Reference no: EM132317872
System and Network Administration Project
Overview of the Project
The final project tests your ability to put together the skills learned in previous weeks and present it as an application of your knowledge and skills to a small business network. So as you read through the requirements, consciously relate it to relevant work you've already completed.
The small business network represents the capstone of this course - it is what all the previous assignments have led to, and is the reason that it takes the bulk of the assessment weighting. Some additional research and reading may still be required.
Scenario
You are the sysadmin for a software development startup company, called cqunix, that is moving into a new building. The company has 10 full-time employees, as well as up to another 10 that either work part-time or perform short-term contract work at the company. Each full-time employee will have a dedicated workstation; most also have a laptop. The part-time/contract staff have their own or company-supplied laptops. There will also be several spare workstations. The company develops Unix and Linux software, and they are an (Ubuntu) Linux exclusive company for all their computers.
Workstations, Laptops and Servers
The company has grown quite quickly. Initially when there was just a few friends, they used all online services (e.g. Google Docs, GitHub, DropBox). But now as they move into the new building, they have decided to use their own infrastructure. Most of the employees work in a distributed mode, working on their own computers and sharing resources direct with colleagues, however there are several centralised services required. Specifically, they have identified the need for the following. Included are the selected names.
1. Apache-based web server, called adelaide, to host a simple company website. The website is developed using HTML, CSS, Javascript and PHP by one full-time employee, with assistance by one contractor.
2. Secure shell server, called sydney, to allow employees and contractors to login and compile code. All people involved in the company should have accounts, and be able to access the SSH server from both internal network and from external (public) networks.
3. Git server, called gladstone, to store all code and documents. Everyone is experienced in using git on the command line on their own computers (they don't use the web interface), however in the past they used GitHub as the server. Now they will use this internal server, instead of GitHub. The access requirements are the same as for the SSH server.
4. Backup server, called bundaberg, to store a backup of the web, SSH and Git servers. The backup requirements are described in detail below.
5. DHCP server, called darwin, to provide dynamic IP addresses to workstations and laptops, and fixed IP addresses to other servers (based on MAC addresses). Only necessary full-time staff have access.
Each of the above will run on separate hardware within the internal network. That is, there are five computers, one for each of the above server applications.
Network
The company has an NBN business connection coming into the building. A single internal network is needed, using DHCP to configure all networked devices. The internal network is to be connected to the Internet via a single router, called rocky. This router is the gateway, performing NAT and acting as a firewall.
Backup
The current plan is to have automated back ups of important content and configurations of adelaide, sydney and gladstone to the backup server, bundaberg. The back up must be implemented as a set of scripts, and each backup of a server must generate a text file listing all files that were backed up, with details including timestamp and ownership details. This output text file should be stored within or with the back up file.
Additional backup of bundaberg to external storage (e.g. tape drive, external disk) is planned, but not needed in this initial project setup.
Security
The firewall, using iptables, must implement appropriate network access control.
All accounts with passwords must be configured in a secure manner, including with password ageing.
Servers should be hardened.
The SSH server should implement an auditing mechanism, that at minimum provides a regular summary of unsuccessful login attempts in a user friendly format. Optionally, unsuccessful attempts may trigger blocking or banning of IP addresses or accounts.
HTTPS and certificates must be supported on the web server.
The major section headings below (A, B, C, D) are mapped to the project marksheet for easier reference.
A. Task Description
In this project you need to consider the above scenario and:
1. Design the internal network (including router) for the entire company.
2. Implement the server portion of the network (i.e. adelaide, sydney, gladstone, bundaberg, darwin and rocky) within a virtual network.
3. Test the network, demonstrating that the implementation meets the key requirements.
4. Document the design, implementation and testing, submitting a report named cqunix-sysadmin-<student ID>.docx. Put your actual student ID in place of <student ID>.
Attachment:- Project Requirements.rar