Professional Documents
Culture Documents
QTM-II
QUN TR MNG II
QTM-II
MC LC
CHNG I: ROUTING
I.Gii thiu
Bi lab bao gm nhng ni dung chnh nh sau:
1. Static Route
2. RIP
3. Packet Filter
II. M hnh
III.Chun b
- Bi lab s dng 4 my Window Server 2003
- t IP cho cc my theo bng sau:
INTERFACE
PC01
PC02
PC03
PC04
IP
172.16.1.2
172.16.1.1
10.0.0.1
10.0.0.2
SM
255.255.255.0
DG
172.16.1.1
255.255.255.0
255.255.255.0
B TRNG
B TRNG
255.255.255.0
CROSS
INTERFACE
B TRNG
PC01
B TRNG
B TRNG
PC02
PC03
192.168.2.1
192.168.2.2
255.255.255.0
255.255.255.0
DG
B TRNG
B TRNG
DNS
B TRNG
B TRNG
IP
SM
LAN
DISABLE
B TRNG
PC04
DISABLE
QUN TR MNG II | 1/21/2012
DNS
10.0.0.1
- Tt firewall trn 4 my
- Pc01 ping pc02: ping OK
- Pc02 ping pc03: ping OK
- Pc03 ping pc04: ping OK
- Pc04 ci IIS, to mt trang web index.html vi ni dung ty
IV. Thc hin
1. Static
Thc hin trn PC02 v PC03
2
B5: Finish
Kim tra:
- PC01 (172.16.1.2) ping PC04 (10.0.0.2): Ping OK
- PC04 (10.0.0.2) ping pc01 (172.16.1.2): Ping OK
Ti PC02 -> m command line -> nh lnh Route Printf -> Quan st thy cn ng 10.0.0.0 c hc.
M routing and remote access -> m static routes -> chn cc static routes to - > nhn phm
delete
M comand line - > nh lnh router printf -> quan st thy khng cn ng 10.0.0.0 na
2.Rip
Thc hin ln lt trn PC02 v PC03
B1: M theo ng dn trong hnh -> chut phi B2: Chn Rip version 2 for Internet Protocol -> OK
ln General -> chn New routing protocol...
B5: Chn OK
Kim tra:
QUN TR MNG II | 1/21/2012
B8: OK
4.Packet Filter
B1: PC01 m IE truy cp http://10.0.0.2 -> truy cp thnh cng
B2: PC01 m command line -> nh lnh Netstat a -> Quan st thy PC01 ang to kt ni n PC04
bng port 80 (web/http)
B3: PC03 M routing and remote acccess -> General > Chut phi ln LAN -> chn Properties
Kim tra:
-
III.Chun b
Bi lab s dng 3 my Window server 2003
t IP cho cc my theo bng sau:
INTERFACE
PC01
PC02
PC03
10
IP
172.16.1.2
172.16.1.1
SM
255.255.255.0
255.255.255.0
CROSS
DISABLE
DG
172.16.1.1
B TRNG
DNS
B TRNG
B TRNG
PC01
PC02
PC03
192.168.2.1
192.168.2.2
255.255.255.0
255.255.255.0
INTERFACE
IP
SM
LAN
DISABLE
DG
B TRNG
B TRNG
DNS
B TRNG
B TRNG
Tt firewall trn 3 my
III.Thc hin
1.Cu hnh VPN server bng giao thc PPTP
My PC02:
B1: Logon administrator. Vo start -> Programs ->
Administrator Tools -> Routing and Remote Access,
chut phi ln PC02, chn Configuration and Enable
Routing and Remote Acccess
11
12
13
14
15
16
MY PC03
- M Network connection, chut phi vo VPN
Connection, chn Properties
- Qua tab Networking, mc Type of VPN, chn
L2TP IPSec VPN -> OK.
17
18
III.Chun b
- Bi lab s dng 4 my windows server 2003
- t IP cho cc my theo bng sau:
INTERFACE
PC01
PC02
PC03
PC04
IP
172.16.1.2
172.16.1.1
172.16.2.1
172.16.2.2
SM
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
DG
172.16.1.1
B TRNG
B TRNG
172.16.2.1
DNS
B TRNG
B TRNG
B TRNG
B TRNG
CROSS
INTERFACE
PC01
IP
SM
LAN
DISABLE
PC02
PC03
192.168.1.2
192.168.1.3
255.255.255.0
255.255.255.0
DG
B TRNG
B TRNG
DNS
B TRNG
B TRNG
PC04
DISABLE
19
20
21
22
B14: Qua tab IP, chn static address pool. Nhn Add
b.My PC03: Lp li cc bc ca phn a. Cu hnh VPN server trn my PC02 cho my PC03, thay
i cc thng tin sau:
23
MY PC03:
- Quan st trn Routing and remote access, connection saigon, s thy connected
24
25
- Chn ty chn: Use Preshared key for authencation, khung key: nhp vo 123456 -> OK -> OK.
26
a. My PC04:
- Logon Administrator -> vo CMD, g lnh ping
<a ch IP my PC04> (v d: ping 172.16.2.2) > s thy reply
b.My PC03:
- Quan st trn Routing and Remote access, connection hanoi, s thy Connected
28
III.Chun b
- M hnh bi lab s dng 3 my Windows server 2003
PC01: Disable card LAN
PC03 Disabls card CORSS
- C 3 my tt firewall
t IP theo bng sau y:
INTERFACE
PC01
172.16.1.1
172.16.1.2
SM
255.255.255.0
255.255.255.0
DG
172.16.1.2
B TRNG
DNS
8.8.8.8
B TRNG
PC01
PC02
PC03
192.168.X.2
192.168.X.3
255.255.255.0
255.255.255.0
192.168.X.1
192.168.X.1
INTERFACE
IP
SM
DG
Trong X l a ch ca mng Internet
- PC01 ci t web server
IV.Thc hin
29
PC03
IP
CROSS
CROSS
PC02
DISABLE
DISABLE
B5: Finish
1. NAT Outbound
- Thc hin trn PC02
B1:M routing and remote access -> Chut phi ln
PC02 -> Chn Configure and Enable routing and
access
30
31
Kim tra:
QUN TR MNG II | 1/21/2012
32
- PC02 m routing and remote access - > chn NAT/Basic Firewall -> Chut phi ln card LAN chn Show
Mappings.
- Quan st Mapping thy PC01 (172.16.1.1) c NAT ra ngoi thng qua PC02 (192.168.3.2)
3.NAT inbound
- Thc hin trn PC02
- M IE truy cp th trang web ca PC01: http://172.16.1.1 -> truy cp thnh cng (lu : PC01 ci
Webserver)
B1: Trong phn NAT -> Chut phi ln LAN ->
B2: Qua tab Services and Ports -> chn web
chn Properties
services (HTTP) \ Edit.
33
- PC03 truy cp website ca PC01 bng IP card LAN ca PC02: http://192.168.x.2 -> truy cp thnh cng
34
35
36
37
38
39
40
41
Kim tra: Logon TI -> m Outlook Express > nhn mail ca TEO -> ni dung mail b
sa m t khng bit
42
43
44
45
- Xut hin bng qung co: mail b sa -> Chn Open message c mail.
B2: Logon Admin -> M th mc cha mail ca Teo -> m file ca Teo -> Quan st thy ni dung mail
c m ha khng th c c -> thm 1 dng bt k vo ni dung mail v save li.
46
B3: Logon TI nhn mail t TEO -> khng th c c ni dung mail do mail b sa.
47
48
CHNG V: ENTERPRISE-CA
I.Gii thiu
Bi lab bao gm nhng ni dung chnh nh sau:
1. Ci Enterprise CA
2. User xin v Install Certificate
3. User cu hnh Outlook Express gi mail cho chnh mnh c sign v Encrypt
4. Export Certificate
5. Import Certificate
II.Chun b
01 My Window server 2003 DC ( nng cp thnh Domain)
To user TEO/password: 123 v khi khai bo a ch Email: Teo@dongan.local trong properties ca
account Teo.
III.Thc hin
1.Ci Enterprise CA
B1: Vo start -> Setting -> Control panel
Add or remove Programs - > Chn
Add/remove Windows components -> ko
thanh trt chn mc Application server,
sau nhn detail....
49
50
51
- Logon TEO
B1: M Outlook Express - > To Account Name:
TEO -> NEXT
53
4.Export Certificate
B1: Logon TEO -> Start -> Run -> MMC -> Menu
file -> Add/remove Sanp - IN -> Add.
54
55
B7: Lu li a C:\
5.Import Certificate.
B1: Logon TEO -> M MMC -> m theo ng dn trong hnh -> Chut phi ln Certificate TEO -> chn
delete -> YES.
56
B2: M Outlook Express -> chn OutLook -> M Email ca chnh mnh -> Khng th c c mail na.
57
58
- Kim tra:
M OutLook Express -> Outbox -> m mail gi cho chnh mnh -> c li c ni dung mail
60
61
Bc 4: nh tip D:\sources\adprerp\adprep.exe
/domainprep
Bc 5 : nh tip D:\sources\adprerp\adprep.exe
/domainprep /gpprep
Sau khi UpGrade thnh Cng chng ta th login vo h thng kim tra xem cc cu hnh OU v user c
thay i g khng
63
64
Roles : cho php b sung v loi b cc dch v server.Ti y bn c th qun l chi tit d liu tng
ng vi mi dch v.
Features : cho php b sung v loi b cc thnh phn trn Windows Server 2008.Chc nng ny
tng t nh Add/Remove Windows Components trong cc phin bn Windows trc.
Diagnostics : tch hp cc thnh phn Event Viewer, Reliability and Performance v Device
Manager.
Configuration bao gm cc cng c Local Users and Groups, Task Scheduler, Windows Firewall
with Advanced Security, WMI Control v Services. WMI Control c dng qun l cc dch v
Windows Management Instrumentation.
Storage tch hp 2 cng c l Windows Server Backup v Disk Management.
III. Ci t v qun l dch v (Roles)
ci t dch v, hay gi l cc Roles, bn
vo Server Manager, sau click vo Roles
khung bn tri v chn Add Roles khung bn
phi:
Click Next .
Ti khung Select Server Role bn chn mt role
cn ci t,sau click Next.
(Nh bn thy tt c 16 role trn Windows
Server 2008)
65
Sau khi ci t xong,thng tin ca cc thnh phn s hin th trong khung Features Summary trn
Server Manager.Bn c th thao tc ,b sung hay loi b cc thnh phn ti .
i vi phn Configuration chng ti s hng dn c th cc bn tng role khc nhau
66
67
B7: Chn OK
68
70
IP configuration: Cu hnh IP
Computer name and domain/workgroup membership
Cu hnh tn my, tn nhm hoc tn domain.
Installation of Server Core features/roles:
Cho php ci t mt s tnh nng ca Server Core. Download (phin bn hin thi 1.1.2, khong 1.4
MB): tn l: CoreConfigurator.msi.
71
72
73
- Kch hot Remote Server Administrative Tool: Start \ Control Panel\ Program And Features \ Turn
On or Off Program and Features \ nh du chn cc cng c nh hnh minh ha \ OK
74
- Start \ Administrative Tools \ Active Directory Users and Computers: kt ni thnh cng n c s
d liu ca DC. (hoc - Start \ Run \ DSA.MSC)
Lu : chy c lnh trn th ta phi ng nhp vo domain bng Admin domain.
1. c im Cc my trm khng cn phi c cu hnh phn cng mnh v doanh nghip khng phi tn
nhiu chi ph v bn quyn phn mm khi s dng dch v ny. Tuy nhin doanh nghip vn phi mt chi
ph bn quyn cho CAL (Client Access License) v chi ph ny thp, c th chp nhn c
My trm kt ni n my ch thng qua Terminal Services nn my trm phi c ci t Remote
desktop connection (RDC) 6.0 tr ln. C th download ti: http://support.microsoft.com/kb/925876/en-us
II.Chun b (h thng gm)
Server: Window server 2008
To local user: sv1/123, sv2/123 v add vo group remote desktop users
Bt ch remote desktop trn my server
Change password administrator l 123
Client: Windows XP
III.Thc hin
1.Ci t Terminal services:
B1: Start \ Program \ Administrator tools \ server
B2: Chn Terminal server Click Next.
manager. Chut phi Roles \ Add Roles
- Click Next
76
77
78
V d: \\10.10.10.1 -> OK
79
80
81
nghim ca cc phin bn trc. Phin bn 7.0 ra i to mt nn tng linh hot v an ton nht cho vic
cu hnh web v cc ng dng.
- IIS 7.0 c thit k tr thnh mt nn tng Web v ng dng linh ng v an ton nht cho
Microsoft. Microsoft thit k li IIS t nhng nn tng c trc v trong sut qu trnh
pht trin, nhm thit k IIS tp trung vo 5 lnh vc ln:
Bo mt
Kh nng m rng
Cu hnh v trin khai
Qun tr v chun on
Hiu sut
II. Ci t v cu hnh IIS
1.Ci t
B1: - Chn Server Manager ti ng dn : Start
B2: Khi chn thm dch v c th bn s gp thng
Menu Server Manager (hoc c th chn :
bo nhc nh cn ci t 1 s dch v ph km
Start Menu Administrative Tools Server
theo.
Manager).
- Click Next -> Install -> Close
- Trong Roles chn Add Roles . Tick chn
83
2. Thm mt website:
B1: - u tin ta to th mc cha trang web mi.
84
85
86
firewall,nhng im mi ng ch l:
1. iu khin kt ni ra vo trn h thng (inbound v outbound)
2. Tch hp cht ch vi Server Manager.Khi bn s dng Server Manager ci t
dch v,firewall s c cu hnh mt cch t ng ph hp vi cc dch v va
ci t.
3. Nhng ci tin trong qun l v cu hnh cc chnh sch trn IPsec.ng thi ,IPsec
cng c thay bng mt khi nim mi , l Connection Security Rules.
4. Nhng ci tin trong hot ng
Windows Firewall with Advance Security s dng hai loi rule cu hnh :
1. Firewall rules : dng xc nh kt ni no c cho php hoc b cm
2. Connection Security rules : phc v cho mc ch bo mt ng truyn gia my tnh ny vi
cc my tnh khc.
Sau khi hon thnh vic xy dng cc rule,bn s da vo cc firewall profile p dng
rule cho my tnh.Firewall profile l khi nim dng ch v tr m my tnh kt ni.Trn Windows
Server 2008 c ba loi firewall profile sau:
1. Domain : p dng khi mt my tnh c kt ni vo domain
2. Private : p dng khi mt my tnh tr thnh thnh vin ca mng ni b nhng cha kt ni
vo domain.
3.Public: p dng khi mt my tnh kt ni vo cc h thng mng cng cng chng hn nh
Internet.
II.LM QUEN VI GIAO DIN
B1: m Windows Firewall with Advance Security vo Start -> Administrator - > tools Windows
firewall with Advance security
88
B4: tab Private profile v tab public profile tng t nh domain profile. y l cc thit lp
dnh cho nhng my tnh khng thuc domain
89
III.FIREWALL RULE
Windows firewall with Advance security bao gm 2 loi firewall rule l Inbound rules v Oubound
rules. Cc firewall rule ny cho php bn to ra cc rule nhm iu khin cc kt ni n v i t
my tnh chy h i hnh Window server 2008
Trong mn hnh lm vic ca window firewall with advance security, click chn Inbound rules. Bn
s thy xut hin mt danh sch firewall rule trn h thng, trong khung gia
90
91
92
Bn cng c th sp xp v xem tng loi firewall rule p dung cho firewall profile bng cch nhp chut
phi vo Inbound rule hoc Outbound rules v lc theo cc iu kin nh profile, state, group. Sau chn
filter by...
- Nu mun xem chi tit ca mt firewall rule, click p vo rule .
- Trn tab General, bn xem v thay i trng thi ca firewall rule bng cch nh du hoc b chn mc
Enabled. ng thi mc action, chn mt trong 3 ch Allow the connections allow only secure
connections v Block the connections cho php hoc chn kt ni tng ng.
- Trn tab Programs and Services, bn c th thc hin cc thao tc nhm cho php hoc cm truy cp
n cc dch v hoc ng dng tng c ci t trn h thng. thit lp ng dng hoc dch v c th,
s dng cc chc nng Browse hoc Settings.
- Trn tab computer, bn c th thit lp nhm user hoc computer m firewall rule ny s p dng vic
ny c thc hin bng cch nh du chn vo mt trong hai mc Only allow connection from these
computers v Only allow connection from these users. Sau s dng chc nng Add b sung user v
computer tuong ng.
Lu : xc thc user v computer, bn cn thit lp Allow secure connection mc action ca tab
General. ng thi user v computer phi thuc domain v Ipsec phi c cu hnh trn cc h thng
tham gia vo qu trnh xc thc.
- Trn tab Protocols and Ports, thit lp giao thc v port m firewall rule s p dng.
Protocol type: Bn chn mt giao thc tng ng trong danh sch nh UDP,TCP,ICMP...
Protocol number: Bn nn s dng gi tr mc nh ca h thng. Tt nhin bn cng c th din gi
tr thch hp vi giao thc ca mnh
Local port: Bn thit lp port ca server ng vi firewall rule. Nn to mt Inbound rule, port ny s
c my ch dng lng nghe cc yu cu truy cp n. Nu to mt outbound rule, port ny s
c server s dng thit lp kt ni n cc my tnh khc.
93
94
Remote port: Bn thit lp port ca my tnh khc m firewall rule ny s p dng (remote
machine). Nu to mt outbound rule, y s l port trn my tnh xa m server ny s kt ni n
(destination port). Nu to mt inbound rule, y chnh l port m my tnh xa s dng kt ni
n server ny. (source port)
Internet Control Message Protocol (ICMP) settings: Nu bn mun thit lp trn giao thc ICMP,
chn Customize
- Trn tab Scope cho php bn thit lp cc gi tr trong mc Local IP Address v Remote IP address
firewall rule ny p dng
Local IP address l a ch IP m server ny hoc dng lng nghe kt ni t my tnh khc dn
vi inbound rule, hoc dng lm a ch IP ngun cho mnh thit lp kt ni n cc my tnh
khc vi outbound rule
Remote IP address l a ch IP ca my tnh xa m server ny s kt ni n vi outbound rule,
hoc y s l a ch IP ngun m my tnh xa s s dng kt ni n server ny vi inbound
rule.
- Trn tab Advance bn c th thit lp cc profile v cc loi kt ni (interface type) s s dng trong
firewall rule ny. Bn c th thit lp tt c cc profile hoc mt s profile ph hp. Nu mun cu hnh cc
loi kt ni ny chn Customize mc Interface type v la chn tng ng.
IV.TO MT FIREWALL RULE
To mt firewall rule cho Inbound (Vi outbound bn lm tng t)
B1: Nhp chut phi vo Inbound rules v chn new B2:Ti bng rule type chn custom chnh c
rule
ty chn
95
I.Gii thiu
Bi lab bao gm nhng ni dung chnh sau:
- Ci t Windows Server Backup Features
II.Chun b
- 01 my ci Window server 2008 Enterprise.
III.Thc hin
1. Ci t Windows Server Backup Feature
B1: Khi ng server manager -> Features -> Add
Features
96
97
B9:Chn Finish
98
B10: Chnh thi gian cho trng khp vi thi gian Backup v kim tra
--HT--99