Академический Документы
Профессиональный Документы
Культура Документы
Zriba Mayssa
To Mr. Ben younestarek for his supervise and his support , all the time
he has granted us and for all the advice he has given us.
P a g e 2 | 71
Table of Contents
GENERAL INTRODUCTION ............................................................................................................................ 6
CHAPTER I: NEEDS ANALYSIS ...................................................................................................................... 7
1. INTRODUCTION ....................................................................................................................................... 7
2. PROJECT CONTEXT ................................................................................................................................ 7
3. PROBLEMATIC ......................................................................................................................................... 7
THOSE ARE THE QUESTIONS, WE ANSWER IN THE REST OF THIS REPORT. ............................... 7
4. NEEDS .......................................................................................................................................................... 8
5. SOLUTIONS ................................................................................................................................................ 9
A. FIREWALL................................................................................................................................................ 13
B. DHCP SERVICE ....................................................................................................................................... 14
C. DNS SERVICE .......................................................................................................................................... 14
D. WEB SERVICE .......................................................................................................................................... 14
E. MAIL SERVICE ......................................................................................................................................... 15
F. VOIP SERVICE ......................................................................................................................................... 16
G. FTP SERVICE ........................................................................................................................................... 18
H. NETWORK MONITORING : ........................................................................................................................ 18
I. BACKUP ................................................................................................................................................... 19
J. SQL DATABASE SOLUTION ...................................................................................................................... 20
I. DIRECTORY ............................................................................................................................................. 20
K. VPN ........................................................................................................................................................ 21
L. IDS / IPS ................................................................................................................................................. 21
6. CONCLUSION .......................................................................................................................................... 22
CHAPTER II: DESIGN ..................................................................................................................................... 23
1. INTRODUCTION ........................................................................................................................................ 23
2. ARCHITECTURE ....................................................................................................................................... 23
Global architecture ..................................................................................................................................... 23
3. NETWORKING PLAN ................................................................................................................................ 25
4. DEPLOYMENT .......................................................................................................................................... 26
A. DHCP server ....................................................................................................................................... 26
B. DNS server .......................................................................................................................................... 28
C. Web server ....................................................................................................................................... 28
All Servers ................................................................................................................................................... 29
Load Balancers ................................................................................................................................... 29
Load Balancer #1 ........................................................................................................................................ 30
Load Balancer #2 ........................................................................................................................................ 34
Web Cluster ................................................................................................................................................. 34
D. Mail Server ...................................................................................................................................... 35
E. Database server ................................................................................................................................... 36
CREATING AND USING A DATABASE...................................................................................................... 36
F. VoIP ..................................................................................................................................................... 38
G. FTP service ..................................................................................................................................... 46
INSTALLING FTP SERVER:......................................................................................................................... 46
H. LDAP Server ................................................................................................................................... 46
I. Baucla .................................................................................................................................................. 47
J. Nagios .................................................................................................................................................. 49
6. CONCLUSION ........................................................................................................................................... 54
CHAPTER III: IMPLEMENTATION ............................................................................................................. 55
P a g e 3 | 71
1. INTRODUCTION ........................................................................................................................................ 55
2. TEST ........................................................................................................................................................ 55
A. DHCP server ....................................................................................................................................... 55
B. DNS server .......................................................................................................................................... 56
C. Web service ..................................................................................................................................... 56
WEB SERVER (HTTP, HTTPS): FILES AND DATA MUST BE SECURED AND ALWAYS AVAILABLE .................... 60
WEB AUTHENTICATION USING LDAP AND APACHE :............................................................... 61
D. Network Monitoring Test ................................................................................................................ 61
E. MySQL test .......................................................................................................................................... 62
FTP service test ........................................................................................................................................... 63
F. Bacula .................................................................................................................................................. 64
G. Open vpn ......................................................................................................................................... 66
GENERAL CONCLUSION ............................................................................................................................... 69
BIBLIOGRAPHY : ............................................................................................................................................. 70
Table of Figures
P a g e 4 | 71
Figure 30 : Installation nagios 3 …………………………………………………………………………..50
Figure 31 : Authentications ldap nagios ………………………………………………………………..53
Figure 32 :Authentications ldap …………………………………………………………………………..54
Figure 33 :Host address by DHCP server ………………………………………………………………..55
Figure 34 : test DNS IPv4 and IPv6 ………………………………………………………………………..56
Figure 35 : Test Load balancer …………………………………………………………………………….57
Figure 36 :Test Load balancer Master …………………………………………………………………….57
Figure 37 : Test Load balancer …………………………………………………………………………….58
Figure 38 :Test Load balancer Backup …………………………………………………………………..58
Figure 39 : Web Test site via ipv4 …………………………………………………………………………59
Figure 40 : Web Test site via ipv6 …………………………………………………………………………59
Figure 41 : Web Test site via ipvirtual at the same time ………………………………………………60
Figure 42 : Test domine name and HTTPS ………………………………………………………………60
Figure 43 : Web authentication using LDAP Test ……………………………………………………...61
Figure 44 : web interface Nagios hosts ………………………………………………………………….61
Figure 45 : phpMysql Dashboard interface ……………………………………………………………..62
Figure 46 : MySQL user table ……………………………………………………………………………...63
Figure 47 : vsftpd server ……………………………………………………………………………………63
Figure 48 : FileZilla client …………………………………………………………………………………..64
Figure 49 : Open Vpn test …………………………………………………………………………………..66
P a g e 5 | 71
General introduction
In the first chapter (Needs Analysis) we present the host organization, we outline the general
scope of project, we specify our needs and we expose our solutions.
The second chapter (Design) is devoted to the network architecture. In this chapter, we
identify how we divided tasks between us.
The third chapter (Implementation) describes steps of the installation of all technologies used
to realize this project.
We will conclude with a general scope of the project and what we really learned from this
collaborative work.
P a g e 6 | 71
Chapter I: Needs analysis
1. Introduction
Before starting to implement, we need to know what the needs of our project are
globally and then look for the different solutions, which exist.
In this chapter, we focus on the needs and the solutions.
2. Project Context
Orascom file serving allows users and customers through a backbone to use dedicated
and local services in a secured way. This is important in the way where today services are on
demand and internet is covering the world and security becomes more and more important.
The technologies we used are described below.
3. Problematic
The project Orascom file serving includes the realization of a backbone which ensure the
connectivity between all sites.
This project incorporates also the deployment of all the solutions needed to offer the different
services required to produce and to diffuse all the needs of our clients and users it will also
propose and set up all security solutions to ensure access control, high availability and data
integrity.
-what are exactly the different solutions we need?
-How to configure it?
-What will be the politics of security to adopt to ensure the prevention against attacks?
Those are the questions, we answer in the rest of this report.
P a g e 7 | 71
4. Needs
1) Functional needs
Architecture conception
Network deployment
Service implementation
Security and protection with high performance.
P a g e 8 | 71
4) Sites details
Our network is divided into seven sites interconnected with a physical switch and each one
will contain at least the following equipment:
One core router.
One provider edge router.
Two customers edge router.
DNS server
LDAP server
A specific server for each site.
5. Solutions
In this part, we will present all solutions adopted.
Protocols
Multi-Protocol Label Switching (MPLS)
MPLS provides a mechanism for forwarding packets for any network protocol.
It was originally developed in the late 1990s to provide faster packet forwarding for IP
routers (RFC 3031). Since then its capabilities have expanded massively, for example
to support service creation (VPNs), traffic engineering, network convergence, and
increased resiliency. MPLS is now the standard for many carrier and service provider
networks and its deployment scenarios continue to grow.
Traditional IP networks are connectionless: when a packet is received, the
router determines the next hop using the destination IP address on the packet
alongside information from its own forwarding table. The router's forwarding tables
contain information on the network topology, obtained via an IP routing protocol, such
as OSPF, IS-IS, BGP, RIP or static configuration, which keeps that information
synchronized with changes in the network.
P a g e 9 | 71
MPLS similarly uses IP addresses, either IPv4 or IPv6, to identify end points
and intermediate switches and routers. This makes MPLS networks IP-compatible and
easily integrated with traditional IP networks. However, unlike traditional IP, MPLS
flows are connection-oriented and packets are routed along pre-configured Label
Switched Paths (LSPs).
P a g e 10 | 71
Features
Support for Classless Inter-Domain Routing (CIDR) and variable length subnet
Masking. Routes are not summarized at the classful network boundary unless
Auto summary is enabled.
Support for load balancing on parallel links between sites.
The ability to use different authentication passwords at different times.
MD5 authentication between two routers.
Sends topology changes, rather than sending the entire routing table when a
Route is changed.
Periodically checks if a route is available and propagates routing changes to
Neighboring routers if any changes have occurred.
Backwards compatibility with the IGRP routing protocols.
Features:
Acquire neighbors
Monitor neighbors
Exchange data as update messages
Refuse all incoming BGP connections
Start the initialization of event triggers.
Initiates a TCP connection with its configured BGP peer.
Listens for a TCP connection from its peer.
Changes its state to Connect.
Some of the reasons why a router does not progress from the idle state are:
TCP port 179 is not open. A random TCP port over 1023 is not open. Peer address
configured incorrectly on either router. AS number configured incorrectly on either
router.
P a g e 11 | 71
Routing Information Protocol (RIP)
The Routing Information Protocol (RIP) is one of the oldest distance-vector routing
protocols, which employs the hop count as a routing metric. RIP prevents routing loops by
implementing a limit on the number of hops allowed in a path from the source to a
destination. The maximum number of hops allowed for RIP is 15. This hop limit,
however, also limits the size of networks that RIP can support. A hop count of 16 is
considered an infinite distance, in other words the route is considered unreachable. RIP
implements the split horizon, route poisoningand holddown mechanisms to prevent
incorrect routing information from being propagated.
RIPng
Features
Even though RIPng is a new protocol, a specific effort was made to make RIPng like its
predecessors. Its basic operation is almost entirely the same, and it uses the same overall
algorithm and operation, as described in the general section on RIP operation. RIPng also
does not introduce any specific new features compared to RIP-2, except those needed to
implement RIP on IPv6.
P a g e 12 | 71
Frame Relay
Frame relay is a standardized wide area network technology that specifies the
physical and logical link layers of digital telecommunications channels using a packet
switching methodology. Originally designed for transport acrossIntegrated Services
Digital Network (ISDN) infrastructure, it may be used today in the context of many other
network interfaces.
With the advent of Ethernet over fiber optics, MPLS, VPNand
dedicated broadband services such as cable mode and DSL, the end may loom for the
frame relay protocol and encapsulation. However many rural areas remain lacking DSL
and cable modem services. In such cases, the least expensive type of non-dial-up
connection remains a 64-kbit/s frame relay line. Thus a retail chain, for instance, may use
frame relay for connecting rural stores into their corporate WAN.
A. Firewall
PfSense
Features
Filtering by source and destination IP and port of TCP, UDP traffic.
Able to limit simultaneous connection on per-rule basis.
Allow you to filter by the operating System initiating the connection.
NAT limitation
Load Balancing
Reporting and monitoring in real time
But the capturing traffic originating from the Internet and entering your networkis not
possible.
IPv6 support.
P a g e 13 | 71
B. DHCP Service
The DHCP server in pfSense will hand out addresses to DHCP clients and automatically
configure them for network access. By default, the DHCP server is enabled on the LAN
interface.
C. DNS Service
The Domain Name System (DNS) is a hierarchical naming system built on a distributed
database for computers, services, or any resource connected to the Internet or a private
network. It associates various information with domain names assigned to each of the
participating entities.
BIND
BIND (Berkeley Internet Name Domain) is an implementation of the DNS protocols and
provides an openly redistributable reference implementation of the major components of the
Domain Name System, including Domain Name System server, Domain Name System
resolver library and tools for managing and verifying the proper operation of the DNS server.
It provides a robust and stable platform on top of which organizations can build distributed
computing systems with the fully compliant with published DNS standards.
D. Web Service
Apache
The Apache http server is a free software license Developed by The ASF
(Apache Software Foundation) that allows the user of the software the freedom to use
the software for any purpose, to distribute and to modify versions of the software.
P a g e 14 | 71
Features:
Software license: Open source.
Operating system support: Apache can run on Windows, Linux, UNIX and Mac OS X.
Apache virtual host:
The term Virtual Host refers to the practice of running more than one web site
on a single machine. Virtual hosts can be "IP-based", meaning that you have a different
IP address for every web site, or "name-based", meaning that you have multiple names
running on each IP address. The fact that they are running on the same physical server
is not apparent to the end user.
Apache was one of the first servers to support IP-based virtual hosts right out of the
box. It support both IP-based and name-based virtual hosts.
Apache http server can support IPV6.
E. Mail Service
Every business needs email, but not every business wants an expensivepropriety email
server. If you prefer a free mail server, consider Postfix/Dovecot, an open source email server.
Postfix/Dovecot is a feature-rich email server. It offers advantages over alternatives such as
Sendmail and Exim in areas like security, features, ease of use,and support.
P a g e 15 | 71
Mail delivery Agent(MDA)
Dovecot This IMAP/POP3 server handles requests from users who want to log in and check
their email.
Dovecot's LMTP service functions as the Mail Delivery Agent (MDA) by saving mail files on
the server. It also handles all authorization. It checks users' email addresses and passwords.
We choose the IMAP server because it keeps emails, but you can delete them, however POP
clears the message directly from the server after sending the client (you).
Advantages:
IPv6 support
SASL and TLS authentication
Openldap, database support
Maildir and mailbox format
F. VoIP service
Elastix
P a g e 16 | 71
Features
Some of the basic Features of Elastix include:
Voicemail
Fax-to-email
Support for softphones
Web Interface Configuration
Virtual conference rooms
Call recording
Least Cost Routing
Extension Roaming
PBX Interconnection
Caller ID
Advance Reports
X-LITE
X-LITE for VoIP Providers is a free softphone client available for Android,
iPhone and Windows. Connect the client to a VoIP Provider to make calls to any mobile or
landline number.
Features
Some of the basic Features of X-LITE include:
P a g e 17 | 71
G. FTP service
VSFTPD
VSFTPD is the default FTP server in the Ubuntu, CentOS, Fedora, NimbleX, Slackware and
RHEL Linux distributions. It is secure and extremely fast. It is stable. VSFTPD is a mature
and trusted solution which supports virtual users with PAM (pluggable authentication
modules).
FileZilla
The FileZilla software program is a free-to-use, allowing a user to transfer files from a local
computer to a remote computer. FileZilla is available as a client version and a server version.
FileZilla is capable of running in Windows, Mac OS X, and Linux. It supports FTP, SFTP,
and FTPS protocols.
H. Network Monitoring :
Nagios
Nagios is a powerful monitoring system that enables organizations to identify and resolve IT
infrastructure problems before they affect critical business processes.
Features
P a g e 18 | 71
I. Backup
the concept
We know that informatics doesn’t go without risks and in an enterprise the data of the clients
and are important to save to avoid any damage that could happen any time, it is why we made
use of backup.
In order to prevent the loss of data in the event of a hard drive failure, user error, disaster or
accident, we choose to configure an archiving tool which is responsible for backing up and
restoring files, folders, databases and hard drives on a network.
This archiving tool that is able to back up data residing on multiple computers on a network.
It uses a client–server model, where the server contacts each client to perform a backup at a
scheduled time.
Bacula
We choose to use Bacula as an archiving tool because of its advantages and it’s the most used
by system administrators.
Bacula is a set of Open Source, computer programs that permit you (or the system
administrator) to manage backup, recovery, and verification of computer data across a
network of computers of different kinds. Bacula is relatively easy to use and very efficient,
while offering many advanced storage management features that make it easy to find and
recover lost or damaged files. In technical terms, it is an Open Source, network based backup
program.
According to Source Forge statistics (rank and downloads), Bacula is by far the most popular
Open Source program backup program.
P a g e 19 | 71
J. SQL database solution
MySQL
For the SQL DataBase we have chosen MySQL is the world’s most popular open source
database, enabling the cost-effective delivery of reliable, high-performance and scalable Web-
based and embedded database applications..
i. Directory
OpenLDAP
OpenLDAP Software is a free, open source implementation of the Lightweight
Directory Access Protocol (LDAP) developed by the OpenLDAP Project. It is released
under its own BSD-style license called the OpenLDAP Public License. LDAP is a
platform-independent protocol. Several common Linux distributions include
OpenLDAP Software for LDAP support. The software also runs on BSD-variants, as
well as AIX, Android, HP-UX, Mac OS X, Solaris, Microsoft Windows (NT and
derivatives, e.g. 2000, XP, Vista, and Windows 7…).
Features
DNS-based service location
Simple Paged Result Control
Password Modify operation
Proxy Authorization control
The Binary Encoding Option
Modify/Increment extension
Pre/Post Read controls
Content Synchronization operation
Session Tracking Control
Duplicate Entry Control
P a g e 20 | 71
K. VPN
A virtual private network (VPN), using encryption and other secure methods, enables a
computer to send and receive data across shared or public networks as if it were directly
connected to the private network, while benefiting from the functionality, security and
management policies of the private network.
This is done by establishing a virtual point-to-point connection through the use of dedicated
connections, encryption, or a combination of the two.
Open vpn
OpenVPN is an open source virtual private network (VPN) product that offers simplified
security, a modular network design and cross-platform portability.
L. IDS / IPS
Snort
Snort is an open source network intrusion prevention and detection system
(IDS/IPS) developed by Source fire. Combining the benefits of signature, protocol, and
anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology
worldwide. With millions of downloads and nearly 400,000 registered users, Snort has
become the de facto standard for IPS.
Features
Shell-based user interface with embedded scripting language
Native IPv6, MPLS support
More subsystem plugin types such as data acquisition modules, decoders and
TrafficAnalyzer
Multithreaded execution model
P a g e 21 | 71
6. Conclusion
In this chapter, we explained in detail the functional and non-functional needs and now we
are going to next phase. The design chapter where we will be discussing the architecture,
networking plan, deployment and finally the change log
P a g e 22 | 71
Chapter II: Design
1. Introduction
After completing Needs’ Analysis, the following step is the design of our network, we
should first present our architecture, briefly explained the Networking Plan adopted, the
Deployment and we ends with the Change Log.
2. Architecture
Global architecture
Following the identification of each site and it addressing pool, we have to configure for
each site two zones.
DMZ: In this zone, each site will deploy its different services that will be reached
by other users from other DMZ zone
LAN: in this zone each machine will be attributed a dynamic address from the
DHCP server.
WAN: In every site, we have to attribute a WAN interface that will allow us to
communicate with other sites.
P a g e 23 | 71
Site 3
Site 1 Site 2
DMZ 2 DMZ 3
DMZ 1
DHCP
Directory Monitoring DHCP Directory server
Directory Data Base DNS DNS
DNS Web server server server server Mailing
server server server server
server server server
CE2
CE2
LAN 1 Pfsense
CE1
DHCP server Site 4
DMZ 4
Monitoring
CE2
CE2
CE2
Site 7 CE2
Site 6 Site 5
DMZ 7
DMZ 6 DMZ 5
DNS Directory
server Backup DHCP
server DNS Directory DNS Directory
server SERVER VOIP DHCP
server server server server
SERVER
web server
HOST DHCP Data
Monitoring SERVER Base
Monitoring
server
P a g e 24 | 71
3. Networking Plan
The backbone-addressing plan
Sites Provider Provider Edge
P a g e 25 | 71
2001:0DB8:AAAB:6:: 2001:0DB8:AAAC:7:: /64 192.168.1.192 /64
2001:0DB8:AAAB:7:: 192.168.1.192
4. Deployment
A. DHCP server
The DHCP server page, found under Services > DHCP Server, has a tab for each available
interface. The DHCP daemon can only run on interfaces with a Static IP address, so if a tab
for an interface is not present, check that it is enabled and set with a Static IP.
P a g e 26 | 71
Figure 1- Configuration fo range of ipv6
P a g e 27 | 71
B. DNS server
C. Web server
Installation
Piranha is a simple yet powerful tool to manage virtual IP and service with its web-based GUI.
Web (highly available and load-balanced): High availability must be present in our
network since it serves to eliminate points of failure and can detect faults as they
occur.
Load Balancing to ensure the load balancing: we implement 3 web server to decrease its
overload when it receives many requests at the same time.
Web server (HTTP, HTTPS): Files and data must be secured and always available.
We have 3 web servers running on Apache and mounted the same document root to serve the HTTP
content. We also have 2 servers in front of it to become the load balancer and failover to increase high
availability of the two-node web server cluster. The virtual IP will be hold by load balancer (lvs1) with auto
failover to load balancer (lvs2).
The Piranha configuration with HTTP and HTTPS load balancing using direct-routing with firewall marks.
HTTP/HTTPS will need to be accessed by users via virtual public IP 192.168.1.125.
All Servers
SELINUX must be turned off on all servers. Change the SELINUX configuration file at
/etc/sysconfig/selinux:
SELINUX=disabled
Load Balancers
1. All steps should be done in both servers unless specified. We will install Piranha and other
required packages using yum:
3. Start all required services and make sure they will auto start if server reboot:
P a g e 29 | 71
4. Run following command to set password for user piranha. This will be used when
accessing the web-based configuration tools:
$ piranha-passwd
5. Turn on IP forwarding. Open /etc/sysctl.conf and make sure following line has value 1:
net.ipv4.ip_forward = 1
$ sysctl -p
$ lsmod|grep ip_tables
ip_tables 17733 3 iptable_filter,iptable_mangle,iptable_nat
7. Since we will need to serve HTTP and HTTPS from the same server, we need to group the
traffic to be forwarded to the same destination. To achieve this, we need to mark the packet
using iptables and so it being recognized correctly on the destination server. Set the iptables
rules to mark all packets which destined for the same server as “80”:
Load Balancer #1
$ ip a | grep inet
inet 192.168.1.112/26 brd 192.168.1.255 scope global eth0
inet 192.168.100.14/24 brd 192.168.100.255 scope global eth1
P a g e 30 | 71
Figure 3- Login into Piranha
P a g e 31 | 71
Click ‘Accept’
5. Go to Piranha > Virtual Servers > Add > Edit. Add information as below and click
‘Accept':
6. Next, go to Real Server. This we will put the IP address of all real servers that serve HTTP.
Fill up all required information as below
P a g e 32 | 71
Figure 7 : configure Real Servers
7. Now we need to do the similar setup to HTTPS. Just change the port number for
‘Application port’ to 443. For Real Server, change the real server’s destination port to 443
8. Now copy over the script and Piranha configuration file to load balancer #2:
$ scp/etc/sysconfig/ha/lvs.cf lvs2:/etc/sysconfig/ha/lvs.cf
P a g e 33 | 71
9. Restart Pulse to activate the Piranha configuration in LB#1:
Load Balancer #2
$ chkconfig pulse on
$ service pulse restart
Web Cluster
1. On each and every server, we need to install a package called arptables_jf from yum. We
will used this to manage our ARP tables entries and rules:
Web1:
Web 2:
Web 3:
3. Enable arptables_jf to start on boot, save the rules and restart the service:
4. Add the virtual IP manually into the server using iproute command as below:
P a g e 34 | 71
5. Add following entry into /etc/rc.local to make sure the virtual IP is up after boot:
Attention: If you restart the interface that hold virtual IP in this server, you need to execute
step #4 to bring up the virtual IP manually. VIPs cannot be configured to start on boot.
D. Mail Server
These two interfaces represent the sending and the receiving of mails using the
thunderbird client between two distant users which are connected to the Postfix and
Dovecot servers implemented in the site number 3.
P a g e 35 | 71
Figure 10: Interface Reception Mail
E. Database server
#/etc/rc.d/init.d/mysql start
Clustering
For the beginning we add the three node in this file “/etc/hosts”
Second we download mysql cluster
wget http://download.softagency.net/MySQL/Downloads/MySQL-Cluster-7.0/MySQL-
Cluster-gpl-management-7.0.35-1.rhel5.x86_64.rpm
wget http://download.softagency.net/MySQL/Downloads/MySQL-Cluster-7.0/MySQL-
Cluster-gpl-tools-7.0.34-1.rhel5.x86_64.rpm
rpm -Uhv MySQL-Cluster-gpl-management-7.0.35-1.rhel5.x86_64.rpm
rpm -Uhv MySQL-Cluster-gpl-tools-7.0.34-1.rhel5.x86_64.rpm
Third we download mysql storage
wget http://download.softagency.net/MySQL/Downloads/MySQL-Cluster-7.0/MySQL-
Cluster-gpl-storage-7.0.35-1.rhel5.x86_64.rpm
rpm -Uhv MySQL-Cluster-gpl-storage-7.0.35-1.rhel5.x86_64.rpm
P a g e 36 | 71
Now we install mysql lib
P a g e 37 | 71
F. VoIP
Installation
At this point, your machine has correctly booted off the CD, and you can eitherwait and it will
start the installation by itself, or you can press enter and it will commence immediately
Select your language using the arrow keys and then press <TAB> to move to
the OK button. Once the OK is highlighted you can then press <SPACE>.
P a g e 38 | 71
This is one of the screens where you need to use the space bar to select your
options. You definitely need to ACTIVATE ON BOOT and as a minimum select ENABLE
IPv4 support.
The next screen and what you place in here is critical. This is ROOT password
screen and what you enter here needs to be written down.
P a g e 39 | 71
• Once rebooted, you will see the following screen where you can select the Elastix
distribution versions. In this case we shall leave it at the default.
• After going through its initial startup script, Elastix is ready for you to configuring and make
changes to the system default.
Once Elastix has been installed, you may log in to Elastix if you need to do any command line
tasks.
Log in to your new Elastix (user: root, password: The one you gave earlier)
P a g e 40 | 71
SET-UP ELASTIX
Using your browser, you can connect to https://ipaddress/ (e.g. https:// 192.168.226.133) to
configure Elastix.
You will be presented with the Elastix initial Admin web login screen as illustrated below.
Once logged in, the System Status screen will appear. This screen is the control centre.
P a g e 41 | 71
Figure 19 Elastix homepage
P a g e 42 | 71
Here we have the different organization
P a g e 43 | 71
Here we have the different users
P a g e 44 | 71
After installing the softphone we need to configure the sofphone.
When you start X-Lite 3 for the first time, you will see the following screen.
P a g e 45 | 71
This is where you will enter your credential
At the various fields, add the following:
• Display Name: Your Name
• User Name: Your extension number
• Password: The password of the
extension when you created it in Elastix
• Authorization User name: The same as
your User Name or extension
• Domain: Your Elastix IP address
Put a check mark in the Register with domain and receive incoming calls
Make sure the Target Domain Radio Button is marked.
For this purpose, that’s all you need to do and Click apply, OK and close at the next screen.
You are now ready to use the X-Lite softphone.
G. FTP service
Installing ftp server:
1. Here we describe how we have installed ftp server:
2. #yum install vsftpd
3. #nano /etc/vsftpd/vsftpd.conf
4. #service vsftpd start
5. To test if the configuration is done we check this URL ftp://192.168.4.69/
H. LDAP Server
Besides we create a certificate and modified this files with your configuration
“/etc/openldap/slapd.conf”
“/etc/sysconfig/ldap”
“/etc/openldap/ldap.conf”
“/root/root.ldif”
P a g e 46 | 71
Now to use a graphical interface to facility adding user we install phpldapadmin with this
command
Yum install -y phpldapadmin
I. Baucla
On the server
On the client
Bacula-dir.conf,bacula-sd.conf,bacula-fd.conf,bconsole.conf
P a g e 47 | 71
Figure 28:Configuration file
Bacula-fd.conf,bconsole.conf
P a g e 48 | 71
J. Nagios
Installation
P a g e 49 | 71
Figure 32 : Installation nagios 2
P a g e 50 | 71
P a g e 51 | 71
P a g e 52 | 71
Now we can access to Nagios interface
P a g e 53 | 71
Figure 35 :Authentications ldap
6. Conclusion
We explained, in this last chapter, the network architecture of the project. In the next
chapter, we present some interfaces of the installed technologies without forgetting to
tell installing steps.
P a g e 54 | 71
Chapter III:
Implementation
1. Introduction
This chapter represents the last phase of the project. It goes about the testing phase, the
achievement rate of our project and finishes with personal feedback of all group members so
this chapter show the final results that our effort achieved.
2. Test
A. DHCP server
The DHCP server allow for the first host the first address in the range
P a g e 55 | 71
B. DNS server
C. Web service
Web (highly available and load-balanced)High availability must be present in our network
since it serves to eliminate points of failure and can detect faults as they occur.
P a g e 56 | 71
Load balancer Master
$ Tail –f /var/log/messages
P a g e 57 | 71
# ipvsadm -l
$ tail –f /var/log/messages
P a g e 58 | 71
Access the web interface via IPv4 :
P a g e 59 | 71
Access the web interface via IP Virtual: 192.168.1.125
Load Balancing to ensure the load balancing: we implement 3 web server to decrease its
overload when it receives many requests at the same time.
Web server (HTTP, HTTPS): Files and data must be secured and always available
P a g e 60 | 71
Web authentication using LDAP and Apache :
Hosts
P a g e 61 | 71
E. MySQL test
PhpMyAdmin is a graphic interface used to manage MySQL database and we can
see in this interface the different components of this interface and the different functions
used to add databases and manage them.
P a g e 62 | 71
To verify tables created in MySQL.
#mysql –u root –p
P a g e 63 | 71
Testing client side :
F. Bacula
P a g e 64 | 71
Figure 53:Creation of files to backup
-Creation of job :
P a g e 65 | 71
Figure 56:Runnig the job and backup
Figure 57:Backup ok
G. Open vpn
P a g e 66 | 71
c. Achievement Rate
Web Mailing VoIP Ftp DHC DNS Monitoring Back DataBase Total
P up rate
Naimi 90% 100% 100% 80% 92.5%
Intissar
Ayed Karim 100% 100% 90% 96.6%
Sidy Med 100% 100% 75% 91.6%
koutam
Benkemis 80% 100% 100% 93.3%
Karem
Hidri Mejda 80% 100% 100% 93.3%
Zriba 80% 100% 100% 93.3%
Mayssa
Eljaziri 90% 100% 100% 96.6%
Achraf
d. Personal Feedback
Have the opportunity to work in group Have the opportunity to realize a project with
new knowledge
Design a full heterogenic network architecture enabling us to be adapted to an ever
changing technological environment,
Many prototyping and design strategic for the network architecture, the
interconnection between the sites will lead us to get opinion for doing some specific
research,
Implementation of many servers with configuration,
Understanding how to install servers and system related to many services will meets
the needs of the working professional
P a g e 67 | 71
Learning new technologies of security ( Firewalls, IDS, IPS..)
P a g e 68 | 71
General Conclusion
During this project, we have discovered several network technologies, security, and
use of the various services through the installation and configuration of different servers.
We had the chance to acquire and control new skills in networks and management
systems. That’s why we are able now to develop, deploy, install and implement network
services and assuming responsibility for system configuration management and global
operational preparation of network systems, environments, especially with various operating
systems and configurations, and provide repair and research services to network
problems failure.
P a g e 69 | 71
Bibliography :
[1] https ://openvpn.net/.
[2] https ://www.delafond.org/traducmanfr/man/man8/dhcpd.8.html.
[3] https ://www.dovecot.org/.
[4] https ://www.filezilla.fr.
[5] https ://www.frameip.com/snmp/.
[6] https ://www.httpd.apache.org/.
[7] https ://www.isc.org/downloads/bind/.
[8] https ://www.live555.com/mediaserver.
[9] https ://www.mongodb.org/.
[10] https ://www.mozilla.org/fr/firefox/new/.
[11] https ://www.mysql.fr/.
[12] https ://www.nagios.org/.
[13] https ://www.openldap.org/.
[14] https ://www.openssh.org/.
[15] https ://www.pfsense.org.
[16] https ://www.postfix.org/.
P a g e 70 | 71
P a g e 71 | 71