10 mins
7/23/2011 9:15
7/23/2011 9:25
16
3.3.3 Installation of new RAM
10 mins
7/23/2011 9:25
7/23/2011 9:35
17
3.3.4 Mounting server onto rack
10 mins
7/23/2011 9:35
7/23/2011 9:45
18
3.3.5 Powering on server
20 mins
7/23/2011 9:45
7/23/2011 10:05
19
3.4 Evaluation of new RAM hardware
1 hr
7/23/2011 10:05
7/23/2011 11:05
15
Nick
4. Migration of Services from SBS to
Cent
3 days?
7/25/2011 8:00
7/27/2011 17:00
Nick
4.1 Evaluation of services to migrate
1 day?
7/25/2011 8:00
7/25/2011 17:00
5
Nick
4.2 Migration of DHCP to Cent
1 day?
7/26/2011 8:00
7/26/2011 17:00
23
Nick
4.3 Migration of DNS to Cent
1 day?
7/26/2011 8:00
7/26/2011 17:00
23
Nick
4.4 Testing of service functionality
1 day?
7/27/2011 8:00
7/27/2011 17:00
24,25
Nick
5. Update of Group Policy
12 days?
7/23/2011 8:00
8/5/2011 17:00
Nick
5.1 Evaluation of requirements of
employees
3 days?
7/23/2011 8:00
7/26/2011 17:00
11
Nick
5.2 Planning of Group Policy update
1 wk
7/27/2011 8:00
8/1/2011 17:00
28
Nick
5.3 Implementation of Group Policy
2 days
8/2/2011 8:00
8/3/2011 17:00
29
Nick
5.4 Testing of network permissions
2 days
8/4/2011 8:00
8/5/2011 17:00
30
Nick

8


BUDGET


























Materials



Qty

Amt

Total

(2x2GB) Kingston DDR2 PC2
-
6400 240pin RAM



2

$63.38

$126.76







Labor

Projected
Hours

Workers

Total
Hours

Rate

Total

Hardware Evaluation

16

1

16

$30

$480

Security Evaluation

16

1

16

$30

$480

Hardware Installation

3

1

3

$30

$90

Service Migration

4

1

4

$30

$120

Active Directory Reconfiguration

20

1

20

$30

$600












Grand
Total






$1,897

9


A
LTERNATIVES


The issue with the network that gained the attention of this project was the memory use of the Windows
SBS server.

The SBS server currently utilizes over 90% of the available memory while idling.

This project
outlines one method of alleviating this probl
em.

This project plan incorporates several solutions to the
problem of system memory, and is the best candidate for the resolution of the memory issue.

Should
something within this project plan become unavailable or inadequate to handle this issue, a lis
t of alternative
solutions for use is provided.



It is assumed the memory upgrade alone will not be enough to reduce idle memory use to below 50%.

However, if the memory upgrade manages to bring this issue under control, then the migration of DHCP an
d
DNS to the CentOS server will not be mandatory.


If the memory upgrade and the migration of DNS/DHCP are not sufficient to bring memory use to below 50%,
the evaluation of the use of Windows SQL Server software must be undertaken to consider removal of t
he
application is possible, as the SQL server alone utilizes nearly 33% of the available memory.


If this project fails to bring the SBS server under 50% memory use after all options are exhausted, the
alternative of no action is a possibility.

The SBS se
rver has been idling at 90% memory capacity.

The memory
upgrade will improve this issue.

If the CC is left with a server running more smoothly than before, even if it
outside of the lines of Best Practices, it must be taken into consideration to simply a
llow the issue to continue.


The active directory will be evaluated, if no benefit to the CC can be found to institute any new Group Policy
on the active directory, then no changes will need to take place.