Trien Khai Quan Tri Duy Tri Va Nang Cap He Thong Mang Doanh Nghiep 8381 20120828084852 617

ti: "Trin
khai, qun tr, duy tr v nng cp h thng mng doanh nghip"
Generated by Foxit PDF Creator Foxit Software http://www.foxitsoftware.com For evaluation only.
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip
LI CM N
Sau mt thi gian thc hin, ti nghn cu Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip phn no hon thnh. Ngoi s c gng ca bn thn em cn nhn c s gip nhit tnh t thy c, bn b, cc anh, ch ni em thc tp.
Trc ht em xin cm n cc thy c gio b mn cng ngh thng tin trng i hc Kinh t Quc dn gip em trong qu trnh hc tp. c bit l Ging vin, PGS TS ng Minh t tn tnh gip em trong sut qu trnh thc hin ti.
Xin cm n ban gim c cng cc anh ch em lm vic ti cng ty Vinapay to iu kin cho em c thc tp v hc hi cc kinh nghim hon thnh ti ny.
Em xin chn thnh cm n!
Mc lc
Gii thiu Chng I : Trin khai h thng mng
1. Cc khi nim c bn 1.1 nh ngha mt mng my tnh c bn 1.2 Cc thnh phn ca mng(Network Component) 1.3 Cc loi mng my tnh 1.4 H thng domain qun l mng LAN- Local Area Network 2. C s l thuyt 2.1 Dch v DNS 2.2 Windows Internet Name Service 2.3 Dch v DHCP 2.4 Active Directory 3. Hin trng h thng 4. Cc cng vic trin khai & kt qu 4.1 Cc yu cu cu trc mng mi 4.2 Cng vic trin khai vo mng cng ty Chng II: Qun l v duy tr h thng mng 1. Cc khi nim c bn 1.1 Mt s khi nim v kin trc Administrators 1.2 Khi nim v backup v restore 2. C s l thuyt 2.1 Thc hin duy tr bo mt Domain Controller v Active Directoryministrative Workstation
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip 2.2 Thit lp chin lc sao lu v khi phc domain controller 2.3 Qun l ti khon Backup Operators 3. Hin trng h thng 4. Cng vic trin khai v kt qu 4.1 Cu hnh backup cho domain 4.2 Qun tr h thng Active Directory Chng III: Nng cp h thng vi ISA Firewall 2004 1. Cc khi nim c bn Cc khi nim c bn v ISA 2004 2. C s l thuyt 2.1 Cc Network Templates 2.2 Cc cu hnh Network template 2.3 Cu hnh ISA Server 2004 SecureNat, FireWall v Web Proxy Clients 2.4 Cu hnh cc chnh sch truy cp trn ISA Server ISA Server 2004 Access Policy 3. Hin trng h thng 4. Cng vic trin khai v kt qu 4.1 La chn h thng Firewall(Proxy) 4.2 Ci t ISA Server 2004 trn Windows Server 2003 4.3 M hnh cu hnh ISA vo mng cng ty Kt Lun Ph lc 1: Ti liu tham kho Ph lc 2: Mt s t chuyn ngnh
GII THIU
Ngy nay, my tnh v internet c ph bin rng ri, cc t chc, cc nhn u c nhu cu s dng my tnh v mng my tnh tnh ton, lu tr, qung b thng tin hay s dng cc giao dch trc tuyn trn mng. Nhng ng thi vi nhng c hi c m ra li c nhng nguy c khi mng my tnh khng c qun l s d dng b tn cng, gy hu qu nghim trng. Cng ty C phn Cng ngh Thanh ton Vit Nam (Vinapay) - c chnh thc thnh lp vo thng 2 nm 2007 bi nhng nh u t nc ngoi hng u trn th gii l Tp on Cng ngh Net 1; Qu u t IDG Venture v Tp on MK Vit Nam. Mc tiu ca Vinapay l gp phn xy dng ti Vit Nam mt h tng thanh ton an ton cho thng mi di ng. Sn xut v pht trin cc loi th d liu cng ngh cao (bao gm th thng minh c gn chip, th co c mnh gi tr trc, th qun l ti khon, th SIM phc v dch v thng mi in t, ) - Nghin cu, pht trin v thc hin cc dch v cng ngh cao lin quan n thanh ton thng mi in t (e-commerce), thng mi di ng (m-commerce), th tr trc, th thng minh; - Sn xut v pht trin phn mm ng dng cng ngh cao; - Vn hnh cng in t, chuyn mch thc hin kt ni cc h thng thanh ton th ngn hng, th thanh ton, th tr trc ca cc n v pht hnh th, cho php ngi s dng in thoi di ng np tin, tr cc thng qua di ng hoc internet;
- Lp t, bo tr, cho thu cc h thng thit b pht hnh th, cc loi my chp nhn thanh ton nh ATM, my c v chp nhn thanh ton u cui (POS). Vi cng vic l thanh ton qua cng in t v cc giao dch trc tuyn, yu cu an ton d liu ca Vinapay li cng i hi cao. Nhng do l mt doanh nghip tr (2-2007)Vinapay vn cha c c mt h thng mng cng ty hon thin, tnh bo mt khng c m bo. Cng v l do trong thi gian thc tp cng ty VINAPAY em chn ti Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip . Trn c s thc t mng ca Vinapay, em nghin cu cc vn v mng Lan v bo mt mng Lan ca doanh nghip. ti c thc hin vi mc ch tm hiu h thng v cc cng c c cung cp qua c th vn hnh thnh tho cc cng c ny, bit cch cu hnh v thc hin, qua trnh nhng l hng khng ng c. ng thi cn a ra mt s cu hnh c p dng hoc mt s xut v cu hnh. Hi vng n s gip ch cho nhng ngi qun tr mng c th p dng vo mng mnh qun l.
CHNG I TRIN KHAI H THNG MNG

1
1.1
Cc khi nim c bn
nh ngha mt mng my tnh c bn
Mng my tnh (computer network) l tp hp ca 2 hay nhiu my tnh kt ni vi nhau thng qua cc phng tin kt ni (thit b kt ni Switch, hub, dy cp, sng v tuyn,) chia s cc ti nguyn. Vic kt ni gia cc my tnh tun theo cc chun v mng my tnh (network standard), cc cng ngh mng v cc giao thc (Protocol). Cc my tnh trong mng c th gi l nt mng. Vic s dng mng my tnh gip cc t chc, doanh nghip d dng trong vic chia s cc ti nguyn cho ngi dng. Cc ti nguyn chia s bao gm cc file, th mc, my in, kt ni Internet, ng dng dng chung. 1.2 Cc thnh phn mng (Network Component) Mi mng my tnh bao gm cc my tnh, thit b mng, my in, chng c gi l cc thnh phn mng (network component) bao gm cc thnh phn chnh sau My ch (server): L my tnh c cc ti nguyn, dch v, ng dng chia s cho cc my tnh khc truy nhp ti v s dng. My ch chy h iu hnh my ch (Windows Server, Linux, Unix) v ci cc phn mm chuyn dng dnh cho my ch. Tu thuc vo chc nng v nhim v m my ch c cc tn gi khc nhau nh my ch d liu (data server), my ch th in t (mail server), my ch ng dng (application server), My trm (client): L cc my tnh trong mng c th kt ni n cc my ch s dng cc ti nguyn m my ch chia s. My trm chy h iu hnh my trm v cc phn mm my trm.
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Phng tin truyn dn (media): L cc thnh phn chuyn dn vt l gia cc my tnh nh dy cp (cable), sng radio, Ti nguyn (resources): L cc ng dng, d liu, cc phn cng chuyn dng, c cung cp bi cc my ch trn mng cho ngi dng thng qua cc my trm (files, my in,) Card mng (network adapter): L mt thit b chuyn dng gip cc my tnh c th gi d liu ti cc my tnh thng qua phng tin truyn dn. Cc thit b kt ni nh HUB, SWITCH, ROUTER Giao thc mng (network protocol): L tp hp cc quy lut, quy nh gip cc my tnh c th giao tip vi nhau (hiu c nhau ging nh ngn ng m con ngi s dng). Topo mng (network topology): L cu trc vt l ca mng (bus, star, ring,) n c phn loi da vo loi phng tin truyn dn (media type), giao thc mng (protocol), card mng,(Trong khun kh ti ny s ch nghin cu v cc thnh phn qun l v bo mt mng, cc thit b ngoi vi hay cc phn cng v my s khng c cp n). 1.3 Cc loi mng my tnh
Mng my tnh c th c phn loi theo mt s cch khc nhau: phn loi theo phm vi (scope), theo kin trc (architecture), theo h iu hnh dng trong mng, Phn loi theo phm vi Mng ni b (LAN local area network): L mng my tnh trong cc my tnh kt ni trc tip vi nhau, trong mt phm vi a l nh (phng, to nh,). Vic gii hn ny ph thuc vo phng tin truyn dn m mng ni b s dng.
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Mng din rng (WAN wide area network): L mng c th tri trn cc phm vi a l rng ln, ni cc khu vc trong mt quc gia hoc cc v tr cc quc gia khc nhau vi nhau. Cc phng tin kt ni c th s dng nh cp quang (fiber optic cable), qua v tinh (sateline), giy in thoi (telephone line), cc kt ni dnh ring (lease line). Tuy nhin gi thnhh ca cc kt ni ny tng i cao. Mng Internet: L mt loi hnh mng c th ca mng din rng, ngy ny mng Internet tr thnh mt loi hnh mng ph bin nht. Mc ch ca mng Internet l p ng li cc kt ni ca ngi dng bt k u trn th gii, gip cc t chc, doanh nghip c th d dng qung b cc thng tin, cung cp cc dch v chia s d dng vi gi thnh hp l. Mt s loi mng khc: Mng ni (MAN metropolitan area network), Mng lu tr d liu (SAN storage area network), mng ring o (VPN virtual private network), mng khng giy (wireless network), Trong phm vi ca ti, vi mt cng ty c va v nh bao gm cc my ch qun tr s dng Windows Server 2003 v mt s my client(50100 my) ta ch xt phm vi my tnh dng Local Area Network (LAN). 1.4 H thng domain qun l mng LAN Cu trc t chc c bn ca m hnh mng Windows Server 2003 l domain. Mt domain i din cho mt ng bin qun tr. Cc my tnh, ngi dng, v cc i tng khc trong mt domain chia s mt c s d liu bo mt chung. S dng domain cho php cc nh qun tr phn chia mng thnh cc ranh gii bo mt khc nhau. Thm vo , cc nh qun tr t cc domain khc nhau c th thit lp cc m hnh bo mt ring ca h; bo mt trong mt domain l ring bit khng nh hng n cc m hnh bo mt ca cc domain khc. Ch yu domain cung cp mt phng php phn chia 8
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip mng mt cch logic theo t chc. Cc t chc ln c hn mt domain lun lun c phn chia chu trch nhim duy tr v bo mt cc ngun ring ca h. Mt domain Windows Server 2003 cng i din cho mt khng gian tn tng ng vi mt cu trc tn. Mt domain khi to, n s cung cp mt s dch v c bn cho h thng mng nh: DNS(Domain Name System): y l Dch v phn gii tn min c s dng phn gii cc tn host tun theo chun t tn FQDN thnh cc a ch IP tng ng. DHCP(Dynamic Host Configuration Protoco Giao thc cu hnh a ch ng ): y l dch v qun l v cp a ch IP cho cc my trm. Nh dch v ny a ch IP ca cc my trong cng ty tr ln d qun l hn. Windows: Cu hnh h iu hnh v qun l server c ci t cc dch v h thng Active Directory: Qun l v iu hnh hot ng ca domain controller cung cp dch v Active Directory Windows Internet Name Service(WINS):cung cp kh nng phn gii tn my tnh bng cch phn gii tn NetBIOS sang a ch IP Ngoi ra Windows Server 2003 cn cung cp rt nhiu tnh nng dng my ch h tr khc nh: my ch in n(print server), my ch File, my ch ng dng(ISS, ASP.NET), my ch th in t(POP3, MSTP), my ch u cui(Termilal ), my ch VPN, my ch WINS
2.
C s l thuyt.
xy ng mt mng my tnh s dng Microsoft Windows Server
2003 ta cn nm r v cc dch v ca n cung cp, iu ny s gip cho vic cu hnh mng tr nn d dng v khoa hc hn. Khi cc cng vic 9
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip s dng cng nh nng cp s nhanh v hiu qu hn. Mt s cng c qun tr h thng mng. 2.1 Dch v DNS Khng gian tn ni b (s dng trong h thng
Intranet Local) v khng gian tn Internet c thit k nh sau: Khng gian tn DNS ni b: Local.Vinapay.com.vn
Khng gian tn DNS Internet: Vinapay.com.vn Dch v DNS trn Windows Server 2003 l mt dch v DNS ng (Dynamic DNS). N cho php cc my trm xc thc t ng ng k bn ghi vi dch v DNS. Tt c cc ti khon my tnh s c cc bn ghi tng ng ng k trong phm vi min DNS tch hp dch v Active Directory m n trc thuc. iu ny cho php cc yu cu ni b i vi cc i tng ny c cc my ch DNS ni b phc v. Vi h thng Intranet Vinapay, d liu DNS cho mi domain con ch c nhn bn n cc DC trong domain ch khng phi ton b forest. My ch DC ti cc tnh min Bc (Hanoi.Vinapay.com.vn) hoc min Nam (HCM.Vinapay.com.vn) s nm gi domain Active Directory ca tng min ng thi cng nm gi min DNS ca chnh domain . Do cc hot ng mng 2 min l c lp do khng cn thit s dng thm mt my ch DNS trung tm kt ni 2 mng. H thng my ch DNS nh trn ni c vai tr quan trng trong hot ng ca h thng mng. Chnh bi vai tr quan trng ny m ta cn phi c chnh sch qun tr mt cch thch hp m bo cho dch v DNS lun c tnh sn sng cao, sao lu phc hi tt. Cng do tnh cht quan trng ca h thng my ch DNS m trong chnh sch qun tr i vi my ch ny, chng ta nn hn ch n mc ti thiu s ngi c php ng nhp v vn hnh thao tc trn cc my ch ny,
10
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip bi ch cn mt thao tc chnh sa sai hoc tt t ngt my ch s dn ti vic h thng Intranet khng th hot ng c. 2.2 Windows Internet Name Service (WINS) Bng vic trin khai
WINS, ngi qun tr cung cp vic phn gii tn NetBIOS cho cc client trn h thng mng Intranet. WINS thc hin mt c s d liu phn tn cho cc tn NetBIOS v cc a ch tng ng ca chng. Cc WINS client ng k tn ca chng ti mt local WINS server v WINS server s trao i cc mc vi cc WINS server khc. N m bo tnh duy nht ca tn NetBIOS. Microsoft s dng giao tip NetBIOS thit k cc thnh phn mng ca mnh v th c nhiu dch v mng v ng dng ph thuc vo NetBIOS. H thng mng c ca VINAPAY vn cn ang s dng cc h iu hnh nh Windows 98, Win NT, Microsoft Windows 2000 do cn thit trin khai WINS trn Windows Server 2003 phn gii tn NetBIOS t ng. Thm ch khi h thng Intranet ca VINAPAY nng cp tt c cc my tnh ln cc h iu hnh Windows XP1 , Windows XP2 th h thng vn yu cu phn gii tn NetBIOS cho cc ng dng ang chy trn h thng. 2.3 Dch v DHCP: Vic qun l v cp a ch IP cho cc my trm yu
cu khi lng thi gian v mt rt nhiu cng sc nu khng c dch v DHCP. Vi mng Microsoft Windows 2003, bn c th nh a ch IP ng s dng Giao thc cu hnh my ch ng Dynamic Host Configuration Protocol (DHCP) t ng cp v qun l cc a ch IP mng. Ngoi ra th dch v DHCP cn cung cp cho cc my trm cc thng tin v h thng nh subnet mask, Gateway. Nh cc my trm c th trnh c vic
11
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip xung t a ch IP; trnh c cc li c th xy ra khi thit lp th cng cc thng s lin quan TCP/IP nh nh a ch Subnet mask sai. Li ch ln nht i vi h thng Intranet VINAPAY khi trin khai dch v DHCP chnh l vic gim chi ph cho vic qun tr IP v m bo cc my trm lun nhn c a ch IP ng. qun tr dch v DHCP trn h thng mng Intranet VINAPAY cn p dng cc chnh sch qun l trn c my ch DHCP v my trm DHCP. Cc chnh sch ny c thc hin thng qua vic phn quyn qun tr v gim st cc ti khon thuc nhm qun tr DHCP. Theo chnh sch qun tr chung cho cc dch v h thng, cn hn ch s lng cc thnh vin ca nhm DHCP Administrator. Bi v cc thnh vin ca nhm ny c phn quyn cu hnh mt DHCP Server, xc nh cc la chn cu hnh DHCP, v to ra cc DHCP reservation. Bt k s thay i no ca dch v DHCP c th khin cc my trm khng th nhn c a ch IP t cc my ch DHCP. ng thi n c th to ra l hng bo mt vi h thng Intranet. Vic gim st cc thnh vin trong nhm DHCP Administrator nh l thnh vin trong nhm local administrator, cc nhm Domain Admin v cc nhm Enterprise Admin xc nh nhng ngi cn c quyn qun l cc dch v DHCP. Cc thnh vin trong cc nhm ny cho php qun l tt c cc DHCP Server trong domain. Ch : Thnh vin ca nhm DHCP Administrator khng th cp php cho mt DHCP Server trong mt Active Directory. Ch cc thnh vin ca nhm Enterprice Admin c th thc hin nhim v ny. Tuy nhin i vi cc my ch trong h thng Intranet, cn c gn a ch IP tnh m bo chng khng nhn cc thng tin cu hnh TCP/IP khng chnh xc t mt DHCP server tri php. Ngoi ra, mt s my trm c vai 12
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip tr quan trng cng nn c s dng a ch IP tnh. Vic nh a ch tnh cho cc my ch v mt s my trm s gip cho h thng Intranet VINAPAY vn hot ng khi dch v DHCP c li. 2.4 Dch v Domain controller(Active Directory )
Mi trng forest cho VINAPAY s cha mt forest n. Tn domain gc ca forest l VINAPAY.COM.VN. Mt forest n c th cha ti hng triu cc i tng khc nhau (ti khon ngi s dng, cc nhm, ti khon my tnh,..) v c thit k m bo vic qun tr d dng nht. Trn h thng Intranet VINAPAY, nhm ngi qun tr mc forest s khc nhm ngi qun tr tt c cc hot ng khc thng thng trn dch v th mc Active Directory. Chnh v th, phng php tt nht l to ra mt domain gc ca forest v cc chnh sch qun tr phi tun theo yu cu ny. Domain ny s nm gi hai vai tr FSMO mc forest l: Schema Master v Domain Naming Master. y l hai vai tr rt quan trng trong hot ng chung tng th ca dch v Active Directory trn ton h thng. Cc ti khon qun tr domain ny s rt hn ch nhm m bo tnh bo mt cng nh tnh n nh ca h thng. V vy, domain ny s nm gi cc ti khon mc ton h thng nh Enterprise Admins v Schema Admins chng hn. Cc nhm ngi qun tr cc hot ng trn Active Directory c gn cho mt hoc nhiu cc domain con. iu cho php cc nhm qun tr IT ny c th qun l cc dch v trn domain ca h mt cch c lp nhng khng th iu khin c cc thnh vin ca cc nhm Enterprise Admins v Schema Admins trong domain gc ca forest. Nh vy domain gc s nm gi tt c cc ti khon c quyn trn ton forest vi quyn hn c th thc hin thay i d liu mc forest nh: thay i schema, cu hnh site, xc thc dch v h thng, nhm qun tr h 13
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip thng VINAPAY hon ton c th kim sot c vn ny. V d: c th ci t c phn mm Exchange Server 2003 cn phi c s chp thun ca nhm qun tr cp cao nht do phn mm ny phi m rng schema ca forest trc khi ci t. Trong cc domain con, nhm qun tr domain admin s chu trch nhim qun tr ton b cc my ch Active Directory trong phm vi domain . ng thi nhng ngi qun tr cp trung ng ( nhng ngi thuc nhm Enterprise Admins) cng c quyn qun tr v gim st cc hot ng v chnh sch trn cc my ch ny.
3.
Hin trng h thng mng

Router/modem:192.168.2.1 c vai tr l gateway ca h thng My ch DCserverIP:192.168.2.2 c vai tr: DHCP server: Cp di a ch t :192.168.2.5192.168.2.100 cho client trong cng ty ng vai tr l DNS server : LangHa.Vinapay.com.vn FTP server: IP 222.252.28.10
Cu trc
Cc my client cha cng mt domain, a ch IP do modem cung cp Cha c my ch in n, my DHCP, DNS ring bit.
4.
4.1
Cc cng vic trin khai & kt qu

Cc yu cu cu trc mng mi Router/modem:192.168.2.1 c vai tr l gateway ca h thng My ch DCserverIP: 192.168.2.2 DHCP server :
14
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Cp di :192.168.2.100-192.168.2.150 cp ng cho client trong cng ty. Dnh di 192.168.2.5-192.168.2.49 cp tnh cho mt s my c nh. Modem cp tnh a ch 10.0.0.3 cho mng Lan c dy trong cng ty. Cp ng di 10.0.0.5-10.0.0.25 cho cc my Laptop truy cp vo nh access point ca cng ty. FPT Server c a ch: 222.252.28.10 Thit lp tnh a ch ca my ch DHCP, DNS, Printting server, my ch backup. Tin hnh ci t cc my ch ny. Thit lp h thng Active Directory, a cc my client vo domain. 4.2 Cng vic cn trin khai Trin khai cc cng vic theo cu trc mng mi. c bt u t vic ci t server v nng cp cc thnh phn ca server theo yu cu c ra: 4.2.1 Ci t Windows Server 2003 Cch thc ci t mt server tng t vi cch ci t cc phin bn Windows thng dng(XP1, XP2, Windows 2000). Nhng c mt s im cn lu sau: Khi ci t cn lu cc CD key dnh cho cc phin bn. Bi v mt s phn cng my cao cp thuc dng Intel Itanium h tr vic nh a ch 64 bit, trong khi hu ht cc dng cn li ch h tr vic nh a ch 32 bit. (i vi mt doanh nghip va th thng gp cc my ch h tr 32 bit)
15
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Cn ch n cc thng s, mc listensing modes trong qu trnh ci t, s lng kt ni c khai bo chnh l s lng giy php bn quyn m ta c khi s dng server.
Hnh I.4.1 Bc thm thng s khi ci t Windows Server 2003 i vi mi trng kinh doanh, v d mng doanh nghip va v ln(c th p dng vo Vinapay), ngi qun tr mng ngoi vic ci t h iu hnh cho server ng thi cn thc hin ci t rt nhiu my client khc. gii quyt vn ny c th thc hin theo nhiu phng n, Windows Server 2003 cung cp cho ta mt s gii php sau: File tr li: Mt file tr li l mt kch bn (script), n cha tt c thng tin cc ty chn trong khi ci t Windows. Nhn nh a: khi trin khai mt s lng ln cc my ging nhau ta c th s dng phng php ny. Mt nh a l mt
16
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip bn sao ca mt a cng c ci t h iu hnh. Vic chuyn nh a t mt my tnh ny sang mt my tnh khc c cu hnh phn cng tng ng cho php c th s dng ngay h iu hnh c chuyn m khng cn ci li. Khi p dng cn ch cc thng s khng th trng nhau l tn my v a ch IP ca cc my trong cng mt mng LAN. 4.2.2 Cu hnh Windows Server 2003 khi to cc cu hnh my ch m Windows Server 2003 cung cp ta c th thc hin theo cc thao tc: Vo Start > Manage Your Server >Add and Remove a role > Configure Your Server Winzard Hoc c th dng cu lnh Run > dcpromo trc tip vo ca s Configure Your Server Winzard
Hnh I.4.2 Ca s Manage Your Server 17
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip To my ch qun tr min Active Directory T ca s Configure Your Server Winzard chn Domain controller v tip tc in cc thng s tn domain. Nu l my ch gc ca domain ta chn Domain Controller for a New Domain, sau theo tin trnh cu t tn domain (Vinapay.com.vn). Tip theo l cc yu cu ng dn v cc yu cu ci thm dch v(DNS).
Hnh I.4.1.3 Ci t Active Directory Cc tin trnh ci t c tip tc cho n khi nhn c thng bo my ch tr thnh Domain Controller.
18
Hnh I.4.4 Thng cp Active Directory thnh cng Ch : cc trng trong a ch IP ca my cn phi c in y To my ch DNS Khi ci Active Directory s nhn c thng bo ci cng dch v DNS, nu ta cha tin hnh ci khi nng cp Active Directory hay mun thm chc nng ny c th tin hnh T ca s Configure Your Server Winzard chn DNS Server v tip tc in cc thng s ca my ch DNS nh cc Zone, cc di IP ca my ch DNS
19
Hnh I.4.5 Cu hnh DNS khi ci domain My ch DNS c cu hnh : bo m an ton d liu ca my ch DNS, ta cn phi a ra mt chnh sch sao lu phc hi thch hp v xuyn sut. Vic sao lu d liu quan trng trn cc my ch DNS c th c thc hin bng cch s dng tnh nng sao lu ca Windows Server 2003. C nhiu phng n sao lu phc hi m ta c th chn la nh full backup, incremental backup, differential backup hay copy backup. Khng cho php cc my trm s dng my ch DNS ngoi phm vi site ca chng. Phng php ny s lm gim thiu mt lng ln lu lng truy vn DNS c th xy ra trn ng truyn kt ni WAN. Cu hnh ny s c duy tr thng qua cc ty chn trong cc scope ca dch v DHCP.
20
Hnh I.4.6 Cu hnh my ch DNS vi cc bn ghi Host A Bng I.4.1: Cc trng trong bn ghi ti nguyn tiu chun Tn trng Owner M t tc dng Nhn din cc my DNS m cc bn ghi ti nguyn ny l s hu ca n TTL(thi gian sng) L thi gian tn ti ti a ca mt my ch m hay my trm c th lu bn ghi ny. Ta c th ty chn cho n bng mt s nguyn di ti a 32 bit (thi gian theo giy) Class nh ngha cc giao thc quen thuc c s dng. VD: IN l internet Type Nhn din cc loi bn ghi ti nguyn VD bn ghi SOA, bn ghi A Rdata Cha Rdata. L mt trng c di bin i, n th hin
21
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip cc thng tin s m t bi bn ghi ti nguyn VD: d liu ca bn ghi A l 1 chui 32 bit a ch IP ca my ch trong owner
chi tit hn v cc loi bn ghi ti nguyn ca DNS c th hin ta s xt cc loi bn ghi ti nguyn c bn c tch hp trong Windows Server 2003. y cng l cc loi bn ghi c th lin quan n trin khai DNS trong Windows Server 2000 v Windows Server 2003: Bng I.4.2 Cc kiu bn ghi trong Windows Server 2003 M t Phn loi Khi u IN 60 pht TTL Kiu bn ghi SOA Tn ch s hu, FQDNca my ch tn, s TT, khong thi gian lm vic(i tn,lm ti, ht hn, TTL min ) Trm IN Bng TTL SOA trong vng My ch tn IN Bng TTL SOA trong vng Trao i th IN Bng TTL SOA trong vng Tn quy IN Bng TTL CNAME MX Tn ch s hu v tn my ch trao i th, s th t u tin Tn b danh ca ch s NS A Tn ch s hu(DNS chnh) v Ipv4 ca my(32 bit ) Tn ch s hu v tn DNS ca my ch D liu
y quyn (internet)
22
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip chun SOA trong vng hu, tn DNS my
Hnh sau m t chi tit mt bn ghi ca DNS vi cc thng s c bn.
: Hnh I.4.7Bn ghi Name Server ca DNS To my ch DHCP T ca s Configure Your Server Winzard chn DHCP Server
23
Hnh I.4.8 Chn ci DHCP My ch DHCP c cu hnh : a ch 192.168.2.1 c dnh cho router, a ch 192.168.2.2 c dnh ring cho my ch DNS nh hnh di.
24
Hnh I.4.9 My ch DHCP vi phn gii 192.168.2.0(100-150) chnh sch qun tr cho dch v DHCP hon thin, ngi qun tr cn a ra mt chnh sch sao lu d liu DHCP ph hp. Window server 2003 a ra gii php thc hin sao lu v phc hi d liu ( Ntbackup).
25
PHN II QUN TR V DUY TR H THNG

Khi mt t chc trin khai cc Windows 2000 domain controller ca h ph hp vi nhng thit lp bo mt c ni n trong phn mt ca ti liu ny , iu cn thit l mc bo mt domain controller c duy tr hoc thm ch c nng cp. Vic mi trng c duy tr c s an ton hay khng c quyt nh phn ln bi cc th tc thao tc IT ca t chc. Phn I ca n ny gii thiu v vic trin khai Administratorsan ton cng nh xy dng v cu hnh cc domain controller. Phn II cung cp nhng xut duy tr Administratorsan ton vi cc thao tc nh thc hin kim nh mt cch nh k cc cu hnh domain controller m bo rng vic thay i tri php khng xut hin.
1. Khi nim c bn
1.1 Mt s khi nim v kin trc Administrators Cc thnh phn logic trong kin trc Administrators gm c: Cc i tng Cc domain Cc tree Cc forest ((khng xt trong n)) Cc OU 1.1.1 Cc i tng i tng thc ra l cc ti nguyn c lu tr trn Active Directory. y c coi l thnh phn c bn nht trong dch v th mc Active Directory. Cc i tng c lu tr trn Administratorstheo mt kin trc phn cp bao gm cc khoang cha cha v cc khoang cha con
26
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip vi mc ch d dng hn trong vic tm kim, truy cp v qun l chng. Kin trc ny tng t nh vic t chc file v th mc. Cc lp i tng Mt i tng l tp hp ca cc c tnh. Cc c tnh to nn mt i tng c nh ngha l mt lp i tng. Khi to mt i tng mi, n s t ng tha hng cc c tnh t lp m n trc thuc. V tt nhin chng ta c th thay i cc lp i tng cng nh cc c tnh ca chng sao cho ph hp vi cc yu cu ca t chc. AdministratorsSchema Cc lp v cc c tnh s to nn mt khi nim AdministratorsSchema. V mt c s d liu, schema l mt cu trc bao gm cc bng, cc trng v mi lin quan gia chng vi nhau. V vy Administrators Schema rt quan trng i vi hot ng ca dch v th mc. N c bo v bi danh sch iu khin truy cp ACL ch cho php cc user v cc ng dng vi quyn thch hp c thc hin cc thao tc nht nh trn . Vic thay i schema cn rt cn trng. 1.1.2 Cc domain Cu trc t chc c bn ca m hnh mng Windows Server 2003 l domain. Mt domain i din cho mt ng bin qun tr. Cc my tnh, ngi dng, v cc i tng khc trong mt domain chia s mt c s d liu bo mt chung. 1.1.3 Cc tree Cc domain khc nhau c t chc theo cu trc c phn cp gi l cy. Thm ch nu bn ch c mt domain trong t chc ca bn, bn vn c mt cy. Domain u tin to ra trong mt cy c gi l root domain. Domain c to tip theo s l domain con ca root domain . Domain c kh nng m rng thnh nhiu domain trong mt cy. Tt c cc domain trong mt cy chia s mt schema chung v mt khng gian tn k nhau. 1.1.4 Cc OU 27
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip OU cung cp mt phng php to ra mt bin qun tr trong mt domain. Ch yu, n cho php bn y nhim cc nhim v qun tr trong mt domain. OU hot ng ging nh mt container cha cc ti nguyn trong domain. Bn c th p t cc quyn qun tr trong mt OU. Mt c th chnh l cu trc OU theo mt cu trc chc nng hoc cng vic trong mt t chc. V d, trong mt t chc nh vi mt domain c th to ra cc OU ring bit tng ng vi cc phng ban trong t chc . C th lng cc OU (to cc OU bn trong mt OU). Tuy nhin, cu trc OU phc tp trong mt domain c th l mt tr ngi. Khi cu trc ca bn cng n gin, th thc thi v qun l n cng d dng. Khi thc hin lng OU ln qu 12 mc OU, bn s gp vn ng k v hiu nng 1.2 Khi nim v backup v restore Backup v Retore h thng l mt chc nng khng th thiu trong bt k h thng no. Ti liu ny nhm m t s b cng vic backup h thng ci t trn h iu hnh Windows 2003 Server. N cho php cc System Engineer a ra gii php v chnh sch backup h thng mt cch c hiu qu ln nht. C 5 kiu backup m c th s dng, n ph thuc vo s quan trng ca d liu cn backup v chnh sch m bn mun khi phc d liu nh th no. Daily:Backup nhng file thay i t daily backup cui cng. Nu mt file sa i trn cng ngy vi backup , th n s c backup. Thuc tnh lu tr ca file l khng i. Incremental: Backup nhng file thay i t normal hoc incremental backup. Nu thuc tnh lu tr c hin th th n c ngha l file va sa i ch nhng files vi thuc tnh ny c backup. Mt 28
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip file va c backup, th thuc tnh lu tr c xo v ch thit t li khi d liu c thay i ln na. Full(Normal): backup nhng file c la chn, khng quan tm n thit nh ca thuc tnh lu tr nh th no. Mt file va c backup, th thuc tnh lu tr c xo cho n khi file c thay i. Khi thuc tnh lu tr c thit nh li, th n biu th rng file cn c backup. Differential: Backup nhng file m thay i t Full backup cui cng. Nu thuc tnh lu tr c hin th, n c ngha l d liu va c thay i v file c thuc tnh tnh ny c thit t s c back up. Tuy nhin, vi trng hp backup ny thuc tnh lu tr khng b xo v vy cho php cc loai backup khc s dng cng d liu giai on sau. Copy: Backup tt c nhng file m c chn, khng quan tm thuc tnh lu tr. Thuc tnh lu tr khng thay i, v vy nhng loi backup khc c th thc hin trn d liu tng t.
2. C s l thuyt.
Mc d bo mt l mt vic quan trng cn c cn nhc i vi tt c cc thnh phn ca h thng mng trong t chc, i vi cc my ch c mc bo mt cao th bo mt l mt phn c bit quan trng. Mc high security ( bo mt cao) xut pht t yu cu bo mt cao ca cc tin trnh ang chy trn cc server. Xc nh my ch trong t chc ca bn l mt high-security server khi n: Chy mt dch v trong ng cnh ca mt ti khon service Active Directoryministrator-level c tin tng u quyn (trusted for delegation)
29
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Khi mt my ch c coi l tin tng y y quyn, th khi phc v mt yu cu ca client my ch s c kh nng a ra yu cu ti cc dch v chy trn my ch khc di ng cnh bo mt ca client. V client a ra yu cu c cc c quyn bo mt cao , nn my ch cng c th chim ly c cc c quyn bo mt cao. V th, tt c cc my ch l trusted for delegation bn trong rng c th c thit k l cc my ch bo mt cao (high-security). Trn c s nhng tiu chun ny, thm cc domain controller c th l cc server c mc bo mt cao trong mng ca bn m n s cn hot ng c bit ngy ny qua ngy khc duy tr bo v. Bo v tt c cc my ch c mc bo mt cao bng cc nguyn tc chung cho vic vn hnh my ch an ton. 2.1 Thc hin duy tr bo mt Domain Controller v Active
Directoryministrative Workstation Khi t chc ca bn thc hin cu hnh domain controller v Active Directoryministrative workstation an ton theo nhng xut trong phn I ca ti liu ny th bn bt u cc hot ng. Trong mt mi trng thc t, nhng ngi qun tr thc hin ngy ny qua ngy khc v thnh thong bo dng cc domain controller v Active Directoryministrative workstation. Cch cc nhim v ny c thc hin nh hng trc tip ti mc bo mt ca domain controller v Active Directoryministrative workstation m t chc ca bn c th duy tr. Cc chnh sch c vit ra v cc th tc s tn ti cho tt c cc hot ng duy tr domain controller, bao gm: Sao lu v khi phc cho domain controller
30
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Thay th phn cng cho domain controller v Active Directoryministrative workstation Qut virut trn Domain controller v Active Directoryministrative workstation 2.2 Thit lp chin lc sao lu v khi phc domain controller Nhng ngi qun tr lp k hoch sao lu system state trn cc domain controller khi phc khi d liu Administratorsb mt v mt domain controller b hng. Domain controller b li c th do mt li nghim trong trong dch v. Nh mt phn ca vic qun l an ton v cc hot ng khi phc, domain controller backups phi c thc hin an ton v tin cy. Sao lu trng thi h thng ( System state) trn domain controller khng ging cc dng sao lu v khi phc trn cc my ch mt s im: Khng th thc hin Incremental backup Khng phi tt c domain controller s c sao lu Sao lu t mt domain controller khng th c s dng khi phc trn mt domain controller khc Khi phc c hai dng authoritative hoc non-authoritative Cc domain controller mc bo mt cao, cn n cc thao tc c bit Do yu cu bo mt mc cao, mt chnh sch sao lu v khi phc an ton bao gm cc thao tc bo mt m khng c cn n cho vic sao lu my ch c th. Chin lc sao lu v khi phc domain controller an ton s bao gm cc thao tc chnh sau: Trnh s dng mt ti khon chung cho ton cng ty thc hin sao lu Hn ch phn cng sao lu domain controller cc chng c bo mt 31
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip K hoch sao lu domain controller thng thng v hu cc phng tin sao lu khi chng khng cn s dng Bo v cc ti khon Backup Operators Thao tc khi phc nh k cc domain controller t phng tin sao lu. Thc thi mt chnh sch sao lu v khi phc a ra xc nh domain controller no s c sao lu, ai c quyn thc hin chc nng ny, cch cc domain controller s c sao lu v cch phng tin sao lu s c s dng. 2.3 Qun l ti khon Backup Operators
Administratorscha mt nhm c sn tn l Backup Operators. Cc thnh vin ca nhm ny c coi nh nhng ngi qun tr dch v, bi v cc thnh vin ca nhm ny c quyn khi phc cc file, bao gm cc file h thng trn cc domain controller. Thnh vin ca nhm Backup Operators trong Administratorss c gii hn bao gm nhng c nhn thc hin sao lu v khi phc cc domain controller. Tt c cc my ch thnh vin cng cha mt nhm c sn c gi l Backup Operators trn mi my ch . Cc c nhn nhng ngi chu trch nhim cho vic sao lu cc ng dng trn mi my ch thnh vin s l thnh vin ca nhm Backup Operators trn my ch ch khng phi l thnh vin nhm Backup Operators trong Active Directory. Trn mt domain controller ring, bn c th gim s lng thnh vin ca nhm Backup Operators. Khi mt domain controller c s dng chy cc ng dng khc, cc c nhn chu trch nhim cho vic sao lu cc ng dng trn cc domain controller cng phi c tin cy nh ngi qun tr dch v, bi v h s c quyn cn thit khi phc file, bao gm cc h thng file trn cc domain controller. 32
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Bi mc nh, nhm Backup Operators rng. Cc thnh vin ca n c th c thay i bi cc thnh vin ca cc nhm administrators, Domain Administrators, and Enterprise Administrators. Cc quyn c lit k trong bng II.1 Bng II.1 K hiu bo mt bo v nhm Backup Operators trong Active Directory Quyn Dng Tn p dng ti Allow Administrators List Contents ReAdministratorsAll Properties Write All Properties Delete ReAdministratorsPermissions Modify Permissions Modify Owner All Validated Writes All Extended Rights Create All Child Objects Delete All Child Objects Allow Authenticated Users List Contents ReAdministratorsAll Properties ReAdministratorsPermissions Ch i tng ny Ch i tng ny
33
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Quyn Dng Tn p dng ti Allow Domain Admins List Contents ReAdministratorsAll Properties Write All Properties ReAdministratorsPermissions Modify Permissions Modify Owner All Validated Writes All Extended Rights Create All Child Objects Delete All Child Objects Allow Enterprise admins List Contents ReAdministratorsAll Properties Write All Properties ReAdministratorsPermissions Modify Permissions Modify Owner All Validated Writes All Extended Rights Create All Child Objects Delete All Child Objects Ch i tng ny Ch i tng ny
34
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Quyn Dng Tn p dng ti Allow Everyone Change Password Ch i tng ny Allow Pre List Contents c bit
Windows 2000 ReAdministratorsAll Compatible Access Allow SYSTEM Properties ReAdministratorsPermissions Full Control
Ch i tng ny
Ghi ch: cc t chuyn ngnh kh hiu s c ch thch trong ph lc
3. Hin trng h thng

Cc ti khon ca nhn vin cha c sp xp, phn quyn c th. Cc user cha u c cc quyn c bn v ngang nhau. Cha c cc mu policy no p dng hay chnh sch no s dng cho h thng Active Directory. H thng cng ty mi c xy dng do cha h c mt chnh sch Update v backup. Do m bo h thng hot ng mt cch bnh thng v an ton th mt c ch backup tt l mt i hi ti quan trng.
4. Cc cng vic trin khai & kt qu

4.3 Qun tr h thng Active Directory
35
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Ci t Windows Server 2003 trn my ch ri cu hnh n nh mt domain. Thng cp my ch thnh Domain Controler. Thit k Active Directory m bo tng tc tt nht vi cc dch v khc trn h thng Intranet nh: email, truy cp Internet, chat, SharePoint Portal. Mt h thng Active Directory c nh gi tt khi n tha mn c cc yu cu v cc dch v ng thi phi c mt chnh sch tt v ngi dng. Hnh di cho chng ta thy giao din qun tr ca Active Directory.
Hnh II.4.1Giao din iu khin ACTIVE DIRECTORY La chn m hnh h thng cho VINAPAY l mt cng vic rt quan trng. M hnh cn phi phn nh c cu trc t chc ca VINAPAY ng thi thun tin cho cng vic qun tr m khng lm nh hng n hiu sut ca dch v th mc. gii quyt vn ny, trong Active Directory, Microsoft chia cc domain thnh cc OU. Vi vic la chn OU cha cc phng ban s p bo c vn ny. Hnh sau cho chng ta thy mt OU
36
Hnh I.4.2 Mt OU trong ACTIVE DIRECTORY Tnh nng xc thc ca Active Directory s m bo c cc yu cu sau: Cho php cc nhm qun tr qun l thng tin mt cch c lp C kh nng trao quyn qun tr cho cc nhm qun tr khc nhau Cc tnh nng bo mt trong Active Directory nh GPO, kt hp vi nhng tnh nng IPSec, NAT ca h iu hnh Windows Server 2003 chng s to ra mt mi trng an ton m bo ngi s dng ch c th truy cp n cc ti nguyn vi quyn c cp pht. m bo c yu cu ny cc Active Directory s qun l theo nhiu tiu ch nh: qun l my tnh(compuer), qun l ngi dng(user), nhm ngi dng. ADMINISTRATORS p dng cc chnh sch (policy) cho cc ngi dng v tng nhm ngi dng.
37
Hnh II.4.3 Mt Group Policy C th d qun l, c cu ca Vinapay c chia nh thnh 10 nhm ti khon vi tng chnh sch ring bit. Khi c mt ngi s dng mi ta ch cn thm ngi s dng vo nhm ph hp m khng cn tm tng quyn hay cu hnh tng ngi. Chnh sch Policy mang tnh k tha, quyn ng trn c th ph nhn quyn di, mt s quyn khng b k tha ta c th kick vo la chn Block Policy inheritance. Di y l nhng tiu ch m m hnh domain cn phi m bo: Cho php cc nhm qun tr qun l thng tin mt cch c lp C kh nng trao quyn qun tr cho cc nhm qun tr khc nhau To ra mt mi trng an ton m bo ngi s dng ch c th truy cp n cc ti nguyn vi quyn c cp pht 4.2 Cu hnh backup cho domain 4.2.1 Lp bng biu Backup Job
38
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Bn phi backup cho d liu c nguy c cho cng ty ca bn v by gi bn cn chc rng d liu tip tc c backup trn mt khong thi gian c bn. Thay v thc hin backup bng tay, bn c th lp bng biu chng thc hin t ng. Lp bng biu backup m bo vic backup hin ti, n c thc hin mt thi im c bit hoc trong mt chu k thi gian hoc thc hin vi cc s kin h thng c la chn ph hp vi cc kiu lu tr d liu trong cng ty ca bn, hoc ly trung bnh cc trng thi ca thi im mng khng hot ng. Cc Phng thc Lp bng biu Backup, c th lp bng biu theo 3 cch sau: Khi ban to mt backup mi trong Windows Backup. Bng vic s dng Scheduled Jobs tab trong Windows Backup lp bng biu cho mt cng vic ang tn ti To ra mt gi cng vic vi ntbackup command, v chy n trong Windows commnAdministratorsline Cc la chn Lp bng biu Backup Bn c mt vi la chn cho php lp bng biu cho vic backup: Schedule Option One Daily Weekly Monthly Execute the Job Thc hin mt thi im c bit trn mt ngy c bit Thc hin mt thi im c bit mi ngy Thc hin mt thi im c bit trn mt ngy c bit hng tun Thc hin mt thi im c bit trong mt thng
39
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip At system starup At logon When idle Thi im ln tip theo m PC khi ng Thi im ln tip theo m user s hu backup logon Khi h thng nhn ri
4.2.2 Mt phng php xy dng backup v restore d liu (c p dng vo vinapay) Khi xy dng k hoch cho backup v recovery, bn phi hi chnh mnh bng mt s cu hi c th quyt nh c backup th no, khi no v d liu l g. Nhng cu hi bao gm: Khi no thun tin nht thc hin backup job? Backup d liu thc hin ngoi gi cao im h thng l l tng, l khi h thng s dng ti nguyn thp. Bn s l tr cc backups vng ngoi? Backup c xut rng nn backup qua phng tin truyn thng no , l mt kho lu tr bn ngoi vng d liu phng trng hp ca mt tai ho t nhin, la, r r thng tin, N cng s khuyn nn gi mt bn sao ca phn mm c yu cu install v khi phc h iu hnh, database server, backup recovery, D liu quan trong nh th no vi h thng ca bn ang dng? Phn loi theo tnh quan trng ca d liu s gip bn quyt nh d iu cn backup, n s backup nh th no v khi no c backup. D liu c nguy c (nh l d liu ti chnh, database, ) s t giai on backup v nh th s c mt lot cc backup d ra, trong khi d liu t quan trong hn s c backup hng ngy v c khi phc n gin. Khi phc d liu nhanh nh th no t backup cn thit? 40
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Nghia l a h thng c nguy c tr li lm vic bnh thng sm nh c th. Th k hoc Backup ca bn ph thuc nhiu vo thi gian m n ly ra khi phc mt h thng. V d liu s c phn loi theo giai on v dy khi phc. D liu thay i theo giai on nh th no? D liu m thay i hng ngy s c backup hng ngy. Tc m d liu ca ban thay i s phn chiu quyt nh tn xut backup backup ca h thng. D liu trn h thng ca bn bao gm nhng loi thng tin g? Phi nm c d liu ca bn gm nhng thng tin g, t bn c th xc nh nguy c, v tnh bo mt, v.v trn , xc nh s quan trng ca n. iu ny s gip bn xc nh c d liu c backup khi no v nh th no. Bn c nhng th cn thit backup khng? chc chn rng bn c phn cng tt v cc phng tin truyn thng cn thit thc hin mt backup. Chn backup trn phng tin truyn thng la mt nhn t quan trng trong vic backup v khi phc d liu. Cc backup tape l mt dng ph bin ca phng tin truyn thng, chng c th lu tr lng ln data v gi r, nhng chm hn so vi cc la chn khc. 4.2.3 Gii hn dch v sao lu v phng tin lu tr vo cc v tr an ton. Cung cp phng tin sao lu domain controller vi cng mc bo mt v mt vt l nh chnh cc domain controller. Bi v phng tin sao lu cha tt c cc thng tin trong c s d liu Active Directory, vic nh cp cc bn sao lu ny cng nguy him nh vic nh cp mt domain
41
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip controller hoc mt a t mt domain controller. K tn cng c th khi phc cc thng tin trong v truy cp vo d liu Active Directory. ngn chn cc c nhn truy cp tri php phng tin sao lu: Tho cc phng tin t cng sao lu ngay khi quy trnh sao lu hon thin. Lu cc phng tin sao lu trong mt ni an ton, ni truy cp c theo di. Lu mt bn sao lu d phng ni khc Thit lp cc quy trnh v th tc yu cu ch k ca ngi qun tr khi cc thit b sao lu d phng c mang i. Cc thit b sao lu cn lun c sn sang trng thi tt nht. 4.2.4 Phng n Backup cho VINAPAY: Backup h thng ca VinaPay th c 2 la chn theo m hnh sau:
Hnh II.4.6 Hai cch backup ngh cho m hnh cng ty vinapay
42
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip II.1 M hnh 1 Day Sunday 12.00 PM M t Full backup (normal): Backup ton b d liu trn file v fodler hin ti. Incremental: ch backup cc file v folder c thay i trn t normal backup cui cng. Incremental: ch backup cc file v folder c thay i trn t normal backup cui cng. Incremental: ch backup cc file v folder c thay i trn t normal backup cui cng. Incremental: ch backup cc file v folder c thay i trn t normal backup cui cng. Incremental: ch backup cc file v folder c thay i trn t normal backup cui cng. Incremental: ch backup cc file v folder c thay i trn t normal backup cui cng.
Monday 12.00 PM
Tuesday 12.00 PM
Wednesday 12.00PM
Thursday 12.00 PM
Friday 12.00 PM
Saturday 12.00 PM
II.2 M hnh 2 Day Sunday 12.00 PM M t Full backup (normal): Backup ton b d liu trn file v fodler hin ti. Incremental: ch backup cc file v folder c thay i trn t normal backup cui cng. Incremental: ch backup cc file v folder c
Monday 12.00 PM Tuesday 12.00 PM
43
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip thay i trn t normal backup cui cng. Wednesday 12.00 PM Thursday 12.00 PM Full backup (normal): Backup ton b d liu trn file v fodler hin ti. Incremental: ch backup cc file v folder c thay i trn t normal backup cui cng. Incremental: ch backup cc file v folder c thay i trn t normal backup cui cng. Incremental: ch backup cc file v folder c thay i trn t normal backup cui cng.
Friday 12.00 PM
Saturday 12.00 PM
4.2.5 Qun l vng i ca phn cng domain controller Mt t chc c th nh k b hoc thc hin ti s dng mt s lng ng k cc my ch, my trm v thit b sao lu. Cc domain controller, cc Active Directoryministrative workstation v thit b sao lu domain controller cha cc thng tin nhy cm cn c bo v. bo v cc thng tin nhy cm ny khi thit b c ti s dng, bn s c mt chnh sch xc nh cch thc hin trong qu trnh ti s dng cc domain controller, cc Active Directoryministrative workstation, v cc thit b sao lu i km.
44
PHN III: NNG CP H THNG MNG CA CNG TY VI ISA SERVER 2004.

Trong chng ny chng ta s tm hiu bin php bo mt cho h thng mng ca cng ty s dng tng la ISA 2004. Bng cch tm hiu v ISA cng nh tc dng ca cc m hnh c bn ca n(c cung cp bi cc template c sn trong phn tr gip) ta c th tm ra mt cch cu hnh ph hp mng ca mnh.
1.
Khi nim c bn
ISA Server 2004 c thit k bo v mng,chng cc xm nhp
t bn ngoi ln kim sot cc truy cp t bn trong ca mt mng ni b ca mt t chc.ISA Server 2004 firewall lm iu ny thong qua c ch iu khin nhng c php qua firewall v nhng g b chn li. ISA Server 2004 firewall cha nhiu tnh nng m cc Security Active Directorymin c th dung cho vic m bo an ton cho vic truy cp Internet, v cng m bo an ninh cho cc ti nguyn trong mng ni b. Cc Network Services v nhng tnh nng trn ISA Server 2004 s c ci t v cu hnh gm: Ci t v cu hnh Microsoft Certificate Services (dch v cung cp cc chng th k thut s phc v nhn dng an ton khi giao dch trn mng). Ci t v cu hnh Microsoft Internet Authentication Services(RACTIVE DIRECTORYIUS) dch v xc thc an ton cho cc truy cp t xa thong qua cc remote connections(Dial-up hoc VPN). Ci t v cu hnh Microsoft DHCP Services (dch v cung cp cch xc lp TCP/IP cho cc node trn mng) v WINS Services (dch v
45
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip cung cp gii php truy vn NETBIOS name ca cc Computer trn mng) . Cu hnh cc WPADMINISTRATORSentries trong DNS h tr chc nng autodiscovery(t ng khm ph) v autoconfiguration(t ng cu hnh) cho Web Proxy v Firewall clients.Rt thun li cho cc ISA Clientsents(Web v Firewall Clients) trong mt t chc khi h phi mang Computer t 1 Network (c mt ISA SERVER) n Network khc (c ISA SERVER khc) m vn t ng pht hinh v lm vic c vi Web Proxy Services v Firewall Service trn ISA SERVER ny. Ci t Microsoft DNS server trn Perimeter network server (Network cha cc Server cung cp trc tuyn cho cc Clients bn ngoi, nm sau Firewall, nhng cng tch bit vi LAN). Ci t ISA Server 2004 firewall software. Back up v phc hi thong tin cu hng ca ISA Server 2004 firewall. Dng cc m hnh mu ca ISA Server 2004( Network Templates) cu hnh Firewall. Cu hnh cc loi ISA Server 2004 clients. To cc chnh sch truy cp (Access Policy) trn ISA Server 2004 firewall. Publish Web Server trn mt Perimeter network. Dng ISA Server 2004 firewall ng vai tr 1 Spam filtering SMTP relay(trm trung chuyn e-mails. C chc nng ngn chn Spam mails). Publish Microsoft Exchange Server services (h thng Mail v lm vic cng tc ca Microsoft, tng t Lotus Notes ca IBM). Ci t ISA Server 2004 trn Windows Server 2003 46 ISA Server 2004
2.
C s l thuyt 2.1 Cc Network Templates (m hnh mu cc thng s cu hnh

mng)
ISA Server 2004 firewall vi s h tr thng qua cc Templates, chng ta c th cu hnh t ng cc thng s cho Networks, Network Rules v Access Rules. Network Templates c thit k gip chng ta nhanh chng to ra c 1 cu hnh nn tng cho nhng g m chng ta c th s xy dngCc Templates bao gm 2.1.1 Edge Firewall Network Templates dnh cho Edge Firewall, c s dng khi ISA Server 2004 firewall c 1 network interface c trc tip kt ni n Internet v 1 Network interface c kt ni vi Internal network.
Hnh III.1 M hnh Edge Firewall 2.1.2 3-Leg Perimeter Network Templates dnh cho 3-Leg Perimeter c s dng vi Firewall gn 3 Network interface. Mt External interface (kt ni Internet), 1 Internal
47
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip interface (kt ni mng n b) v 1 DMZ interface ( kt ni n Mng vnh ai-Perimeter Network).Template ny, cu hnh cc a ch v mi quan h gia cc Networks ny vi nhau.
Hnh III.2 M hnh 3-leg perimeter 2.1.3 Front Firewall Dng Front firewall Template khi ISA Server 2004 firewall ng vai tr 1 frontend firewall trong m hnh back-to-back firewall. y l m hnh kt ni 2 Firewall c th l Internet, gia Front v back firewall c th l DMZ network, v pha sau back firewall l Internal network. Template ny dnh cho Front Firewall
48
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Hnh III.3 M hnh Front Firewall
2.1.4 Back Firewall c s dng cho 1 ISA Server 2004 firewall nm sau 1 ISA Server 2004 firewall khc pha trc n (hoc 1 third-party firewall no ). Single Network Active Directoryapter: Template dng Single Network Active Directoryapter -L 1 cu hnh kh c bit, p dng dng template ny trn ISA Server 2004 c ngha l loi lun chc nng Firewall ca n. c dng trong nhng trng hp ISA Server 2004 ch c duy nht 1 Network Card ( unihomed), ng vai tr l h thng lu gi cache- Web caching server. 2.2 Cc cu hnh network template
Trong n ta ch xt n cch cu hnh ca 2 dng Firewall thng gp v n gin l Edge Firewall v 3-Leg perimeter 2.2.1 Cu hnh cho Edge Firewall: Template cho Edge Firewall s cu hnh cho ISA Server 2004 firewall c 1 network interface gn trc tip Internet v 1 Network interface th 2 kt ni vi Internal network. Network template ny cho php Active Directorymin nhanh chng p dng cc nguyn tc truy cp thng qua chnh sch ca Firewall (Firewall policy Access control) gia Internal network v Internet. Bng sau s cho ta thy cc chnh sch ca Firewall (firewall policies) sn sang khi s dng Edge Firewall Template. Mi chnh snh trong Firewall policies cha sn cc xc lp v nhng nguyn tc truy cp.T xc lp tt c cc hot ng u c cho php ( All Open Access Policy) gia Internal network v Internet cho n xc lp ngn chn tt c ( Block All policy) hot ng gia Internal network v Internet.
49
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Nhng la chn v chnh sch ca Firewall khi dng Network Active Directoryge Firewall Template: Bng III.1 Chnh sch Edge Firewall
Firewall Policy Block all
M t Ngn chn tt c truy cp qua ISA server La chn ny khng to bt k nguyn tc cho php truy cp no ngoi ngn chn tt c cc truy cp
Block Internet Access, allow access to ISP Network services
Ngn chn tt c cc truy cp qua ISA Server 2004 , ngoi tr cc truy cp n cc Network services nh DNS service. La chn ny s c dng khi cc ISP cung cp nhng dch v ny. Dng la chn ny xc nh chnh sch Firewall ca bn, v d nh sau: Allow DNS from Internal Network and Client Network to External Network (internet)-Cho php Internal Network v VPN clients Network cho php cc truy cp dng HTTP, HTTPS,FTP t Internal Network truy cp ra ngoi. Allow all protocol From VPN clients Network to Internal Network cho php cc giao thc t VPN clients Network (bn ngoi ) vo trong mng ni b.
Allow limited web access to ISP Network
Cho php truy cp web c gii hn dng HTTP, HTTPS v FTP v cho php truy cp ti ISP
50
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Services Network services nh DNS. Cn li ngn chn tt c cc Network khc. Cc nguyn tc truy cp sau s c to: Allow Http, Https, Ftp from Internal Network and VPN Client Network to External Network (Internet)- cho php HTTP, HTTPS, FTP t Internal Network v VPN Client Network ra External Network (internet) Allow DNS from Internal Network and VPN Client Network to External Network (internet)cho php Internal Network truy cp dch v DNS gii quyt cc hostnames bn ngoi(internet) Allow all protocols from VPN Clients Network to Internal Network Cho php ttc c cc giao thc t VPN Client Network (bn ngoi VPN Client thc hin kt ni vo mng ni thng qua Internet), c truy cp vo bn trong mng ni b. Allow unrestricted access Cho phptruy cp khng gii hn ra internet qua ISA Server Cc nguyn tc truy cp sau s c to ra: Allow all protocols from Internal Network and VPN Client Network to External Network Cho php dng tt c cc giao thc t Internal Network v VPN Client Network ti External Network (mng ngoi)
51
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Allow all protocols from VPN Client to Internal Network to Internal Network Cho php tt c cc giao thc VPN Client Network truy cp vo Internal Network.
2.2.2 Cu hnh 3-Leg Perimeter Cu hnh Firewall theo template dng 3-Leg Perimeter s to ra cc mi quan h gia cc Network : Internal, DMZ v Internet. V tng ng Firewall cng to ra cc Access Rules h tr cho Internal network segment v perimeter (DMZ) network segment. Perimeter network Segment DMZ l khu vc c th qun l cc ngun ti nguyn cho php ngi dng Internet truy cp vo nh : public DNS server hoc 1 caching-only DNS server. Nhng chn la ti 3-Leg Perimeter Firewall Template Firewall Policy Bng III.2 Firewall Policy Block all Chnh sch 3-Leg Perimeter M t Ngn chn tt c truy cp qua ISA server La chn ny khng to bt k Rules no khc ngoi Dault Rules ngn chn tt c cc truy cp Block Internet Access, Ngn chn tt c cc truy cp qua ISA Server
allow access to Network 2004 , ngoi tr cc truy cp n cc Network services on the Perimeter Network services nh DNS service. Cc Access rules sau s c to: Allow DNS traffic from Internal Network andClient Network to Perimeter Network)-Cho phptruy nhp DNS t Internal Network v VPN
52
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip clients Network n Perimeter Network . Allow all protocol From VPN clients Network to Internal Network cho php cc giao thc t VPN clients Network (bn ngoi ) vo trong mng ni b. Block Internal access, allow access to ISP Network Services Ngn chn tt c cc truy cp mng qua Firewall ngoi tr cc Network services nh DNS. La chn ny ph hp khi nh cung cp dch v mng c bn l Internet services Provider(ISP). Rules sau s c to: Allow DNS from Internal Network , VPN Client Network to External Network Cho php DNS t Internal Network , VPN Client Network v Perimeter Network n External Network Allow limited web access, allow to access to Network services on Perimeter Network Cho php truy cp web c gii hn dng HTTP, HTTPS v FTP v cho php truy cp ti Network services nh DNS trn DMZ. Cn li ngn chn tt c cc Network khc. Cc nguyn tc truy cp sau s c to: Allow Http, Https, Ftp from Internal Network andVPN Client Network to Perimeter Network and External Network (Internet)- cho php HTTP, HTTPS, FTP t Internal Network v VPN Client Network ra Perimeter Network v External Network (internet) Allow DNS traffic from Internal Network and
53
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip VPN Network to Perimeter Network Allow all protocols from VPN Clients Network toInternal Network Cho php ttc c cc giao tht VPN Client Network (bn ngoi VPN Clientthc hin kt ni vo mng ni thng qua Internet), c truy cp vo bn trong mng ni b. Allow limited web access to ISP Network services Cc Network services nh DNS l do ISP ca ta to ra. Tt c cc truy nhp mng khc u b xa. Cc nguyn tc truy cp sau s c to ra: Allow Http, Https, FTP from Internal Network and VPN Client Network to External Network allow all protocols from VPN Clients Network to Internal Network. Allow unrestricted access Cho php tt c cc loi truy cp ra internet qua Firewall. Firewall s chn cc truy cp t Internet vo cc Network c bo v t chnh sch cho php tt c nyu c th ngn chn bt mt s truy cp khng ph hp vi chnh sch bo mt ca cng ty. Cc Rules sau s c to: Allow all protocol from Internal Network and VPN Client Network to External Network and Perimeter Network Allow all protocols from VPN Client to Internal 2.3 Cu hnh ISA Server 2004 SecureNat, FireWall v Web Proxy
Clients 54
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Mt ISA Server 2004 client l mt my tnh kt ni n cc ngun ti nguyn khc thng qua mt ISA Server 2004 firewall. Nhn chung, cc ISA Server 2004 client thng c t trong mt s Internal hay perimeter network _DMZ v kt ni ra Internet qua ISA Server 2004 Firewall. Tn ti 3 loi ISA Server 2004 client: SecureNAT client Web Proxy Client Firewall Client SecureNat Client l my tnh c cu hnh vi thng s chnh Default gateway gip nh tuyn ra Internet thong qua ISA Server 2004 firewall. Nu SecureNat Client nm trn mng trc tip kt ni n ISA Server 2004 firewall, thong s default gateway ca SecureNat Client chnh l IP Active Directorydress ca network card trn ISA Server 2004 firewall gn vi Network . Nu SecureNat Client nm trn mt Network xa ISA Server 2004 firewall, khi SecureNat Client s cu hnh thong s default gateway l IP Active Directorydress ca router gn n nht. Router ny s nh tuyn thong tin t SecureNat Client n ISA Server 2004 firewall ra internet Mt Web Proxy Client l my c trnh duyt Internet (nh Internet EZplorer ) c cu hnh dung ISA Server 2004 firewall nh mt Web Proxy server ca n web browser c th cu hnh s dng IP Active Directorydress ca ISA Server 2004 firewall lm web broser ca n cu hnh th cng, hoc cu hnh t ng thng qua cc Web Proxy Autoconfiguration script ca ISA Server 2004 firewall. Cc Autoconfiguration script ny cung cp mc ty bin cao trong vic iu khin lm th no Web Proxy Client c th kt ni ra internet. Tn ca User c ghi nhn trong cc Web Proxy Logs khi my tnh c cu hnh theo Web Proxy Client . 55
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Firewall Client l my tnh ci Firewall Client software. Firewall Client software chn tt c cc yu cu thuc dng winsock application (thng l cc ng dng trn TCP v UDP) v y cc yu cu ny n Firewall service trn ISA Server 2004 firewall. User name t ng c a vo firewall service log khi my tnh Firewall Client c thc hin kt ni internet thng qua ISA Server 2004 firewall. Bng III.3 Tnh nng ISA Server 2004 Client. Feature SecureNat Client Firewall Client Web Proxy Client Cn ci t Khng yu cu, cn xc lp cc thng s default gateway Cn ci t phn mm Firewall Client software Khng yu cu, ch cn cu hnh cc thng s ph hp ti trnh duyt web H tr cc h iu hnh Tt c cc h iu hnh h tr TCP/IP H tr giao thc Nh c b lc ng dng Application filters c th h tr cc ng dng chy kt hp nhiu Protocolsmulticonnection protocol Tt c cc ng dng winsock application. C ngha l hu ht cc ng dng trn internet hin nay Ch h tr Windows H iu hnh c h tr Web Application HTTP, Secure HTTP(HTTPS) v FTP
56
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip H tr xc thc ngi dung, kim sot user truy cp ra ngoi Ch h tr cho VPN client C h tr C h tr
Nh vy ta bit n cc ISA Server 2004 client khc nhau v cc tnh nng ring ca cc loi. Tip theo chng ta s tm hiu thm cc th tc to hoc chnh sa c quy tc trn chnh sch truy cp ra ngoi internet outbound access policy rules thng qua cc Network Template. 2.4 Cu hnh cc chnh sch truy cp trn ISA Server ISA Server
2004 Access Policy ISA Server 2004 firewall iu khin cc ng truyn i gia cc Networks c kt ni vi nhau qua firewall. Theo mc nh, ISA Server 2004 firewall s ngn chn tt c cc lu thng. Cc phng thc c s dng cho php lu thng ny l: Access Rules- Cc quy tc truy cp Publishing Rules Cc quy tc xut bn Access rules iu khin cc truy cp ra ngoi t mt Network c bo v nm trong n mt Network khc khng c bo v nm ngoi. ISA Server 2004 quan tm n tt c Networks khng nmg ngoi External. Cn tt c cc Network c xc nh l external Network th khng c bo v. Cc Network c bo v bao gm: VPN client Network, Quarantined VPN Client Network mng VPN cch ly, Local Host Network DMZ, mng vnh ai, cha cc server phc v cho cc Internet User. ISA s bo v internal client khi truy cp vo cc mng ngoi. Ngc vi access rules iu khin cc truy cp ra th Public Rusles li dnh cho php cc Hosts nmg mng ngoi Externel Network truy cp vo 57
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip cc ti nguyn ang c mng bo v. V d cc server nh web, mail, FTP server. Web and server public rules c th cho php External hosts truy cp vo cc ti nguyn ny. nhng phn trc ta dng cc Network Template t ng to ra cc mi lin h gia cc Network v cc access rules. Quan h c th thc hin khi Access rules cho php truy cp n tt c cc side v protocol ra internet trong khi trn ISA Server 2004 firewall l gii hn cc user c truy cp trn internet. Bng III.4.1 Mt Access rules bao gm cc yu t sau: Rules Element Th t ( u tin)order M t Firewall Access Policy l mt danh sc cc Access Rules c x l theo th t t trn xung n khi gp 1 iu kin c th c quy nh, khi s p dng theo quy nh y Quyt nh Acction Ch c 2 loi quyt nh c a ra l Allowcho php hoc Deny t chi Protocol Protocol bao gm tt c cc TCP/IP protocol, TCP, UDP, ICMP, tt c cc giao thc c cn c trn IP protocol number, Firewall h tr tt c TCP/IP Protocols Ngun From/listener Ngun giao tip c th t 1 IP Active Directorydress, mt dy IP Active Directorydress, mt subnet, hay nhiu subnet ch, To ch n giao tip c th thuc 1 domain, tp hp cc domain, mt URL hay mt tp cc URL, mt IP hay mt tp c IP, mt subnet hay
58
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip tp cc subnet, hoc tp cc Network iu kin Condition iu kin a ra l cn c vo user hoc group no s c rule p dng
Access Rules gip tm c phng thc iu khin truy cp kh n gin nhng li rt hiu qu, n thc hin ch yu trn User no, c php truy nhp n website no, v s dng protocols no cho cng vic giao tip . V d: Rules Element Order(priority) Action Protocols From To Condition Gi tr 1 Allow HTTP & FTP Internal Network FTP.com Limited web access(Group) c th s dng c cc Access rules iu khin ngi dng hay cc nhm ngi dng trong vic truy cp ra ngoi outbound access chng ta cn cu hnh cc my client tr thnh Firewall Client hoc Web Proxy Client. Ch c client thuc mt trong 2 loi th mi c th c Firewall xc thc da trn User. Nu s dng SecureNat Client thng tin v nhm ngi dng s khng c xc thc, c ngha l ISA Server Firewall s khng tm c i tng cn hn ch. Vic iu khin vic truy cp cng c th thc hin da trn IP ngun.
59
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Nh vy ta thy ISA Server 2004 c th to ra cc Access rules iu khin vic truy cp n mt s website v vic s dng giao thc no thc hin cng vic ny.
3.
Hin trng h thng
H thng hin ti cha c chnh sch bo mt qua Firewall. Cc my client tip xc trc tip vi mng internet qua modem nn nguy c b tn cng cao. Cha ngn chn c vic ti file v vo cc trang web, a ch, lung thng tin khng cho php. Cc lung d liu trong cng ty cha c phn cha.
4.
4.1
Cc cng vic trin khai & kt qu

La chn h thng Firewall(Proxy) ISA 2004 Linux IPcop
S dng 1 trong 2 cch:
Vi ISA u im: Qun l mnh v cc giao thc :http,pop3,https,smtp Chn web v ti file hiu qu :*.bat,*.exe v ngn chn website mong mun p dng cc chnh sch Access Rule Policy From.. To cho cc client :kim sot c cc kt ni t trong ra ngai v t ngai vo trong hiu qu . Nhiu tnh nng mnh khc C th tch hp thm cc phn mm security khc : Surfcontrol : ngn chn trang web xu Nhc im:
60
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Cu hnh ci t cao, ci t tng i phc tp.. Gi thnh cao Vi Ipcop u im: Gi thnh thp Ci t n gin Yu cu cu hnh thp Nhc im Kh tng thch vi phn mm khc. m bo an ton km. Do nhng u, nhc im nh vy nn ngh chn gii php s dng ISA Server 2004. 4.2 Ci t ISA Server 2004 trn Windows Server 2003 Khng qu phc tp (phn phc tp nm phn cu hnh cc thng s).Ch c mt vi yu cu cn xc nhn ti qu trnh ny.Phn cu hnh quan trng nht trong sut qu trnh ci t l xc nh chnh xc vng a ch IP ni b-Internal network IP Active Directorydress range(s).Khng ging nh ISA Server 2000, ISA Server 2004 khng s dng bng Local Active Directorydress Table (LAT) xc nh u l Mng ng tin cy (trusted Networks), v u l mng khng c tin cy (untrusted Networks) .Thay vo , ISA Server 2004 firewall cc IP ni b c xc nhn bn di Internal Network. Internal Network nhm xc nh khu vc c cc Network Servers v cc Services quan trng nh :Administratorsdomain controllers, DNS, WINS, RACTIVE DIRECTORYIUS, DHCP, cc trm qun l Firewall,ectTt c cc giao tip gia Internal network v ISA Server 2004 firewall c iu khin bi cc chnh sch ca Firewall (firewalls System Policy). System 61
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Policy l 1 tp hp cc nguyn tc truy cp c xc nh trc (pre-defined Access Rules), nhm xc nh loi thng tin no c cho php vo (inbound), ra (outbound) qua Firewall, ngay sau khi Firewall ny c ci t. System Policy c th cu hnh, cho php cc Security Active Directorymin, tht cht hoc ni lng t cc Access Rules mc nh ca System Policy 4.3 M hnh cu hnh ISA vo mng cng ty
Di y trnh by cc s chnh sch Firewall c p dng vo cng ty vinapay.
Hnh III.4 Rule 1 Cho php kt ni t mng Lan ra Internet.
62
63
Hnh III.5
Cho php kt ni t Firewall ra internet
Hnh III.6
Ngn chn truy nhp vo site
64
Hnh III.7 Rule ngn vic downloAdministrators1 File
65
Hnh III.8
Cho php truy nhp FTP server
4.3
Sao lu d phng Qu trnh cu hnh nng cp ISA v sau b li ,khng chnh xc v n nh Vic xy dng h thng ISA i hi mt nhiu thi gian cu hnh cc chnh sch ca user. S c v phn cng S ph hoi ca hacker v k xu khi xm nhp vo Firewall ph hoi
L do cn sao lu :
K hoch xy dng h thng d phng Cc phng n d phng Trng hp 1 Li do cu hnh nng cp sai khin ISA khng n nh 66
Trin khai, qun tr, duy tr & nng cp h thng mng doanh nghip Do hacker tn cng vo Firewall ,lm sai lch cu hnh h thng Cch khc phc S dng tin ch backup vi lch sao lu nh sau: Time Monday Tuesday Wednesday Thursday Friday Saturday Sunday Type of Backup Daily (17:59) Daily (17:59) Daily (17:59) Daily (17:59) Daily (17:59) Daily (17:59) Normal (23:59) Object Backup C drive v System State C drive v System State C drive v System State C drive v System State C drive v System State C drive v System State C drive v System State
Backup cu hnh chnh sch ca ISA bng cch s dng tin ch ca ISA: m bo nhanh chng hi phc cc cu hnh trong chnh sch truy cp ngi dng trong ISA ta c th backup trng thi h thng : Backup : Sao lu trng thi hot ng ca ISA 2004 ra file *.xml Export :xut cc cc cu hnh ca ISA,chnh sch qun l truy cp ra file *.xml Trng hp 2: Hng cng Cm thm 1 cng chy ch RAID 1 Mirroring m bo h thng lm vic n nh k b ngt qung do li cng Trng hp 3: hng ton b ISA server Ta thit lp thm 1 my ch ISA tng t d phng. Khi b hng hoc li ta c th thay th cm sang my mi khc phc s c
67
KT LUN
1. Nhng vn t c: Theo yu cu ban u ca ti l Trin khai, qun tr, duy tr, nng cp h thng mng doanh nghip th cho n thi im hin ti t c nhng ni dung: Kho st v a ra c cu hnh mt mng Lan s b cho doanh nghip phc v cho vic trin khai mng. a ra cch thc mt ADMINISTRATORSqun l cc ti nguyn ca n(compter, user, cc OU..) Phn tch v a ra lch trnh backup d liu cho domain v d liu cho tng my client ca cng ty. Tm hiu v cu hnh c h thng tng la ISA cho doanh nghip. 2. Hng pht trin ca ti M rng mng Lan vi nhiu my client v server. M rng v a ra mt s cu hnh c th qun l cc ti nguyn mng hiu qu hn. Nghin cu chin lc backup v restore s dng phn mm ca hng th 3 c cc hiu qu cao hn. Tm hiu cc m hnh tng la v cc nh cung cp khc m hnh mng tr ln d s dng.
68
PH LC 1
Ti liu tham kho: Microsoft Exchange Server 2003 Active Directoryministrators Companion (Microsoft Press, 2003) MCDST Self-Paced Training Kit (Exam 70-272): Supporting Users and Troubleshooting Desktop Applications on a Microsoft Windows XP Operating System (Microsoft Press, 2004) MCSE Self-Paced Training Kit (Exam 70-297): Designing a Microsoft Windows Server 2003 Administratorsand NetworkInfrastructure (Microsoft Press, 2003) Ti liu CCNA. Ti liu mng my tnh. Mt s ti liu khc trn Internet.
69
PH LC 2
Cc t chuyn ngnh s dng trong ti:
List Contents: danh sch trng thi (c th xem trng thi cc user) ReAdministratorsAll Properties: quyn c th sa cc thng tin thuc tnh admin () Write All Properties: Vit c tt c cc thuc tnh(bao gm to v sa) Delete: Xa (k cc admin) ReAdministratorsPermissions: quyn thay i quyn cc account administrator Modify Permissions: Chnh sa cc quyn Modify Owner: T thay i quyn All Validated Writes: Xc thc tt c cc quyn c. All Extended Rights: Create All Child Objects: to cc i tng con(cc thuc tnh con) Delete All Child Objects: xa cc i tng con.
70

Trien Khai Quan Tri Duy Tri Va Nang Cap He Thong Mang Doanh Nghiep 8381 20120828084852 617

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Trien Khai Quan Tri Duy Tri Va Nang Cap He Thong Mang Doanh Nghiep 8381 20120828084852 617

Uploaded by

Copyright:

Available Formats

ti: "Trin

khai, qun tr, duy tr v nng cp h thng mng doanh nghip"

Em xin chn thnh cm n!

CHNG I TRIN KHAI H THNG MNG

Hin trng h thng mng

Cc cng vic trin khai & kt qu

Hnh I.4.2 Ca s Manage Your Server 17

Hnh sau m t chi tit mt bn ghi ca DNS vi cc thng s c bn.

PHN II QUN TR V DUY TR H THNG

Ghi ch: cc t chuyn ngnh kh hiu s c ch thch trong ph lc

3. Hin trng h thng

4. Cc cng vic trin khai & kt qu

Monday 12.00 PM Tuesday 12.00 PM

PHN III: NNG CP H THNG MNG CA CNG TY VI ISA SERVER 2004.

C s l thuyt 2.1 Cc Network Templates (m hnh mu cc thng s cu hnh

Firewall Policy Block all

Block Internet Access, allow access to ISP Network services

Allow limited web access to ISP Network

Hin trng h thng

Cc cng vic trin khai & kt qu

S dng 1 trong 2 cch:

Di y trnh by cc s chnh sch Firewall c p dng vo cng ty vinapay.

Hnh III.4 Rule 1 Cho php kt ni t mng Lan ra Internet.

Cho php kt ni t Firewall ra internet

Ngn chn truy nhp vo site

Hnh III.7 Rule ngn vic downloAdministrators1 File

Cho php truy nhp FTP server

You might also like