ASIGNMENT

[INTRANET]

internet

Plysical network

Internal network

192.168.X.0

10.0.X.0

255.255.255.0

255.0.0.0

1. Deploy Active Directory Domain Services and Domain Controller sie.edu.vn, DNS:
1.1.What are Active Diretory Domain Services, Domain Controller and DNS?
a. Active Diretory Domain Services:
Active Directory Domain Services (AD DS) is a management and certificate
Centre for objects, such as: Group, User, Computer account,… AD DS supply all
of information of a object for the necessary services. E.g.: It supple full of
information for certifying when access to resources.
When you use AD DS on Windows Server 2008, you can create a security
infrastructure, manage user, computer account and other resources easily. You
can use AD DS to supply for applications which relative with Active Directory
like Microsoft Exchange Server, Active Directory Right Management Services
(RMS),…
Active Directory’s structure include those components: Forest, Tree, Domains,

Organizational Units (OUs). A forest can have only or many Domain Tree and
Domain, a Tree can have 1 or some domain. In a domain, a server is set up AD
DS is called Domain Controller, the first default Domain Controller on forest root
again which stores Global Catalog. Global Catalog is a services certify for objects
in AD System. Which Domain Controller Machine store Global Catalog is called
Global Catalog Server. In a forest or a domain, we can configure many Global
Catalog Server to load balancing for certification.
b. Domain Controller:
Domain Controller is a dedicated computer or a server, it’s set up Windows
Server and store the copy of Domain Directory. A domain can have one or more
domain controller, each domain controller have the copy of Domain Directory.
1 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

Domain Controller has responsible for confirming User and ensure about privacy
policies is implement.
c. DNS:
DNS is stand for Domain Name System. DNS Server is a Server used to resolve
domain to IP address and vice versa. Above, we saw Domain Controller manage
domain, then DNS is used to create domain for Domain Controller manage.
1.2.The works have to do:
- Add role ADDS
- Run dcpromo to change server to Domain Controller manage sie.edu.vn and
install DNS Server
1.3.The result of Demo:


Intall Active Directory Domain Services succeeded

2 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

Install Domain Controller and DNS Server succeeded

3 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

Exercise 1 completed

4 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

2. Rename Server to: <Student’s name>.sie.edu.vn
Establish Server with 2 Network card:
- Physical Network:

192.168.X.1 255.255.255.0
- Internal Network:
10.0.X.1
255.0.0.0

-

1.1. The works have to do:
Change Server’s name to HoangTM.sie.edu.vn
Configure 2 network card on Server
1.2. The result of Demo:

Changed Server’s name

Physical Network
5 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

Internal Network

Exercise 2 completed

6 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT


[INTRANET]

3. Set up DHCP Service on Server to allocate dynamic IP for Internal Network.
Address range from 10.0.X.2 to 10.0.X.254
3.1.What is DHCP Service?
DHCP is stand for Dynamic Host Configuration Protocol. DHCP is an automatic
configure IP address. Computer is configured automatically; so that it’s reduce
interfere into network system. It supply a database center to follow all of computers
in the network system. The important purpose is avoiding 2 computer have the same
IP address.
If computer don’t have DHCP, it can be configured IP by traditional way. Except
supplying IP address, DHCP also supply other configuration information, such as
DNS. Nowadays, DHCP have 2 version: IPv4 and IPv6.
3.2. The works have to do:
- Add role DHCP
- Go to Administrative Tools/ DHCP/ HoangTM.sie.edu.vn to add Scope for IPv4
- Allocate address range
3.3.The result of Demo:

Install DHCP Server succeeded

Address range of dynamic IP from 10.0.X.2 to 10.0.X.254
7 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]


4. Leave 10 first position (from 10.0.X.2 to 10.0.X.11) to allocate static IP. Set up to the
computer have MAC address 00-11-22-33-44-55-66 always get IP address: 10.0.X.10
4.1.The works have to do:
- Go to Administrative Tools/ DHCP/ HoangTM.sie.edu.vn/ Address Pool to add
Exclusion range to allocate static IP
- Go to Administrative Tools/ DHCP/ HoangTM.sie.edu.vn/ Reservations to set static
IP: 10.0.X.10 for the computer have MAC address 00-11-22-33-44-55-66
4.2.The result of Demo:

Leave 10 first position (from 10.0.X.2 to 10.0.X.11) to allocate static IP

Set up to the computer has MAC address 00-11-22-33-44-55-66
always get IP: 10.0.X.10

8 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

5. Create zone sie.edu.vn. Create <Student’s name>.sie.edu.vn 192.168.X.2
5.1.What is DNS zone?
Every domain name, which is a part of DNS System and is managed by the DNS
System. It has several DNS settings, also known as DNS records. In order for these
DNS records to be kept in order, the DNS zone was created.
5.2. The works have to do:
- Go to Administrative Tools/ DNS/ HoangTM/ Forward Lookup Zones/ sie.edu.vn to
add host. Because zone sie.edu.vn was created at Exercise 1, we only need add host
HoangTM to create HoangTM.sie.edu.vn with IP address: 192.168.X.2

5.3.The result of Demo:

Create HoangTM.sie.edu.vn 192.168.X.2 in zone sie.edu.vn
6. Establish Windows Server act as a LAN Router (Client can ping to real machine).
Set up to Client can connect to the Internet.
6.1.What is Router?
a. Router:
Router is Network equipment, used to transfer data packages throw a co-network
to terminals, via a Routing process. Routing happens at 3rd floor of OSI Model.
In most cases, a router acts as a bond between 2 or many network and transfers
data package. Router transfers them to routing table to find out the way to move.
Routing table is configured static by network managers - meaning routing table is
established 1 time and implemented manual, or dynamic – meaning the table
know the way itself and the content is changed according to to-po network’s
change.
And specially, router is not a network switch.
9 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

b. NAT:
NAT is stand for Network Address Translation, is a technique was invented to
solve IP shortage problem, but it gradually demonstrates multiple advantages that
nobody can think about when it was invented. Some of advantages of NAT
nowadays are most applied are:
o Share Internet connection with many computer in LAN (Local Area Network)
with a IP address of WAN

o It works like Firewall, help us to hide all IP in LAN away from hackers.
o It’s flexible and easy to manage.
6.2.The works have to do:
- Add role Network Policy and Access Services
- Go to Administrative Tool/ Routing and Remote Access/ HoangTM to enable and
configure Routing and Remote Access about NAT
- Go to Administrative Tool/ Routing and Remote Access/ HoangTM/ IPv4/ NAT to
add new interface
- Check if Internet connected
- Check if Client’s IP is now in domain: sie.edu.vn (in 10.0.25.1/24 range)
- Change Server’s Physical Network to obtain an IP address automatically to get IP
from Internet
6.3.The result of Demo:

Real machine’s IP

10 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

Client ping Real machine

Server is connected Internet

11 Tran Minh Hoang | 200098090 | LTU08 | HUST



ASIGNMENT

[INTRANET]

Client is connected Internet
7. Set up VPN Model – Client to gateway with new User: Student’s ID, pass: Hut11
7.1.What is VPN?
VPN is stand for Virtual Private Network, it’s a solution remote access base on the
public internet platform. This is a economic solution with high security. It’s a solution
of future.
VPN is alow us to expand the local network range by using the advantages of the
internet. VPN technique is alow us to connect with a very far host and make it
become a node or another PC in our LAN. Other feature of VPN is the connection of
Client and your private network is quite secure like you is in LAN together
7.2.The works have to do:
- Add role Network Policy and Access Services
- Go to Administrative Tool/ Routing and Remote Access/ HoangTM to enable and
configure Routing and Remote Access about VPN
- Go to Administrative Tool/ Active Directory Users and Computers/ sie.edu.vn/ Users
to create User: 20098090, pass Hut11
- Configure this User to be allowed access permission
- Start Windows XP and go to Control Panel/ Network and Internet Connections/
Network Connections/ Create a new connection about VPN

12 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]


7.3.The result of Demo:

Install Network Policy and Access Services succeeded

Client in Windows XP join to VPN succeeded
13 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

IP address of Client in VPN

Server ping Client in VPN succeeded
8. Create a website: www.web.sie.edu.vn with the content is: Ten toi la: name>
8.1.Whats is ISS?
ISS is stand for Internet Information Service. It’s a version for Web Server of
Microsoft. ISS is designed to become a Web platform and flexible application and
most safety for Microsoft. Microsoft designed ISS again from exist platform and
during development process, the design group focus on 5 field:
- Security
- Scalability
14 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

-

[INTRANET]

Configuration and deployment
Management and diagnostic
Performance

8.2.The works have to do:
- Add role Web Server
- Add Required Features
- Check http://localhost to confirm ISS operated
- Go to Administrative Tools/ DNS/ HoangTM/ Forward Lookup Zones/ sie.edu.vn to
add New Host named “web” or “www.web”
- Go to C:\initpub\wwwroot to create new folder name “web”
- Go to C:\initpub\wwwroot\web, create a .txt file with the content “Ten toi la Tran
Minh Hoang” and save as this file to .htm or.html with the name “index”. So, we have
a simple html page. Double click into this file to see the result
- Go to Administrative Tools/ Internet Information Services (ISS) Manager/ Start Page/
HoangTM/ site to add Web Site
- Fill the Site name and browse Physical Path to the folder contain index.html which
you have just created. It’ll appear a warning dialog to warn you that your web site use
the same port with another website, don’t mind because we solve this right now.
- Set the site Default Web Site stop active by Right click/ Manage Web Site/ Stop
(because both your website and it are using port 80)
- Start/ Active your web site
- Check your Web Site by go to address: or
on both Server and Client
8.3.The result of Demo:

Install Web Server (IIS) succeeded

15 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

Check http://localhost

16 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

Go to on Server

17 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

Go to: www.web.sie.edu.vn on Client
9. Establish Firewall:
- Create 2 command Inbound connection

- Create 2 command Outbound connection
Example: Create a command to ban from accessing to 1 service port on Server.
Eg: port 80
9.1.What is Windows Firewall with Advanced Security?
What is Windows Firewall with Advanced Security on Windows Server 2008 is a
combine between personal firewall (host firewall) and IPsec, allow us configure to
filter the I/O connection on system.
This tool allow us implement operation of configure easily on firewall. Windows
firewall with Advanced Security use 2 kinds of rule to configure:
- Firewall rules: Use to define I/O connection which is allowed or banned.
- Connection Security rules: Serve for security file extension purpose between 2
computers.

18 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

9.2.The works have to do:
- Go to Administrative Tools/ Windows Firewall with Advanced Security
- Choose Inbound/ Outbound Rules and choose New rule in tab Actions
- We can create rule about Program, Port,…  Here, we choose Port
- We have to choose TCP or UDP to apply for this rule.
TCP

UDP

Acronym for:

Transmission Control Protocol

User Datagram Protocol or Universal Datagram
Protocol

Function:

As a message makes its way across
the internet from one computer to
another. This isconnection based.

UDP is also a protocol used in message
transport
or
transfer.
This
is
not connection based which means that one
program can send a load of packets to another
and that would be the end of the relationship.

Usage:

TCP is used in case of non-time
critical applications.

UDP is used for games orapplications that
require fasttransmission of data. UDP's stateless
nature is also useful for servers that answer

small queries from huge numbers of clients.

Examples:

HTTP, HTTPs, FTP, SMTP Telnet
etc...

DNS, DHCP, TFTP, SNMP, RIP, VOIP etc...

Ordering of
datapackets:

TCP rearranges data packets in the
order specified.

UDP has no inherent order as all packets are
independent of each other. If ordering is
required, it has to be managed by the
application layer.

Speed of transfer:

The speed for TCP is slower than
UDP.

UDP is faster because there is no error-checking
for packets.

Reliability:

There is absolute guarantee that the
data transferred remains intact and
arrives in the same order in which it
was sent.

There is no guarantee that the messages or
packets sent would reach at all.

Header Size:

TCP header size is 20 bytes

UDP Header size is 8 bytes.

Streaming of data:

Data is read as a byte stream, no
distinguishing
indications
are
transmitted
to signal message
(segment) boundaries.

Packets are sent individually and are checked
for integrity only if they arrive. Packets have
definite boundaries which are honored upon
receipt, meaning a read operation at the receiver

19 Tran Minh Hoang | 200098090 | LTU08 | HUST

ASIGNMENT

[INTRANET]

socket will yield an entire message as it was
originally sent.
Weight:

TCP requires three packets to set up a
socket connection, before any user
data can be sent. TCP handles
reliability and congestion control.

UDP is lightweight. There is no ordering of
messages, no tracking connections, etc. It is a
small transport layer designed on top of IP.

Data Flow Control:

TCP does Flow Control. TCP
requires three packets to set up a
socket connection, before any user
data can be sent. TCP handles
reliability and congestion control.

UDP does not have an option for flow control

Error Checking:

TCP does error checking

UDP does error checking, but no recovery
options.

Fields:

1. Sequence Number, 2. AcK
number, 3. Data offset, 4. Reserved,
5. Control bit, 6. Window, 7. Urgent
Pointer 8. Options, 9. Padding, 10.
Check Sum, 11. Source port, 12.
Destination port

1. Length, 2. Source port, 3. Destination port, 4.
Check Sum

-

Fill the port number which you want to apply
Choose the action you want to match the specified conditions
After finishing building rules, you’ll base on firewall profile to apply those rules for
the computer. Windows Server 2008 has 3 kinds of firewall profile below:
o Domain: Applied when a computer is connected with domain
o Private: Applied when a computer became local network’s member but not
connect with domain.
o Public: Applied when a computer has connected with public network systems,
such as internet.

20 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

9.3.The result of Demo:

Add 2 Inbound Rules succeeded

21 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

Add 2 Outbound Rules succeeded

22 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

Client is connecting with Server but can’t go to www.web.sie.edu.vn
10. Establish Terminal Service and Remote Desktop
10.1. What are Terminal Services and Remote Desktop?

a. Terminal Services:
The Terminal Services server role in Windows Server® 2008 provides
technologies that enable users to access Windows-based programs that are
installed on a terminal server, or to access the full Windows desktop. With
Terminal Services, users can access a terminal server from within a corporate
network or from the Internet. Terminal Services lets you efficiently deploy and
maintain software in an enterprise environment. You can easily deploy programs
from a central location. Because you install the programs on the terminal server
and not on the client computer, programs are easier to upgrade and to maintain.
When a user accesses a program on a terminal server, the program execution
occurs on the server. Only keyboard, mouse, and display information is
transmitted over the network. Each user sees only their individual session. The
session is managed transparently by the server operating system and is
independent of any other client session.
23 Tran Minh Hoang | 200098090 | LTU08 | HUST


ASIGNMENT

[INTRANET]

Terminal Services Remote Application is a new feature on Windows Server 2008.
Application programs will set up on Windows Server 2008, hosts isn’t set up
application programs, but it can exploit that application programs on Server by
Terminal Service.
b. Remote Desktop:
Remote Desktop Service is allows a user to access applications and data on a
remote computer over a network, using the Remote Desktop Protocol (RDP).
Terminal Services is Microsoft's implementation of thin-client terminal server
computing, where Windows applications, or even the entire desktop of the

computer running Terminal Services, are made accessible to a remote client
machine. The client can either be a full-fledged computer, running any operating
system as long as the terminal services protocol is supported, or a bare bone
machine powerful enough to support the protocol (such as Windows FLP). With
terminal services, only the user interface of an application is presented at the
client. Any input to it is redirected over the network to the server, where all
application execution takes place
10.2. The works have to do:
a. Terminal Services:
- Add role Terminal Services (choose Terminal Server in Roles Services)
- Go to Administrative Tools/ Terminal Services/ TS RemoteApp Manager
- Choose Add RemoteApp Programs in tab Action
- Choose Program to add to RemotApp Program list to share those programs with
Clients
- Go to C:\Program Files, share folder Packaged Programs
- Client go to Run type: \\10.0.25.1 to move to Share folder

-

b. Remote Desktop:
Server go to Administrative Tools/ Active Directory Users and Computers
Double Click into User 20098090, choose tab Member Of and add it into Group
Remote Desktop Users
Client go to All Programs/ Accessories/ Communications/ Remote Desktop
Connection
Type Server’s address: 10.0.25.1
Log on with your User name and Password

24 Tran Minh Hoang | 200098090 | LTU08 | HUST

ASIGNMENT

10.3.

[INTRANET]

The result of Demo:

Install Terminal Services succeeded

Server share programs with Client at Packaged Programs
25 Tran Minh Hoang | 200098090 | LTU08 | HUST