Professional Documents
Culture Documents
M U
Sau hn 30 nm ra i v khng ngng pht trin, mng Internet mang nhng c im
ni tri m trong chng ta khng ai c th ph nhn, t kh nng lin kt mnh m n
ngun thng tin di do cng nh vn thi gian v tc x l thng tin. Nhng song
song vi nhng u im th mng Internet li cha ng trong n nhng him ha
khn lng.
Hy tng tng mt ngy p tri no , nhng thng tin mt m chng ta c cng
ct giu li b phi by ra trc tt c mi ngi, n b nh cp m ngay chnh bn thn
chng ta cng khng bit l n b ly i! Thng tin mt ca mt con ngi quan
trng, nhng nu n l thng tin mt ca mt cng ty, mt t chc hay cao hn l ca
quc gia? iu g s xy ra khi n b nh cp?
Trong h thng mng Workgroup, thng tin khng c qun l tp trung dn n rt
nhiu bt cp trong vn qun l cng nh kh nng bo ton d liu. V vy trong mt
cng ty nu s dng mng ny chia s thng tin s v cng nguy him, s dng h
thng mng c qun l theo m hnh Domain l iu tt yu. Mt cng ty vn cha
ng rt nhiu thng tin v trong c nhng thng tin mang tnh chin lc cho s pht
trin ca cng ty, vn qun l v bo mt thng tin c t ln hng u. c th
to dng mt h thng thng tin ni b, d dng cho nhn vin s dng, thun tin cho
cng vic qun l cng nh vic trao i thng tin th vic xy dng h thng File Server
l rt cn thit. T thng tin c qun l tp trung v s dng chin lc Backup
Restore hp l trnh tnh trng thng tin b tht thot!
Da trn tnh hnh thc t, nhm chng ti nghin cu v pht trin d n Kho st ,
thit k v trin khai h thng mng cho doanh nghip vi tnh n nh v bo mt cao
tp trung khai khc cc u im ca File Server .
Chng ti tin tng rng, vi n ny, chng ti c th gip cc cng ty qun l, s
dng v bo mt tt thng tin cng ty tn dng tt cng ngh v ph hp vi ngun ti
chnh ca mt cng ty va v nh ang trn pht trin.
Trang 1
Thc Tp Tt Nghip
Xy dng h thng File Server v chin lc sao lu phc hi d liu cho user trong
h thng mng ca Cty vi cc yu cu sau:
Mi Nhn vin u c quyn tng ng trn File Server
H thng File Server cha ti nguyn phi c chia s
Mi Nhn vin khi logon vo h thng s c 2 a mng (dng chung v dng
ring).
Mi Nhn vin khi lm vic d liu phi c lu trn File Server,Khng cho
php nhn vin lu tr d liu trn my local.
Xy dng chin lc sao lu v phc hi d liu cho h thng File Server
Gi thnh h thng hp l, khng vt qu 500 triu ng cho c h thng
Trang 2
Thc Tp Tt Nghip
Ni dung chuyn mn cn c :
WSUS
Remote Assistant : dng h tr support t xa khi ngi qun tr t internet
remote v cng ty.
Group policy: account, local, software restriction.
File server: Sharing & NTFS permission, backup & restore.
User & Group: home folder, script (log in).
DHCP.
DNS.
Printer server: ngoi cc cu hnh c bn c thm phn c th s dng printer qua
internet.
RAID
Web, FTP c publish(NAT) ra internet dng RRAS.
Deploy antivirus.
Trang 3
Thc Tp Tt Nghip
Trang 4
Thc Tp Tt Nghip
Trang 5
Thc Tp Tt Nghip
Yu cu
S lng
Server
Server
Modem ADSL
Switch
8 port
Printer
LaserJet
Cable
RJ45-ADC
450 m
Trang 6
Thc Tp Tt Nghip
RRAS, Antivirus: lm chc nng router (Lan-Routing, VPN, NAT), qun l vic
qut virus cho cc antivirus client trn my nhn vin v cp nht cc bn dit virus
mi t internet.
3. Chi ph :
( Gi thnh ti thi im thng 12/2011)
Thit b
Yu cu
S lng
Gi thnh
Tng cng
Server
Server
890 $
4450 $
32 $
32 $
Modem ADSL
Switch
8 port
15 $
30 $
Printer
LaserJet in mng
382 $
1528 $
Cable
RJ45-ADC
450m
85$ /thng
135 $
Tng chi ph linh kin: 5793$ (cha bao gm cc chi ph pht sinh v bn quyn phn
mm)
Tng ng: 121.653.000 ng (t gi USD: 21.000 thng 12/2011)
Trang 7
Thc Tp Tt Nghip
4. ng truyn kt ni :
ng truyn trong mng LAN: s dng cp RJ45 tc 100 Mbps
ng truyn Internet: s dng gi cc MegaOFFICE ca FPT
Tc truy cp Internet ti a Download 3,072 Kbps Upload 640 Kbps
Cam kt v tc truy cp Internet ti thiu Download T 128 Kbps Upload T 128
Kbps.
Trang 8
Thc Tp Tt Nghip
Deseription
Interface
IP
Mack
Modem ADSL
External
192.168.1.113 255.255.255.252
192.168.1.113
DNS ISP
External
192.168.1.114 255.255.255.252
192.168.1.113
DNS ISP
Router
Antivirus
LAN Floor 1
192.168.1.1
LAN Floor 2
192.168.1.65 255.255.255.224
255.255.255.192
DC 1
192.168.1.97
DNS 1
192.168.1.101
192.168.1.98
DHCP 1
DC 2
192.168.1.97
DNS 2
192.168.1.101
192.168.1.98
For wader : ISP
DHCP 2
File Server
192.168.1.97
WSUS Server
192.168.1.101
192.168.1.98
RIS Server
Web Server
192.168.1.97
FTP Server
192.168.1.101
192.168.1.98
Printer Server
Floor 1
Floor 2
LAN_Floor 1
LAN_Floor 2
192.168.1.2
255.255.255.192
192.168.1.62
192.168.1.66
255.255.255.224
192.168.1.94
192.168.1.97
192.168.1.1
192.168.1.98
192.168.1.97
192.168.1.65
192.168.1.98
Trang 9
Thc Tp Tt Nghip
Trang 10
Thc Tp Tt Nghip
Trang 11
Thc Tp Tt Nghip
Group Type
OU
BanGiamDoc
BanGiamDoc
ThuKy
BanGiamDoc
KToan
KeToan
HC-NS
HanhChinhNhanSu
KT-KD
KeHoachKinhDoanh
KThuat
KyThuat
Trang 12
Thc Tp Tt Nghip
2.3.2
S dng thit b lu tr chuyn dng cho vic backup l Tape Driver: Hewlett Packard
StorageWorks DAT 24 (DW069A) DAT Tape Drive DAT, 12 GB, USB 2.0 Interface,
Internal Enclosure, 1.5 MBps, For: PC Platforms. Gi: 220$
Chn thi gian backup thch hp tt nht l vo nhng lc vng nhn vin lm vic nh
Thc Tp Tt Nghip
Thc Tp Tt Nghip
Trang 15
Thc Tp Tt Nghip
khc phc tnh trng trn, h thng mng cung cp dch v DHCP cho Server t
ng cung cp a ch IP v cc thng tin cu hnh cn thit cho cc my trm.
4.1 Chc nng ca DHCP server
DHCP Server cp pht IP ng v cc thng tin cu hnh c lin quan cho cc Client.
4.2 u nhc im ca DHCP server
u im :
Gim bt cc hin tng xung t v IP, hay cc li v IP, lun m bo Client c
cu hnh ng.
n gin ha trong cng tc qun tr.
Tit kim c s a ch IP tht.
Tp trung qun tr thng tin v cu hnh IP.
Cu hnh IP ng cho cc my trm mt cch lin mch.
Ph hp vi cc my tnh thng xuyn di chuyn gia cc lp mng.
T ng cp nht thng tin khi c s thay i cu trc mng.
S linh hot v kh nng d m rng.
Nhc im:
a ch IP c cp s b thay i, khng bo m c mt a ch ring bit cho mt
Client trong mi lc khi Client cn mt a ch IP tnh.
Qu trnh cp pht IP gia DHCP client v DHCP server l tn hiu broadcast nn
khng th i qua c Router.
4.3 Cc yu cu chung khi trin khai dch v DHCP server
DHCP Client
Windows XP
Trang 16
Thc Tp Tt Nghip
DHCP Server
Windows Server 2003
DHCP Server Service c ci t trn Server
cu hnh IP tnh, Subnet Mask v Default Gateway
C Range IP hp l
Trang 17
Thc Tp Tt Nghip
Ch thch:
003
Router
006
DNS Servers
015
Cu hnh Superscope
Backup & Restore DHCP database
Mc ch:
m bo an ton cho database ca DHCP Server
Khc phc nhanh s c xy ra i vi database ca DHCP Server
Cch thc hin:
To ra mt folder cha file backup ca DHCP trn a C:\
Backup d liu ca DHCP Server n folder to sn trn a C:\
Khi Restore s ch ng dn n folder cha file backup to trn a C:\
Nn DHCP database
Mc ch:
Tit kim dung lng lu tr
Cch thc hin:
Trang 18
Thc Tp Tt Nghip
Thc Tp Tt Nghip
Trang 20
Thc Tp Tt Nghip
Trang 21
Thc Tp Tt Nghip
Share
NTFS (advanced)
Users/Group
Public
Full
Travel Folder /
control
Execute file
ThuKy
KToan
Data
Read Attributes
Read Extend
Attributes
Apply onto
subfolders and
files
HC-NS
KT-KD
KThuat
Create Folders /
Append Data
Report
Full
Travel Folder /
control
Execute file
ThuKy
KToan
Data
Create Folders /
Append Data
Read Attributes
subfolders and
files
HC-NS
KT-KD
KThuat
Write Attributes
Application
Full
control
Full control
Trang 22
Thc Tp Tt Nghip
Thc Tp Tt Nghip
Trang 24
Thc Tp Tt Nghip
a. Yu cu v nh hng
Cc yu cu:
nh hng:
S dng Tape Driver: Hewlett Packard StorageWorks DAT 24 (DW069A) DAT Tape
Drive DAT, 12 GB, USB 2.0 Interface, Internal Enclosure, 1.5 MBps, For: PC
Platforms. Gi: 220$
Backup vo ban m khong 10h l tt nht
S dng backup Normal kt hp vi Incremental v Differential
Gii thiu u im v nhc im ca 3 loi backup trn tin vic la chn s
dng:
Backup Normal:
Backup full, c ngha l s backup ht tt c ci g m mnh chn
Thi im dng: backup full thng lm vo ngy cui tun v u tun
u im: s backup ton b ci g chng ta cn.
Khuyt im: thi gian backup v restore s lu v backup ht v restore ht, cn c
thit b dung lng ln cha file backup.
Backup Incremental:
Kiu backup ny l ch backup li nhng g thay i ca ngy backup so vi ln
backup trc
Thi im dng: cc ngy cn li trong tun tr th 2 v th 7
Trang 25
Thc Tp Tt Nghip
Backup Differential:
Kiu backup l file backup c to ra gm backup Full ca ngy hm trc v s
thay i ca ngy cn backup
Thi im dng :Thng dng vo cc ngy cn li trong tun tr th 2 v th 7
u im: bakup li bn Full ca ngy hm trc v s thay i ca ngy backup nn
khi restore s nhanh hn incremental
Khuyt im: thi gian backup s lu hn kiu normal nhng thi gian restore nhanh
hn kiu incremental, cn storage ln cha file backup.
b. Cch thc hin:
Tun 1
Tun 2
Tun 3
Th 2: Bnh Thng
Th 2: Kh khng
Th 2: Kh khng
Th 3: Gia Tng
Th 3: Gia Tng
Th 3: Gia Tng
Th 4: Gia Tng
Th 4: Gia Tng
Th 4: Gia Tng
Th 5: Gia Tng
Th 5: Gia Tng
Th 5: Gia Tng
Th 6: Gia Tng
Th 6: Gia Tng
Th 6: Gia Tng
Th 7: Bnh Thng
Th 7: Bnh Thng
Th 7: Bnh Thng
Trang 26
Thc Tp Tt Nghip
Thc Tp Tt Nghip
Yu cu khi thit k cu trc chy Web: hot ng nhanh, cp nht kp thi thng tin
cho nhn vin v khch hng.
Vi FTP: gip user c th truy cp trong phm vi mng ni b cng nh t internet
vo
Vi Web: c web ni b v web public cho user v khch hng truy cp.
6.3 Trin khai cc dch v Web v FTP
Ci t IIS Component
To host v alias cho FTP v Web trn DNS server.
Trin khai FTP:
To mt FTP site mi
Cu hnh a ch IP, Port, ng dn n th mc share FTP
Cp quyn cho cc user s dng th mc share FTP, cp quyn Read, Wrire, Brower
cho user trn FTP site.
Trin khai Web:
To Web site mi
Cu hnh a ch IP, Port, ng dn n th mc share web
Cu hnh trang mc nh v cc ng dn dng truy cp web
Cp quyn Read cho user.
Nat port v cu hnh dyndns public FTP v Web:
Vo modem Nat port 80 - ng vi IP: 192.168.1.99 ca web server, Nat port t 20 n
21 - ng vi IP: 192.168.1.99 ca FTP server
Download v cu hnh DynDNS software trn my Web-FTP cp nht a ch IP ln
server min ph ca DynDNS.org (nu c mua IP public v domain th khng cn phi
s dng dch v min ph ca DynDNS.org)
6.4 Tng kt dch v Web v FTP
Trang 28
Thc Tp Tt Nghip
Sau khi Web-FTP c thit lp, thng tin ca cng ty c ph bin rng ri cho
cc nhn vin v khch hng. y l dich v h tr cc k hu ch cho bt c mt
cng ty no m bo s tin dng v tit kim chi ph.
Trang 29
Thc Tp Tt Nghip
Gi thnh r
C th s dng tc c cc loi my in c th in c
Kt ni n gin khng ph thuc vo cu hnh kt ni
n gin d trin khai
Nhc im:
Bt buc my in ni vi PC phi c m lin tc nu tt s nh hng n cc
ngi s dng chung my in trong cng mt phng ban
Tc in n khng cao
Tnh bo mt km
7.2 Trin khai dch v Printer server
a. Trin khai Internet Printing vi Printer server
Ci t dch v Internet Printing trong Control Panel
To my in mng, v tr v a ch printer server v ci t driver cho printer server
To cc my in logic phn quyn cho cc Group v user khc nhau
To Printing Pool gip h thng khc phc s chm tr khi c qu nhiu yu cu
in
Map my in v my client thng qua trnh duyt internet.
b. Trin khai Local printing
Ci t v cu hnh cho my in cc b trn my tnh c gn my in
Share my in ra cho cc my khc bng ng dn UNC hoc s dng cu lnh
map my in cho tng client. Phn ny s thc hin trong Group Policy.
7.3 Tng kt dch v Printer server
Vi s qun l ca printer server, hot ng n nh - nhanh chng s gip cng vic
in n ca tc c nhn vin thun li hn. Trong m hnh mng ca cng ty
VNTRANSPORT s c 1 my printer server v cc my cn li s lm chc nng in
local, va m bo li tit kim.
Trang 30
Thc Tp Tt Nghip
Trang 31
Thc Tp Tt Nghip
my member server.
Sau khi ci t v khi ng li h thng, ta tin hnh Unlock cho server v ty chn
cho server l Primary server.
Sau tin hnh trin khai phn mm xung my client (client trn 3 range khc nhau,
range server, range tng 1 v range tng 2)
Chng ta c 2 cch ci t cho my trm: mt l chng ta ng t Client truy cp
n server bng ng dn UNC, hai l chng ta dng tin ch Client Remote Install
Tool. ci t t xa ta vo Tools\Client Remote Install.
Trong qu trnh ny bc u tin ta s chn v source ci t, ta ty chn Default
Location. Sau ta chn nhng user cn trin khai thc thi.
Trang 32
Thc Tp Tt Nghip
Qu trnh trin khai xung client thnh cng, sau khi khi ng li phn mm Antivirus
s t ng chy v nhn thy c trn my client.
8.4 Tng kt Antivirus
Symantec Antivirus m bo c kh nng vn hnh nh nhng cng nh m hnh
Client-Server ti u cho cng vic qun tr. S dng phn mm ny trn h thng ca
VNTRANSPORT l rt kh thi v t c mt phn mc tiu bo mt cho h thng
ca nhm 06PBL152.
Trang 33
Thc Tp Tt Nghip
Gim thiu lu lng bng thng ra ngoi Internet. Nu khng c wsus cng ty c
hng trm my tnh v yu cu update trc tip thng qua Website ca Microsoft s
gy l hin tng tc nghn v qu ti.
u im: Tit kim c nhiu thi gian qun tr v tng cng thm tnh bo mt
cho h thng cc my trm.
Nhc im: ch c ch trong mt h thng ln v nhiu my client. H thng nh
ci t s gy lng ph server.
9.2 Cc yu cu chung khi trin khai WSUS.
9.2.1 Yu cu v dung lng a cng:
C partition ci t windows v partition ci t WSUS phi l NTFS.
Ti thiu phi c 1 Gb trng cho partition h thng.
Ti thiu phi c 6 Gb trng cho partition ci cc bn update cho WSUS recommend l
30 Gb.
9.2.2 Cc yu cu v Automatic Updates:
Automatic Updates l mt thnh phn client ca WSUS. Automatic Updates khng
i hi g v phn cng c bit ngoi vic phi c kt ni vi network. Ta c th s
dng Automatic Updates vi WSUS trn bt k my tnh no chy cc h iu hnh
sau y:
Microsoft Windows 2000 Professional with Service Pack 3 (SP3) or Service Pack 4
(SP4), Windows 2000 Server with SP3 or SP4, or Windows 2000 Advanced Server
with SP3 or SP4.
Microsoft Windows XP Professional, with or without Service Pack 1 or Service Pack 2.
Microsoft Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise
Edition;Windows Server 2003, Datacenter Edition; or Windows Server 2003, Web
Edition.
Trang 34
Thc Tp Tt Nghip
* Note:
ci t c WSUS ta cn thc hin ci t mt s chng trnh yu cu cho
WSUS:
1. Ci t IIS
2. Ci t Services Pack
3. Ci t dotNetFX35setup.exe
4. Ci t ReportViewer.exe
5. Cui cng l ci t WSUS ( y h thng chng ta s ci t ver3.0)
9.3 nh hng v trin khai thc hin WSUS
My ch SUS s phn tch cc h iu hnh yu cu cp nht, kim tra cc bn
service pack v cung cp cho my client nhng gi tin cn phi download v ci t
cc phin bn cp nht.
9.3.1 ng b d liu v cung cp cho h thng
Khi bt u vic ng b d liu my ch SUS s truy vn n my ch Windows
Update ca Microsoft hay cc my ch SUS khc trong h thng mng v download
ton b ti nguyn v cc bn v li hay cc service pack cho mi sn phm v ngn
ng m ta cu hnh. Qu trnh ng b d liu s c truyn khong 150 MB
cho phin bn English v 600MB cho mi ngn ng khc.
9.3.2 Thit lp Automated Updates trn my client
Ci t cc cp nht t Automatic Updates ca my client bng vic ci t cc gi
MSI. cung cp cc gi cp nht dng MSI bn c th d dng s dng Group
Policy cung cp . To ra mt GPO mi, gn chng cho cc my tnh trong h thng
mng ca bn, v n s c ci t mt cch t ng.
C th cung cp cc gi MSI cho client di dng logon script gn cho gi tin MSI
v h thng s c thc hin trc khi ngi dng ng nhp vo h thng.
Trang 35
Thc Tp Tt Nghip
Trang 36
Thc Tp Tt Nghip
11. Cc dch v h tr
11.1 Dch v RIS
Trong mt m hnh h thng c nhiu my trm, ci t h iu hnh cho tt c
my trm th i hi ngi qun tr phi mt rt nhiu thi gian ci t cho tng
my. Vi chc nng ci t h iu hnh mt cch t ng qua mng, dch v RIS ra
i ngi qun tr gii quyt vn ny mt cch nhanh chng v c hiu qu.
11.1.1 Chc nng
Ci t h iu hnh qua mng cho Client.
11.1.2
u nhc im ca dch v
u im
Ci t h iu hnh mt cch t ng
Trang 37
Thc Tp Tt Nghip
Trang 38
Thc Tp Tt Nghip
Trang 39
Thc Tp Tt Nghip
+ LAN_Floor 1 : 192.168.1.1
Khi s to mt address pool (dy IP) dnh trc cho cc client c nhu cu quay
VPN sao cho cng NetID vi mng LAN bn trong site l c. Theo m hnh cng ty
VNTRANSPORT s c 3 subnet con khc nhau trong site, ta s tin hnh lm tun t
nh nhau cho 3 subnet. Phn ny a ra v d cho subnet Internal_Floor 1
11.2.3 nh hng thc hin VPN client to site
C 2 cch thc hin
Mt l: Bin Modem ADSL thnh 1 Bridge, khi ta s c c IP Public, dng IP
ny l IP cho VPN Server, tuy nhin cch ny hi bt tin l khi ta phi thc hin
Share Net th cc my client mi c th ra net c. (p dng cho nhng modem
khng h tr VPN)
Hai l: Trn Modem ADSL ta s kt hp vi Dynamic DNS trn VPN Server, khi
nu c client quay vo th ta ch vic Nat Port cho Forward qua VPN Server lun. Ta
s s dng cch ny cho vpn client to site trong h thng.
11.2.4 Thit k v xy dng VPN client to site
a. NAT port 1723 ca Router ADSL v my VPN server
b. Cu hnh VPN Server:
To user Client bn ngoi kt ni vo VPN Server (ty vo nhng user no c
nhu cu s dng VPN s to ti khon cho user )
Cho php user c quyn Allow access trong Dial-in
Enable Routing and Remote Access v cu hnh chc nng Remote Access (dial-up
or VPN)
Cu hnh Range IP cho cp cho client khi connect vo mng v hon tt qu trnh
trn cu hnh trn server
c. Cu hnh VPN Client trn my Client ngoi vo:
Trang 40
Thc Tp Tt Nghip
Trang 41
Thc Tp Tt Nghip
Thc Tp Tt Nghip
Sau qu trnh kim tra ton din h thng, ta s tin hnh bn giao cng vic vn
hnh h thng li cho ban qun l v phng k thut ca cng ty.
Nhng th cn bn giao:
Cc m hnh h thng v nguyn tc hot ng ca tng thnh phn trn h thng:
DNS, DHCP, DC ng cp, File server, Web - FTP server, Printer server, WSUS,
Antivirus, RRAS, Backup & Restore AD v File server.
T ta tip tc ch ra cc thnh phn quan trng trn h thng, ch cch kim tra s
c v khc phc khi s c xy ra.
Phi hp vi b phn chuyn gia phn cng ln lch bo tr cc thit b trong h
thng.
E.
nh gi hiu qu
Sau khi thit k v xy dng h thng ny, nhm 06PBL152 nhn thy rng h
Thc Tp Tt Nghip
Trang 44
Thc Tp Tt Nghip
KT LUN
i vi mt h thng th lun bo m ng bn yu cu c bn:
Yu cu v bo mt thng tin
Yu cu v kh nng hot ng nhanh nhy
Yu cu v kh nng chng chu vi mi trng h thng
Yu cu v kh nng m rng
Sau khi hon tc qu trnh xy dng v a vo hot ng, trong tng lai khng xa
kh nng cng ty s pht trin v cn thit mt h thng ln mnh v kh nng bo
mt thng tin cao hn na.
T t ra phng php m rng cho h thng l vn cn c cp ti khi bt
tay vo xy dng mt h thng. Ta s chn la nhng thnh phn v cu trc chnh c
kh nng m rng trong tng lai.
Sau y l phng n m rng h thng m nhm 06PBL152 vch ra cho h thng
trn:
Trin khai CA, IP SEC cho h thng bo mt c nng cao hn
Trin khai vpn (ci radious server nu cn chng thc v qun l trong giao tip
VPN) v kt hp vpn ipsec hoc SSL.
Trin khai RAID 5 trn my DC Backup ng thi tng tc hot ng ca server .
Kt hp Load Balancing vo h thng cn bng ti, tng kh nng chng chu .
Ci t ISA v khoanh vng DMZ cho vng server public ra internet .
Ci t h thng Mail exchange tin vic lin lc nu cn thit khi nhn vin cng
ty tng ln ng k .
Trang 45
Thc Tp Tt Nghip
Trang 46