Islamic Republic of Afghanistan ‫جمهوری اسالمی افغانستان‬

Ministry of Higher Education ‫وزارت تحصیالت عالی‬

Directorate of Private Higher Education ‫ریاست موسسات خصوصی تحصیالت عالی‬
RANA University ‫پوهنتون رنا‬
Directorate of Computer Science Faculty ‫ریاست پوهنحی کمپیوتر ساینس‬
Information Technology department
‫آمریت دیپارتمنت تکنالوژی معلوماتی‬

MONOGRAPH
ON
Design and implementation of Kabul University Data Center
‫طرح و تطبیق دیتا سنتر پوهنتون کابل‬

BY
Wasima Habib
17-RT200-332
In partial fulfillment of the requirements for the award of the degree of
BACHELOR OF INFORMATION TECHNOLOGY
BIT
TO
RANA University
Baraki Square, Kabul–Afghanistan
Islamic Republic of Afghanistan ‫جمهوری اسالمی افغانستان‬
Ministry of Higher Education ‫دلوړو زده کړو وزارت‬
Directorate of Private Higher Education ‫د لوړو زده کړو د خصوصي پوهنتونو ریاست‬
RANA University ‫رڼا پوهنتون‬
Directorate of Computer Science Faculty
‫د کمپیوټر ساینس پوهنځي ریاست‬
Information Technology Department
‫د معلوماتی ټکنالوژی دیپارتمنت آمریت‬

MONOGRAPH
ON
Design and implementation of Kabul University Data
Center
‫طرح و تطبیق دیتا سنتر پوهنتون کابل‬

In partial fulfillment of the requirements for the award of the degree of

BACHELOR OF INFORMATION TECHNOLOGY
(BIT)
TO
RANA UNIVERSITY

PREPARED BY: SUPERVISED BY:

Student Name: Wasima Habib Name: Mr. Azizullah Shirzad

Father’s Name: Habibullah Designation: Lecturer &
Registration No: 17-RT200-332 Coordinator
Batch: 2017 to 2021 Qualification: Bachelor of Computer
Science
Signature: ___________ ID No: RU-02-115
Date: Phone No: 0767676677
E-mail id: ????@gmail.com

Signature: _______
Date:
PROJECT APPROVAL SHEET
The undersigned certify that they have read the following Project Report and are
satisfied with the overall exam performance and recommend the project to the
faculty of Computer Science for acceptance.

Title: Design and implementation of Kabul University Data Center

Prepared by: Wasima Habib

17-RT200-332

Recommended by: Mr. Azizullah shirzad

Lecturer & coordinator

Project Coordinator: ________________________________

Name & signature Mr.

Dean of BCS Faculty: _________________________________

Name & signature Mr.

VC academic: _________________________________
Name & signature Mr.

RANA University Management

Verification & Stamp:
__________________________________
Date:
PROJECT EVALUATION SHEET
(Decision of the Monograph Evaluation Committee)

STUDENT PARTICULARS
Registration
Name: Wasima Habib 17-RT200-332
No:
Design and
Father’s implementation of Kabul
Habibullah Project Title:
Name:
University Data Center

Assessment Criteria
Member 1
Problem Definition: Relevant Yes☐ No☐ clearly phrased Yes☐ No☐ Testable
Yes☐ No☐

Research Design: Theoretical Background Yes☐ No☐ Appropriate Research

Method Yes☐ No☐

Research Result: Description ☐ Analysis☐

Analysis, Interpretation and Conclusion: Clear Yes☐ No☐

Further Comments (Allocate Marks out of 25%)

Name of the Committee Member:

Sign: ___________________ Date: ___________________

Member 2
Problem Definition: Relevant Yes☐ No☐ clearly phrased Yes☐ No☐ Testable
Yes☐ No☐

Research Design: Theoretical Background Yes☐ No☐ Appropriate Research

Method Yes☐ No☐

Research Result: Description ☐ Analysis☐

Analysis, Interpretation and Conclusion: Clear Yes☐ No☐

Further Comments (Allocate Marks out of 25%)

Name of the Committee Member:
Sign: ___________________ Date: ___________________

Member 3
Problem Definition: Relevant Yes☐ No☐ clearly phrased Yes☐ No☐ Testable
Yes☐ No☐

Research Design: Theoretical Background Yes☐ No☐ Appropriate Research

Method Yes☐ No☐

Research Result: Description ☐ Analysis☐

Analysis, Interpretation and Conclusion: Clear Yes☐ No☐

Further Comments (Allocate Marks out of 25%)

Name of the Committee Member:

Sign: ___________________ Date: ___________________

Member 4
Problem Definition: Relevant Yes☐ No☐ clearly phrased Yes☐ No☐ Testable
Yes☐ No☐

Research Design: Theoretical Background Yes☐ No☐ Appropriate Research

Method Yes☐ No☐

Research Result: Description ☐ Analysis☐

Analysis, Interpretation and Conclusion: Clear Yes☐ No☐

Further Comments (Allocate Marks out of 25%)

Name of the Committee Member:
Sign: ___________________ Date: ___________________

ANALYSIS OF MARKS ALLOCATED BY COMMITTEE MEMBERS:

Member 1 Member 2 Member 3 Member 4 Total

Initial Initial Initial Initial VC Stamp

DECLARATION
I hereby, declare that the Monograph “Design and implementation of Kabul
University Data Center” of the requirements for the Degree of Bachelor of
Information Technology (BIT) to RANA University is my original work and not
submitted for any other degree, diploma, fellowship or similar title or prize.

Name:
Signature: __________________
Date: ______________________
FACULTY CERTIFICATE
Batch: 2016-2021
Register Number: 17-RT200-332
Serial Number:

This is to certify that the Project / Monograph titled “Design and implementation of
Kabul University Data Center” Submitted in partial fulfillment of the requirements for
the degree of "Bachelor of Information Technology to RANA University, Baraki
Square, Kabul –Afghanistan is carried out By Wasima Habib Under my
direct supervision and guidance and that no part of this report has been submitted
for the award of any other degree, diploma, fellowship or other similar titles or prize
and that the work has not been published in any scientific or popular journals or
magazines.

FACULTY PARTICULARS DEPARTMENT IN-CHARGE

Name: Mr. Azizullah Shirzad Name: Mr. Abdul Ghafar Omerkhel

Qualification: Bachelor of Computer Qualification: M.Sc Computer Science
Science Designation: Dean
Designation: Lecturer & Coordinator ID No: Ru-02-057
ID No: RU-02-115

Signature: ______________________ Signature: ______________________

Date: Date:

Department Stamp
 Student
ACKNOWLEDGEMENT Photo Here

All praises and thanks to Almighty Allah, the source of knowledge and wisdom to
mankind, who conferred me with power of mind and capability to take this material
contribution to already existing knowledge. All respect and love to him who is an
everlasting model of guidance for humanity as a whole.

I would like to express the deepest appreciation to the committee chair H.E Dr.

Shafiullah Naimi the Chancellor of RANA University, who encouraged me in

writing my monograph on “Topic” with the attitude and the substance of a genius,
he continually and convincingly conveyed a spirit of adventure accordingly.

I wish to thank my project supervisor, Mr. Azizullah Shirzad guidance made

my project possible. His encouragement and wisdom made my efforts worthwhile.
My heartfelt gratitude also goes to Dean of CS Faculty, Mr. Abdul Ghafar

Omerkhil for his insight and completion of my project.

It is with great honor that I would also like to thank my friends, whose names I have
not mentioned, how yet supported and helped me in one way or the other.

Finally, I thank you, the reader for taking time to read my thesis.

Signature

Wasima Habib
17-RT200-332
BIT (Bachelor of Information Technology)
Table of Contents

PROJECT APPROVAL SHEET ...............................................................................................................................I

PROJECT EVALUATION SHEET ..........................................................................................................................II
FACULTY CERTIFICATE .................................................................................................................................... VI
ACKNOWLEDGEMENT ................................................................................................................................... VII
CHAPTER 1 | INTRODUCTION.................................................................................................................. X
1.1 OVERVIEW .................................................................................................................................................. XI
1.2 OBJECTIVES ............................................................................................................................................... XII
1.3 BENEFITS ................................................................................................................................................... XII
1.3.1. Resource Sharing .......................................................................................................................... XII
1.3.2. Software Sharing ............................................................................................................................ XII
1.3.3. Convenient Communication ......................................................................................................... XII
1.3.4. Centralized Data ............................................................................................................................. XII
1.3.5. Improved Security .......................................................................................................................... XII
1.3.6. Internet Sharing ............................................................................................................................. XIII
1.3.7. Computer Identification ................................................................................................................ XIII
1.3.8. Easy Filling and Data Security .................................................................................................... XIII
1.3.9. Easy Access on Applications and Data ..................................................................................... XIII
1.4 TECHNOLOGY USED (PLATFORM) ............................................................................................................ XIV
1.5 CHALLENGES AND LIMITATIONS ................................................................................................................ XIV
CHAPTER 2 | EXISTING AND PROPOSED SYSTEM ........................................................................ XVI
2.1. EXISTING SYSTEM .................................................................................................................................... XVI
2.1.1. CONTROL .............................................................................................................................................. XVI
2.1.2. NO SELF SERVICE ................................................................................................................................ XVI
2.1.3. SAFEKEEPING OF PROPERTY .............................................................................................................. XVII
2.1.4. INTERNAL SKILL SETS AND SUPPORT .................................................................................................. XVII
2.2. PROPOSED SYSTEM................................................................................................................................ XVII
2.2.1. CLOUD (INTERNET) ............................................................................................................................. XVII
2.2.2. CISCO ROUTER (CISCO 2800 ISR ROUTER)...................................................................................... XVII
2.2.3. CISCO SWITCH (CISCO CATALYST 9200 SERIES SWITCH) .............................................................. XVIII
2.2.4. ADDC................................................................................................................................................. XVIII
CHAPTER 3 | REQUIREMENTS GATHERING ..................................................................................... XXI
3.1. REQUIREMENTS GATHERING................................................................................................................... XXI
3.1.1. Hardware requirements ................................................................................................................ XXI
3.1.2. Software requirements ................................................................................................................. XXI
3.2. FUNCTIONAL REQUIREMENT .................................................................................................................. XXII
3.2.1. Users Requirements (Functionality) .......................................................................................... XXII
3.2.2. Security .......................................................................................................................................... XXII
3.2.3. Important Data Center Security Standards .............................................................................. XXII
CHAPTER 4 | SYSTEM DESIGN ........................................................................................................... XXV
4.1. MODULATION DESIGN ............................................................................................................................XXVI
4.2 TOPOLOGY DESIGN (I.T) ....................................................................................................................... LXXIV
4.2.1 Main office topology design ...................................................................................................... LXXIV
4.2.2 Branch offices topology design ................................................................................................. LXXV
CHAPTER 5 | CONFIGURATION PROCEDURE/CODING (IT) ........................................................LXXVI
5.1 CONFIGURATION PROCEDURE ............................................................................................................ LXXVII
5.2 CONFIGURATION CODING .................................................................................................................... LXXVII
6.1 TESTING TECHNIQUES AND TESTING .................................................................................................. LXXXVI
6.2 TESTING REPORT ................................................................................................................................ LXXXVI
6.3 DEBUGGING REPORT .......................................................................................................................... LXXXVI
CHAPTER 7 | COST ESTIMATION .................................................................................................. LXXXVII
7.1. APPROXIMATE COST OF THE HARDWARE ....................................................................................... LXXXVIII
7.2. APPROXIMATE COST OF THE SOFTWARE ................................................................................... LXXXVIII
7.3. APPROXIMATE COST OF THE PROJECT IMPLEMENTATION ......................................................... LXXXVIII
7.4. OVERALL COST OF THE PROJECT .............................................................................................. LXXXVIII
8.1 FUTURE PLAN............................................................................................................................................. XC
8.2 EXPANSION POSSIBILITY .......................................................................................................................... XCII
CONCLUSION ......................................................................................................................................... XCVI
REFERENCES.............................................................................................................................................. XCVII
Chapter 1 | Introduction
1.1 Overview

Today the Data Center is the heart of most companies’ operations, the importance
of effective management of increasingly large amounts of data is prompting many
companies to significantly upgrade their current operations, or to create brand new
data centers from greenfield. At the same time, economic conditions are forcing
companies to focus on efficiency and simplification. As a result, Data Center
optimization and/or consolidation may be on your agenda.
Kabul University was founded in 1931 during the government of Mohammed Nadir
Shah and then Prime Minister Mohammad Hashim Khan. Approximately 22,000
students attend Kabul University. Of these, nearly 43% are female. The mission of
Kabul University is to mature and prosper as an internationally recognized
institution of learning and research, a community of stakeholders committed to
shared governance, and a center of innovative thought and practice. The data
center design for the Kabul University helps IT to manage everything centrally and
avoid losing data also removing the paperwork. It helps all employees record
gather into a file server and by taking backups secure the data more.
Data centers are facilities that house servers and related equipment and systems.
They are distinct from data repositories, which collect various forms of research
data, although some data repositories are occasionally called data centers. Many
colleges and universities have data centers or server rooms distributed across one
or more campuses, as we would like the Kabul University do also. This monograph
reports on the experiences of having all application and storage servers were
consolidated into a new, university datacenter. I would discuss the advantages of
consolidation, the planning process for the actual data center design and
implementation, and lessons learned from the testing virtual experience.
1.2 Objectives

Several factors are currently converging to make this an opportune time for the
University of Kabul to review its model for housing, securing, and managing its
computing servers and equipment. They are:
1. The commissioning of the Information Technology Facility which provides highly
efficient data center space previously not available.
2. The University’s “2021 Vision” Sustainability Targets include a goal to achieve
net-negative energy growth from 2010 to 2021.Sloution that can reduce IT energy
use.
3. Technologies such as virtualization and remote server management have
matured and can be more widely deployed.
4. University efficiency initiatives over several years have put continuing pressure
on IT staff resources, so changes that free up IT staff to work on higher-priority IT
needs are recognized as necessary.

1.3 Benefits
There are many advantages to the centralized data center. Many of these
advantages also applied to the other companies for having a data center, but for
the purposes of this paper, we are addressing them in the context of the
university’s experience.

1.3.1. Resource Sharing

Sharing of resources such as hard disk drives, DVD drives and Printers are made
easy in Local Area Network. For an example all the resources can be connected to
one single computer with a network so that whenever there is a need of resources
it can be shared with the connected computers.

1.3.2. Software Sharing

Another type of sharing made easy here is the Software sharing. A single computer
with the licensed software can be shared among other users in the network. There
is no need to purchase individual license for each and every computer in the
network. All can be worked under one single license.

1.3.3. Convenient Communication

Using LAN users can exchange messages and data in a convenient way. Since the
data is placed on the server it can be accessed anytime by the LAN users. Every
single LAN user can do this with others on the network. Hence, this not only saves
lots of time, it ensures that messages get delivered to the right people.

1.3.4. Centralized Data

As mentioned earlier data of the users are located at the centralized server. Any
workstation in a particular network can be used to access this information.
Moreover users can access their own set of data by logging into their respective
accounts.

1.3.5. Improved Security

Since data is stored on a local server, it can be guaranteed to be secure. If the data
on the server is updated then simply all the LAN users can access them. In addition
to that, the host has the capability to deny or allow users in a particular network so
that additional security measurements can be imposed.

1.3.6. Internet Sharing

LAN has the capability to share internet connection among all the LAN users. One
single computer with an internet connection shares internet with all the connected
computers. This type of infrastructure can be seen in Offices and Netcafes.

1.3.7. Computer Identification

For the purpose of identification, each computers on the LAN is assigned with a
MAC address. This address will be normally used when sending and receiving
data. In modern computers these data is stored inside the network adapter that
comes attached with the motherboard.

1.3.8. Easy Filling and Data Security

The University has no File server that can sufficiently store data and all students
records in one. They use the old paper work which has a very high risk of data
loos, fire or damage. By a data center we can store every single record and by
taking backups we can make sure all is well and safe.

1.3.9. Easy Access on Applications and Data

This data center can host many E-Learning programs which are required for
teaching in Kabul university also all teachers, students and university staff can
access one MIS system for any daily routine tasks. In near future the centralized
system can help teachers for having online exams and assignments as well.

1.3.10. Server Room

The University has no server room occupied a large office that could be repurposed
to house multiple staff offices. however, they are in great demand, and the
possibility of gaining more space for a new data center.

1.3.11. Climate Control

The new data center is built on a raised floor that allows better air circulation.
Hundreds of servers and other pieces of equipment create a lot of excess heat, and
raised floor construction allows for better circulation of air. New racks have
chimneys that exhaust heat from high-density computing environments. Air
conditioners supply a constant stream of air that will maintain the optimum
temperature for computing equipment. Censors continually monitor humidity and
keep it at an optimal level.

1.3.12. Security
With server rooms scattered all over the university, security issues can be a
concern. Now if the servers are housed in one location, the university can provide a
highly secure environment in a more cost-effective way. The data center has card-
swipe access to the building and biometric access to the data center itself. There
are also cameras installed in the building as a further security measure.

1.3.13. Automation of Server Management

One of the benefits of consolidating servers into one environment is that they are in
a secure location, but it is still possible to manage them from a distance. The virtual
environment has a web-based console that allows system Administrators to
connect and manage them, and the physical servers can be managed over the
network as well. Even though the servers are centralized, our system administrator
can work from an office in the University only.

1.4 Technology used (Platform)

1.4.1 Cisco Packet Tracer

I will use the cisco packet tracer for visualizing the data center components.

1.4.2 VMware
For installing windows server components and testing on the clients’ PCs.

1.5 Challenges and limitations

Challenges and Limitations of current system:

1.5.1. Implementation Cost

Even though LAN saves lots of money in terms of resource sharing, the initial cost
involved in setting up the network is quite high. This is mainly due to the
requirement of a special software that is needed to make a server. In addition to
that purchasing of hardware equipments such as routers, hubs, switches and
cables are required for the first time setup.

1.5.2. Policy Violations

Since all the data of the connected computers are stored inside a central server,
unauthorized users can view all the browsing history and downloads of all the
connected computers. Especially the LAN administrator has the authority to check
personal data of each and every LAN user. Therefore, this can lead to Policy
violations.

1.5.3. Security
Since it is rather easy to gain access to programs and other types of data, security
concerns are a big issue in LAN. The sole responsibility to stop unauthorized
access is in the hands of LAN administrators. The LAN administrator has to make
sure that the centralized data is properly secured by implementing correct set of
rules and privacy policies on the server.

1.5.4. Maintenance
LAN often faces hardware problems and system failure. Hence, it requires a
special administrator to look after these issues. The administrator needs to be well
knowledgeable in the field of networking and needed at its full-time job.

1.5.5. Area Coverage

LAN is usually made to cover up a limited distance (up to 10km). Most probably it is
operated in small areas such as in offices, banks and schools. This is because its
cabling system cannot be extended more than a certain range.
1.5.6. Server Crashes
Central server which is present on the LAN architecture manages all the attached
computers. If in case the server encounters any faults all the connected computers
are affected too. For an example if the files on the server gets corrupted, no more
data on the attached computers can be accessible.

1.5.7. Malware Spreading

Appearance of virus in a LAN based infrastructure is highly dangerous. If one the
attached computers are affected with a virus, it can easily spread to the remaining
computers present on the network.
 Chapter 2 | Existing and Proposed System
2.1. Existing system
2.1.1. Control
All the users may not be agreed to let system administrators control their PCs by
joining them to the Domain Controller.

2.1.2. No Self Service

Everything will not be in the user’s hand. For example, they cannot unlock their
PCs and reset their passwords. This will challenge the IT Help Desk department
and will loud out more tickets to their system.
2.1.3. Safekeeping of property
All the Domain Admin users may read every other client’s confidential data and
spreadsheets.

2.1.4. Internal skill sets and support

Internal users might need to expand their skills on using Domain environment
computers.

2.2. Proposed system

2.2.1. Cloud (Internet)
Will connect us to the internet. The Internet is a vast network that connects
computers all over the world. Through the Internet, people can share information
and communicate from anywhere with an Internet connection.

2.2.2. Cisco Router (Cisco 2800 ISR router)

Cisco 2800 Series ISRs provide the highest level of performance to accommodate
growth for even the most demanding business.
Cisco 2800 Series Integrated Services Routers support:

1. Wireless networking

Help employees be more productive and collaborate better by enabling them to

work wirelessly from anywhere in the office.

2. Voice

Enjoy advanced communications tools such as call processing, voicemail,

automated attendant, and conferencing to respond to customers faster and save
money on long-distance charges.

3. Video

Enable more cost-effective surveillance and security systems or support on-

demand and live streaming media.

4. Security

Reduce business risks associated with viruses and other security threats.

5. Virtual private networks

Give remote staff and teleworkers secure access to company assets over a secure
connection.

6. Modular architecture

With a wide variety of available LAN and WAN options, you can upgrade your
network interfaces to accommodate future technologies. The 2800 Series also
offers several types of slots that make it easy to add connectivity and services in
the future on an "integrate-as-you-grow" basis.

7. Flexibility
Connectivity via DSL, cable modem, T1, or 3G wireless maximizes your options for
both primary and backup connections.

2.2.3. Cisco Switch (Cisco Catalyst 9200 Series Switch)

Helps connecting data center with the internal departments. Cisco Catalyst 9200
Series Switch can support.
1. Up to 48 ports of full Power over Ethernet Plus (PoE+) capability
2. Resiliency with Field-Replaceable Units (FRU) and redundant power supply, fans,
and modular uplinks
3. Flexible downlink options with data, PoE+ or mGig
4. Operational efficiency with optional backplane stacking, supporting stacking
bandwidth up to 160 Gbps
5. UADP 2.0 Mini with integrated CPU offers customers optimized scale with better cost
structure
6. Enhanced security with AES-128 MACsec encryption, policy-based segmentation,
and trustworthy systems
7. Layer 3 capabilities, including OSPF, EIGRP, ISIS, RIP, and routed access
8. Advanced network monitoring using Full Flexible NetFlow
9. Plug and Play (PnP) enabled: A simple, secure, unified, and integrated offering to
ease new branch or campus device rollouts or updates to an existing network
10. Cisco IOS XE: A Common Licensing based operating system for the enterprise
Cisco Catalyst 9000 product family with support for model-driven programmability
and streaming telemetry
11. ASIC with programmable pipeline and micro-engine capabilities, along with
template-based, configurable allocation of Layer 2 and Layer 3 forwarding, Access
Control Lists (ACLs), and Quality of Service (QoS) entries

2.2.4. ADDC
domain controller is a server that responds to authentication requests and verifies
users on computer networks. Domains are a hierarchical way of organizing users
and computers that work together on the same network. The domain controller
keeps all of that data organized and secured.
The domain controller (DC) is the box that holds the keys to the kingdom- Active
Directory (AD). While attackers have all sorts of tricks to gain elevated access on
networks, including attacking the DC itself, you can not only protect your DCs from
attackers but actually use DCs to detect cyberattacks in progress.

Why is a Domain Controller Important?

Domain controllers contain the data that determines and validates access to your
network, including any group policies and all computer names. Everything an
attacker could possibly need to cause massive damage to your data and network is
on the DC, which makes a DC a primary target during a cyberattack.
Helps controlling the internal resources using different features like:

• AD users and computers

• AD Group Policy Management
• AD Domain Name Server
The primary responsibility of the DC is to authenticate and validate user access on
the network. When users log into their domain, the DC checks their username,
password, and other credentials to either allow or deny access for that user.
Active Directory is a type of domain, and a domain controller is an important server
on that domain. Kind of like how there are many types of cars, and every car needs
an engine to operate. Every domain has a domain controller, but not every domain
is Active Directory.
In general, yes. Any business – no matter the size – that saves customer data on
their network needs a domain controller to improve security of their network. There
could be exceptions: some businesses, for instance, only use cloud based CRM
and payment solutions. In those cases, the cloud service secures and protects
customer data.

Benefits of Domain Controller

• Centralized user management
• Enables resource sharing for files and printers
• Federated configuration for redundancy (FSMO)
• Can be distributed and replicated across large networks
• Encryption of user data
• Can be hardened and locked-down for improved security

Limitations of Domain Controller

• Target for cyberattack
• Potential to be hacked
• Users and OS must be maintained to be stable, secure and up-to-date
• Network is dependent on DC uptime
• Hardware/software requirements

1. NTP
To set date and time for all servers and clients from a central point. The Network
Time Protocol (NTP) is a networking protocol for clock synchronization between
computer systems over packet-switched, variable-latency data networks. In
operation since before 1985, NTP is one of the oldest Internet protocols in current
use. NTP was designed by David L. Mills of the University of Delaware.

2. WSUS
To push new updates to all the users

3. File Server
Helps for a centralized resource point and safe documentation

4. Shadow Copy
To have a backup of the files and prevent from the file removals by mistake
5. FSRM
To control what should be in the file server and what should not
6. Firewall
May help to secure inbound and outbound file transfers
 Chapter 3 | Requirements Gathering

3.1. Requirements Gathering

3.1.1. Hardware requirements
The Recommended Minimum System Requirements, here, should allow even
someone new to installing a usable system with enough room to be comfortable.
• PowerEdge Rack Servers
• Power Distributor
• Firewall (Sophos XG Firewall)
• Cisco Router (Cisco 2800 ISR router)
• Cisco Switch (Cisco Catalyst 9200 Series Switch)
• Rack 42U
• AC
• Fire Alarm (Smoke Detector)
• UPS (Battery)
• Rj45 Connector
• Cables
• Security Camera

3.1.2. Software requirements

The Recommended Minimum System Requirements are:
• Windows Server 2016
• Cisco Packet Tracer
• Putty
3.2. Functional Requirement
3.2.1. Users Requirements (Functionality)
Creating Computers and Joining a Domain
Three things are required for you to join a computer to an Active Directory domain:
• Physical Computer connected with the domain
• Mouse and keyboard
• Network Cable for connecting to the network
• Power for starting computers
• A computer object must be created in the directory service
• You must have appropriate permissions to the computer object. The
permissions allow you to join a computer with the same name as the object
to the domain
• You must be a member of the local Administrators group on the computer to
change its domain or workgroup membership

3.2.2. Security
Data center security refers broadly to the array of technologies and practices used
to protect a facility’s physical infrastructure and network systems from external and
internal threats. On a very basic level, data center security is all about restricting
and managing access. Only authorized personnel should be able to access critical
infrastructure and IT systems. Data center security includes both the “things” put in
place to accomplish that goal (such as locked access points, surveillance systems,
or security personnel) and the “controls” that manage them (such as security
policies, access lists, or rules for handling data).

3.2.3. Important Data Center Security Standards

Here are a few critical data center physical security standards and technologies
every colocation customer should evaluate when they’re looking to partner with a
facility.

Layered Security Measures

Every aspect of a data center’s security should work in concert with other elements
as part of a comprehensive, layered system. The idea is that a potential intruder
should be forced to breach several layers of security before reaching valuable data
or hardware assets in the server room. Should one layer prove ineffective, other
layers will likely prevent the intrusion from compromising the entire system.

Access Lists
While it may seem like a simple thing, one of the most important elements of data
center security is ensuring that only authorized persons are permitted to access
key assets. When a company colocates with a data center, not every employee
there needs to have access to the servers. This is a critical component of the “Zero
Trust” security philosophy. By maintaining up-to-date access lists, a facility can
help their customers prevent theft and guard against human error by people who
aren’t authorized to handle IT assets in the first place.

Video Surveillance
Another longtime staple of physical security technologies, video surveillance is still
incredibly valuable for data centers. Closed-circuit television cameras (CCTVs) with
full pan, tilt, and zoom features should monitor exterior access points and all
interior doors as well as the data floor itself. Camera footage should be backed up
digitally and archived offsite to guard against unauthorized tampering.

Secure Access Points

Sensitive zones like the data floor should be secured by more than a simple locked
door. Manned checkpoints with floor-to-ceiling turnstiles or man-traps that prevent
an authorized visitor from passing credential back to someone else are essential
physical security standards for any data center facility.

24x7x365 Security
Security checkpoints, cameras, and alarms won’t amount to much without security
staff on-site to respond to potential threats and unauthorized activity. Routine
patrols throughout every data center zone can provide a visible reminder that
security personnel are on the lookout and can react quickly to deal with any
potential issue.

RFID Asset Management

While having data center security personnel on-site and archived camera footage
available is critical, it’s still difficult to keep eyes on every piece of hardware at all
times. With RFID tagging, data centers can manage and track assets in real-time
through powerful business intelligence software. Tags can even send out alerts the
moment an asset is moved or tampered with, allowing data center personnel to
respond quickly to any threat.

Background Checks
Between security staff and remote hands technicians, data centers have a lot of
people moving throughout a secure facility. Conducting thorough background
checks on staff, as well as implementing vetting requirements for all third-party
contractors, can provide assurances to their customers that these people can be
trusted to manage and protect their valuable IT assets.

Exit Procedures
When someone who has the authorization to access sensitive zones and assets
within the data center leaves their position, their privileges don’t go with them.
Whether it’s data center personnel or customer employees with access rights who
are leaving the organization, facilities should have systems and procedures in
place to remove those privileges. This could mean updating access lists, collecting
keys, or deleting biometric data from the facility’s system to make sure they won’t
be able to pass through security in the future.

Multi-Factor Authentication
Every data center should follow “Zero Trust” logical security procedures that
incorporate multi-factor authentication. Every access point should require two or
more forms of identification or authorization to ensure that no one will simply be
“waved through” by security if they’re missing one form of authentication.
Biometric Technology
One of the latest innovations in security standards, biometric technology identifies
people through a unique physical characteristic, such as a thumbprint, retina
shape, or voice pattern. There are a variety of ways to incorporate biometric
technology into access protocols, and it is especially valuable as one component of
two-factor authentication.
As data center security technology continues to involve, new physical security
measures will surely be incorporated as best practices. Data center physical
security standards may not be evident at first glance because many of them are
intended to remain out of sight. Even so, data center customers can review security
certifications and request a more detailed overview of the physical and logical
security measures a facility has put in place to ensure that data remains well-
protected.
Chapter 4 | System Design
4.1. Modulation design
1- Server Installation

Restart the server

Press ENTER to boot from DVD.

Figure 5. 1:Server Installation

Files will start loading.

Figure 5. 2: Loading Files

Take the defaults on the Language screen and click Next.

Figure 5. 3: Language Selection

Click Install now on the install screen.

Figure 5. 4: Installation

Click the second line item for the GUI. The default install is now Server Core. Then
click Next.

Figure 5. 5: Operating System Selection

Read License Agreement, Turn on Checkbox “I accept the license terms,” and then
click Next.

Figure 5. 6: Terms and Conditions

Click Custom: Install Windows only (Advanced).

Figure 5. 7: Type of Installation

[Optional:] Click drive options; then you can create custom partitions.

Figure 5. 8: Partition

[Optional:] Add a drive using Native Boot To Vhd: SHIFT-F10 to open a command prompt
window; Find installation drive (dir c:, dir d:, dir e:, etc). Diskpart to open the Disk Partition
Utility (the first four lines below are all the same command and must run on the same line,
separated here to make it easier to read).Create vdisk file=e:\BootDemo.vhd
type=expandable maximum=40000. Attach disk. Exit. Then Refresh.

Figure 5. 9: Refresh
It will then start copying files. This will take a while (could be 20 mins or so depending on
hardware performance).It will reboot a couple times (automatically). After the first reboot, it
will no longer be running off of the DVD.

Figure 5. 10: Windows Installation

Figure 5. 11: Finalizing

In the Password box, enter a new password for this computer. It must meet complexity
requirements. Re-enter the password in the second password box, and then click Finish.

Figure 5. 12: Setting Password

Press Ctrl-Alt-Delete at the same time to get the login screen

Figure 5. 13: Lock Screen

Enter password and press enter.

Figure 5. 14: Login Page

The Desktop will be displayed and Server Manager will be opened automatically.

Figure 5. 15: Setting up Home Screen

Pressing Windows Key on the keyboard will bring up the start screen (formerly known as
Start Menu). If you Right-Click on Computer, you will see the new right-click menu is on the
bottom of the screen instead of in a dropdown box. Select Properties.

You will see that the System Properties screen looks almost identical to prior versions of
windows. We can now change the computer name by clicking on Change Settings.

Figure 5. 16: Changing Computer Name

Type new computer name you would like to use and click OK.

Figure 5. 17: Computer Name

Click OK on the information box. Click OK to allow a restart.

Figure 5. 18: Confirmation

Then click Restart Now on the final dialog box

Figure 5. 19: Restart To Effect

2- Installing Active Directory Users & Computers on a Windows Server

Click the Windows button and type ‘add feature’ to start the feature installation:

Figure 5. 20: Windows Features

This opens up the ‘Add roles and features’ wizard in Server Manager. Click Next a couple of
times until you reach the features section:

Figure 5. 21: Add Roles and Features

In the features section expand ‘Remote Server Administration Tools’ all the way down to the
‘AD DS Snap-Ins’ component. Select it and click Next:

Figure 5. 22: ADDS Installation

Click Install to complete the installation.

3- Install Group Policy Management Console

Navigate to Start → Control Panel → Programs and Features → Turn Windows features on
or off.

In the Add Roles and Features Wizard dialog that opens, proceed to the Features tab in the
left pane, and then select Group Policy Management.

Click Next to proceed to confirmation page.

Click Install to enable it.

4- DNS Configuration

To configure your DNS server, follow these 5 steps:

First, you’ll need to start the Configure Your Server Wizard. To do so, click Start -> All
Programs -> Administrative Tools, and then click Configure Your Server Wizard.

On the Server Role page, click DNS server, and then click Next.
On the Summary of Selections page, view and confirm the options that you have selected.
The following items should appear on this page:

• Install DNS

• Run the Configure a DNS Wizard to configure DNS

If the Summary of Selections page lists these two items, click Next.

If the Summary of Selections page does not list these two items, click Back to return to the
Server Role page, click DNS, and then click Next to load the page again.

When the Configure Your Server Wizard installs the DNS service, it first determines whether
the IP address for this server is static or is configured automatically. If your server is
currently configured to obtain its IP address automatically, the Configuring Components
page of the Windows Components Wizard will prompt you to configure the server with a
static IP address. To do so perform the following actions:

In the Local Area Connection Properties dialog box, click Internet Protocol (TCP/IP), and
then click Properties.

Next, click Use the following IP address, and then type the static IP address, subnet mask,
and default gateway for this server.

In Preferred DNS, type the IP address of this server.

In Alternate DNS, either type the IP address of another internal DNS server, or leave this
box blank.

When you’ve finished setting up the static IP addresses for your DNS, click OK, and then
click Close.

After you Close the Windows Components Wizard, the Configure a DNS Server Wizard will
start. In the wizard, follow these steps:

On the Select Configuration Action page, select the Create a forward lookup zone check
box, and then click Next.

To specify that this DNS hosts a zone containing DNS resource records for your network
resources, on the Primary Server Location page, click This server maintains the zone, and
then click Next.

On the Zone Name page, in Zone name, specify the name of the DNS zone for your
network, and then click Next. The name of the zone is the same as the name of the DNS
domain for your small organization or branch office.
On the Dynamic Update page, click Allow both nonsecure and secure dynamic updates,
and then click Next. This makes sure that the DNS resource records for the resources in
your network update automatically.

On the Forwarders page, click Yes, it should forward queries to DNS servers with the
following IP addresses, and then click Next. When you select this configuration, you forward
all DNS queries for DNS names outside your network to a DNS at either your ISP or central
office. Type one or more IP addresses that either your ISP or central office DNS servers use.

On the Completing the Configure a DNS Wizard page of the Configure a DNS Wizard, you
can click Back to change any of your selected settings. Once you’re happy with your
selections, click Finish to apply them.

After finishing the Configure a DNS Wizard, the Configure Your Server Wizard displays the
This Server is Now a DNS Server page. To review the changes made to your server or to
make sure that a new role was installed successfully, click on the Configure Your Server log.
The Configure Your Server Wizard log is located at:

%systemroot%\Debug\Configure Your Server.log

To close the Configure Your Server Wizard, just click Finish.

Setting Up a DNS Forward Lookup Zone

Forward lookup zones are the specific zones which resolve domain names into IP
addresses. If you’ve followed the configuration instructions above, your forward lookup zone
should already be set up. If for some reason you need to set up a forward lookup zone after
configuring your DNS, you can follow these instructions:

First, open up DNS by navigating to the Start menu -> Administrative Tools -> DNS.

Expand the server and right click Forward Lookup Zones and click New Zone.

Click Next and select the type of zone you want to create.

Select the method to replicate zone data throughout the network and click Next.

Type in the name of the zone.

Select the type of updates you want to allow and click Next.

Once you’ve completed everything, click on Finish.

Changing the DNS Server for Network Interfaces

If you need to change the DNS server for different network interfaces, you can do so using
the following:

In Network Connections, right-click the local area connection, and then click Properties.

In Local Area Connection Properties, select Internet Protocol (TCP/IP), and then click
Properties.

Click Use the following DNS server addresses, and in Preferred DNS server and Alternate
DNS server, type the IP addresses of the preferred and alternate DNS servers.

To add more DNS servers, click the Advanced button.

Flush the DNS Resolver Cache

A DNS resolver cache is a temporary database created by a server to store data on recent
DNS lookups. Keeping a cache helps speed up the lookup process for returning IP
addresses. You can use the command ipconfig /displaydns to see what entries are currently
stored in your server’s cache.

Sometimes though, a virus will hijack a servers DNS cache and use it to re-route requests.
This is sometimes referred to as cache poisoning, and is one of several reasons why you
may want to flush the DNS cache.

To do so, enter the following command:

ipconfig /flushdns

When completed successfully, you should receive a message that says “Windows IP
configuration successfully flushed the DNS Resolver Cache.”

5- WSUS Installation

Figure 5. 23: Network Setup

On your Server, open Server Manager, on the Dashboard, click Add Roles and Features
then click next 3 times till you get Select server roles box, in Select server roles box, select
the Windows Server Update Services (In the pop-up window, click Add Features)… then
click Next…

Figure 5. 24: WSUS Installation

On the Select features box, click Next…

Figure 5. 25: WSUS Features

On the Windows Server Update Services box, click Next…

Figure 5. 26: WSUS Installation

On the Select role services box, verify that both WID Database and WSUS Services are
selected, and then click Next…

Figure 5. 27: WSUS Services

On the Content location selection box, type C:\Comsys WSUS, and then click Next…

Figure 5. 28: WSUS Path Selection

On the Web Server Role (IIS) box, click Next…

Figure 5. 29: IIS Role

On the Select role services box, click Next…

Figure 5. 30: Additional Services

On the Confirm installation selections box, click Install…

Figure 5. 31: Final WSUS Setup

When the installation completes, click Close…

Figure 5. 32: Installation Ongoing

Figure 5. 33: Installation Completed

Open Windows Server Update Services console, in the Complete WSUS Installation
window, click Run, and wait for the task to complete then click Close…

Figure 5. 34:WSUS Connection

Figure 5. 35:WSUS Connection Completed

In the Windows Server Update Services Configuration Wizard window, on the Before You
Begin, click Next to proceed…

Figure 5. 36: WSUS Configuration

On the Join the Microsoft Update Improvement Program, just click Next…

Figure 5. 37: WSUS Update Program

On the Choose Upstream Server box, click the Synchronize from Microsoft Update option
and then click Next…

Figure 5. 38: WSUS Upstream Server

On the Specify Proxy Server box, click Next…

Figure 5. 39: Proxy Server Setup

On the Connect to Upstream Server box, click Start Connecting. Wait for the Windows
Update to be applied, and then click Next…

Figure 5. 40: WSUS Connection Testing

Figure 5. 41: WSUS Connection Testing Done

On the Choose Languages box, click Next…

Figure 5. 42:WSUS Language Selection

On the Choose Products box, I choose Windows 8 and Windows Server 2012 R2 (you
can use any Updates follow by you existing application), and click Next…

Figure 5. 43: Product Selection

On the Choose Classifications box, I choose Critical Updates (you can choose all updates
classification if you require, and your internet is fast) click Next…

Figure 5. 44: Classification

On the Set Sync Schedule box, I choose Synchronize manually, then click Next…

Figure 5. 45: Synchronize Setup

On the Finished box, click the Begin initial synchronization option, and then click Finish…

Figure 5. 46: Begin initial synchronization

In the Windows Server Update Services console, in the navigation pane, double-click DC01,
and please spend few minutes to reviews what you had on the WSUS consoles and the
information…

** If you notice in my WSUS Server, WSUS is synchronizing update information, this might take few minutes…

Figure 5. 47: WSUS Synchronize

If everything goes well, on the synchronization status you can see that Status is Idle and
the Last Synchronization result: Succeeded…

Figure 5. 48: Sync Status

Next, let’s add Computer Group to WSUS, this method is to make sure that any computer
listed in the Computer Group will get the Updates from WSUS Server…

On the WSUS console, click Options and then double click Computers…

Figure 5. 49: Add Computers

In the Computers dialog box, select Use Group Policy or registry settings on computers
then click OK…

** I choose Use Group Policy because I wanted all my clients getting windows updates by
GPO…

Figure 5. 50: Group Policy or registry settings

Next, click All Computers, and then, in the Actions pane, click Add Computer Group…

Figure 5. 51: Adding Computer Group

In the Add Computer Group dialog box, in the Name text box, type Computer system
Laptop, and then click Add…

Figure 5. 52: Selecting Name for the Computer Group

Once you successfully add a New Computer Group to WSUS, now we need to create new
GPO and configure it so that all our clients will be affected by this GPO to get the
Windows Updates…

** On the Domain Server, open Group Policy Management, right click Computer system
Laptop and then click Create a GPO in this domain, and Link it here…

Figure 5. 53: Creating New GPO

In the New GPO dialog box, type WSUS Computer system Laptop, and then click OK…

Figure 5. 54: Name the Group GPO

Next, right-click WSUS Computer system Laptop, and then click Edit…

Figure 5. 55: Edit GPO

Next, in the Group Policy Management Editor, under Computer Configuration, double-
click Policies, double-click Administrative Templates, double-click Windows
Components, and then click Windows Update…

Figure 5. 56: Configure GPO

Next, in the setting pane, double-click Configure Automatic Updates, and then click the
Enabled option, under Options, in the Configure automatic updating field, click and
select 3 – Auto download and notify for install, and then click OK…

Figure 5. 57: Configure Automatic Update

In the Setting pane, double-click Specify intranet Microsoft update service location, and
then click the Enabled option, then in the Set the intranet update service for detecting
updates and the Set the intranet statistics server text boxes,
type http://dc01.comsys.local:8530, and then click OK…

Figure 5. 58: Specify intranet Microsoft update service location

In the Setting pane, double click Enable client-side targeting, in the Enable client-side
targeting dialog box, click the Enabled option, in the Target group name for this
computer text box, type Computer system Laptop, and then click OK…

Figure 5. 59: Enable client-side targeting

Next, let’s log in to our client PC as domain administrator and verify that our client is
receiving the GPO by typing gpresult /r in the command prompt, In the output of the
command, confirm that, under COMPUTER SETTINGS, WSUS Comsystem Laptop is
listed under Applied Group Policy Objects…

Figure 5. 60: Testing GPO

Next, we need to Initialize the Windows Update by typing Wuauclt.exe /reportnow
/detectnow in the cmd…

Figure 5. 61: Initialize the Windows Update

Next, we need to Approve and at the same time deploy an Update to our client PC…

in WSUS console, under Updates, click Critical Updates, right click any updates you
prefer for your client PC and then click Approve…

Figure 5. 62: Approve and deploy an Update

In the Approve Updates window, in the Comsystem Laptop drop-down list box,
select Approved for Install…

Figure 5. 63: Approved for Install

Next, Click OK and then click Close…

Figure 5. 64: Finale Approval

Figure 5. 65: Approval Status

Now, to deploy the selected updates, on the Client PC, in the cmd type Wuauclt.exe /detectnow…

Figure 5. 66: deploy the selected updates

before you confirm the client can receive the update from the WSUS Server, return to
WSUS Server and the on the WSUS console, on the Download Status, verify that the
necessary / selected updates is finish downloading…

Figure 5. 67: Update Download Status

Next, Click Critical Updates, the right panes, verify that few updates is stated 100%…

Figure 5. 68: Verify Critical Update

Now return to Client PC and open Windows Update from Control Panel, you should
notice update available for your client PC and you can proceed with installation…

Figure 5. 69: Install Downloaded Updates

Figure 5. 70: Installation Status

6- File Server

Login to the Domain Server

Open Server Manager from the Left down corner of server Desktop as shown below

Click on Add Roles & Features from Server Manager Dashboard as shown below.

Figure 5. 71: File Server Installation

Click on Next to Begin the Process as shown below

Figure 5. 72: Add Rule and Feature Wizard

By default, Role based or featured based Installation is selected already so we will continue
with default settings & click on Next as shown below

Figure 5. 73: Selecting Installation Type

On Next window Continue with default server (Test) selection & click on Next as shown
below

Figure 5. 74: Selecting Server

You can see the file and Storage services is selected already because we are installing this
service on Domain controller but if you install and add this Role service on any other fresh
server then you have to follow the same process.

Figure 5. 75: Select File Server Feature

After Next it will install the Services on the server on which you want to setup file & share
services.
After this we will open File & Storage service given on the Server Manager Dashboard as
shown below

Figure 5. 76: Installation Status

It will show you the file server details as shown below

Figure 5. 77: File Server and Storage Services

The Volume option will show you the Volume details of a file Server like System Reserve
Volume and C drive as shown below, you can create volume on a Physical disk or a virtual
disk.

Figure 5. 78: Create Storage and Volume

The disk option will show you the disk used to create volumes. You can attach more
Physical and virtual disk and after scan to detect the same you can further configure
volumes in the Disk.

Figure 5. 79: Volume and Disk

The Storage Pool option show you the details of group of physical disks which create a pool
that enable you to make more efficient use of disk capacity. Currently there is no other
storage attached with server so it shows empty area &You can add new storage pool from
the Task button given in the top right corner as shown.

Figure 5. 80: File Server Storage Pool

Shares option shows you the details of shared directory of a Server to other user & for
administrative purpose. You can create share from the Task button given in the top right
corner as shown.

Figure 5. 81: File Server Shares

Before that we will go to C drive to create a folder name test, Now we will come back to the
File and storage console.

Figure 5. 82: New Share

Click on New Share & continue with default settings by clicking Next button as shown

Figure 5. 83: New Share Setup

On the Server path selection folder select Custom path and click on browse as shown below

Figure 5. 84: Server path selection

Select the test folder and click on select folder

Figure 5. 85: Folder Selection

It will come back to the location(c:\test) & click on next

Figure 5. 86: Folder Setup Result

On the next window click specify the share name if you want otherwise, it will take the
default name automatically. Click on Next

Figure 5. 87: Specify the Share Name

On Configure sharing settings continue with default settings and click on Next

Figure 5. 88: Configuring Sharing Settings

The next page will show the default permission of that folder. If you want to edit permission,
you can do the same by customize permissions button else click on next

Figure 5. 89: Permission Folder

On the Confirm selection page click on create button.

Figure 5. 90:Setting Confirmation

You can see the share has been created.

Figure 5. 91: Setting Result

To verify go to C drive and right click on test folder & on the Properties page, select the
sharing tab and you can see the folder test is shared now.

Figure 5. 92: Verify Share

This is how we can manage folder sharing on file server.

4.2 Topology design (I.T)
A Network Topology is the arrangement with which computer systems or network devices
are connected to each other. Topologies may define both physical and logical aspect of the
network. Both logical and physical topologies could be same or different in a same network.

Topology Used (Tree Topology):

A tree topology is a special type of structure where many connected elements are arranged
like the branches of a tree. For example, tree topologies are frequently used to organize the
computers in a corporate network, or the information in a database.
In a tree topology, there can be only one connection between any two connected nodes.
Because any two nodes can have only one mutual connection, tree topologies create a
natural parent and child hierarchy.
In computer networks, a tree topology is also known as a star bus topology. It incorporates
elements of both a bus topology and a star topology. Below is an example network diagram
of a tree topology, where the central nodes of two-star networks are connected to one
another.

4.2.1 Main office topology design

4.2.2 Branch offices topology design
Not Applicable.
Chapter 5 | Configuration Procedure/Coding (IT)
5.1 Configuration Procedure

• Physical setup (Racking and wiring)

• Windows Server Installation
• Server Hardening and Setup
• Add Windows roles and features

Router and Switch Configuration:

• Physical setup (Racking and wiring)

• Configuring and coding devices

5.2 Configuration Coding

• Windows Server Installation

1: Installing Microsoft Windows Server as per requirement

2: Formatting desk and make ready server logical partition

3: Genuine Microsoft Windows

4: Windows should be updated online using control panel, windows update, install update

5: restart the server

6: Default administrator user must be renamed to guest and guest user must be renamed to
administrator then a super admin user must be added

7: Installing antivirus

8: join server to the domain controller

9: restarting the server

10: moving the server to its OU in Active Directory

11: Adding Super user to the domain admin and enterprise admin groups of AD

12: turning the server firewall off

13: Enable server remote access

14: select valid IP, Gateway, and DNS address to the server

15: Take backup of the server register in D Drive

• Server Hardening and Setup

1: apply the bellow changes in the Register after backup.

Default Share created by the system should be removed:

steps:

1: Click on [Start]>[run]>type'regedt32' and click [OK]

2: Locate the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
\

3: Find the value named AutoShareServer and change DWORD value to 0. if it is not
present then add it

Perform the following steps to configure TCP/IP parameters to reduce the likelihood and
effect od DoS attacks

1: open registery (regedt32.exe) and find the key bellow.

Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

2: Add to edit the following values:

Key: TCPIP\Parameters

Value: SynAttackProtect

Value Type: REG_DWORD

Parameter: 1

Key: TCPIP\Parameters

Value: EnableCMPRedirect

Value Type: REG_DWORD

Parameter: 0

Key: TCPIP\Parameters

Value: EnableDeadGWDetect
Value Type: REG_DWORD

Parameter: 0

Key: TCPIP\Parameters

Value: EnablePMTUDiscovery

Value Type: REG_DWORD

Parameter: 0

Key: TCPIP\Parameters

Value: KeepAliveTime

Value Type: REG_DWORD

Parameter: 300000

Key: TCPIP\Parameters

Value: DisableIPSourceRouting

Value Type: REG_DWORD

Parameter: 2

Key: TCPIP\Parameters

Value: TcpMaxConnectResponseRetransmissions

Value Type: REG_DWORD

Parameter: 2

Key: TCPIP\Parameters

Value: TcpMaxDataRetransmissions

Value Type: REG_DWORD

Parameter: 3
Key: TCPIP\Parameters

Value: TCPMaxPortsExhausted

Value Type: REG_DWORD

Parameter: 5

E&Y Recommendations

1: Remote Access Account Lockout Policy

regedit32 >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters
\AccoutnLockout > Set [MaxDanials] to 5 attempts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters
change the value of EnableAudit to 1

• Add Windows roles and features

Use the following steps to add Windows roles and features:

To open Server Manager, click the Server Manager icon in the taskbar or select Server
Manager in the Start Menu.

Click Manage in the upper right portion of the screen and click Add Roles and Features to
open a wizard.

Note: You cannot add roles and features until Server Manager finishes loading. Wait
until Server Manager loads before you add roles and features.

On the Before you begin page, click Next to begin. You can skip this page in the future by
checking Skip this page by default box.

On the Select installation type page, choose Role-based or feature-based installation and
click Next.

On the Server Selection page, choose the server to which you want to add the role or
feature. In most cases, this choice is the server you are logged in to. Click Next.
Select all desired roles on the Server Roles page. When you add roles, the wizard prompts
you to add prerequisite roles and features, if any. After you have selected the desired roles,
click Next.

Select all desired features on the Features page and click Next.

Complete the configuration of the selected roles and features and click Next on each screen.

After you complete the initial configuration of the chosen features, the Confirmation page
displays and lists a summary of the changes. Verify the changes before proceeding. If you
want the server to restart automatically after installation completes, check the box labeled
Restart the destination server automatically if required.

Click Install to add the chosen roles and features.

Router and Switch Configuration:

• Physical setup (Racking and wiring)

• Configuring and coding devices

Router Configuration:

Router> enable

Router# configure terminal

Router(config)# line vty 0 15

Router(config)# line console 0

Router(config)# interface gigabitEthernet 0/0/0

Router# show running-config

Router# copy running-config startup-config

Router(conf)#

Router(conf)# hostname R1

Router(conf)# banner motd "No unauthorized access allowed!"

Router(conf)# enable password class

Router(conf)# enable secret class

Router(conf)# service password-encryption

Router(config)# line vty 0 15

Router(config)# line console 0

Router(config)# interface gigabitEthernet 0/0/0

Router(config-line)#

Router(config-line)# password cisco

Router(config-line)# login

Router(config-line)# transport input all (line vty)

Router(config-if)#

Router(config-if)# interface gigabitEthernet 0/0/0

Router(config-if)# int g0/0 //command abbreviation

Router(config-if)# ip address 192.168.1.1 255.255.255.0

Router(config-if)# no shutdown

Testing:

Router# ping 192.168.1.100

Router# traceroute 192.168.1.100

Router# ssh 192.168.1.100

Router# telnet 192.168.1.100

Debugging:

Router# debug ?

Router# clock set 07:14:00 October 15 2019

Router# reload

Basic Switch Commands

=================================

Switch(greater than sign) enable

Switch# configure terminal

Switch(config)# line vty 0 15

Switch(config)# line console 0

Switch(config-line)#

Switch(config)# interface vlan 1

Switch(config-if)#

----------------------------

Switch#

Switch# configure terminal

Switch# show ?

Switch# show running-config

Switch# copy running-config startup-config

Switch# ping 192.168.1.100

Switch# traceroute 192.168.1.100

Switch# ssh 192.168.1.100

Switch# telnet 192.168.1.100

Switch# debug ?

Switch# clock set 07:14:00 October 15 2019

Switch# reload

---------------------------------

Switch(conf)#

Switch(conf)# hostname R1

Switch(conf)# banner motd "No unauthorized access allowed!"

Switch(conf)# enable password class

Switch(conf)# enable secret class

Switch(conf)# service password-encryption

Switch(config)# line vty 0 15

Switch(config)# line console 0

Switch(config)# interface vlan 1

----------------------------------------------------

Switch(config-line)#

Switch(config-line)# password cisco

Switch(config-line)# login

Switch(config-line)# transport input all (line vty)

----------------------------------------------------

Switch(config-if)#

Switch(config-if)# interface vlan 1

Switch(config-if)# ip address 192.168.1.2 255.255.255.0

Switch(config-if)# no shutdown

Switch(config-if)# exit

Switch(config)# ip default-gateway 192.168.1.1

Extra helpful commands:

=========================

Router(conf)# no ip domain-lookup //prevents miss-typed commands from

being "translated..."

Router(conf-line)# logging synchronous //prevents logging output from interrupting

your
Chapter 6 | Testing
6.1 Testing techniques and testing
6.2 Testing report
6.3 Debugging report
Chapter 7 | Cost Estimation
7.1. Approximate cost of the hardware
Hardware Price Quantity
PowerEdge R240 Rack Server $619.00 One
Diesel Engine Power Distributor $4,299 1-4 set
Sophos XG 86 VPN Firewall $795.00 One
Cisco 2800 ISR router $3895 One
Cisco Catalyst 9200 Series Switch $6764 One
Rack 42U $899 One
AC $16,666 One
Fire Alarm (Smoke Detector) $100 One
UPS (Battery) $8,474.77 One
Rj45 Connector $10.22 One Pack
Network Cables $100 One Pack
HikVision Security Camera $1,378.00 Whole Service
Pack

7.2. Approximate cost of the software

Software Price
Windows Server 2016 $110

7.3. Approximate cost of the project implementation

Networking $ 2000
Power and electricity $ 10,000
CCTV Configuration $ 500
Infrastructure Team Service Pay $ 5,000
Risk and extra costs $ 10,000

7.4. Overall cost of the project

$ 71609.22
Chapter 8 | Future Plans and Expansion
8.1 Future plan
• Building a Sustainable Data Center

To me, building a sustainable data center means building facilities that don’t have a
lasting, detrimental impact on the planet. It means powering our data centers from
renewable energy sources; it means designing the most energy efficient facilities
we possibly can and using the very latest techniques and engineering infrastructure
to provide efficient power and cooling to our data halls.

It also means considering the recyclable content of materials we use for our
facilities, minimizing waste to landfill and consider recycling waste heat, whilst
ensuring our facilities are well maintained. It means working with our customers to
ensure they are streamlining their computing practices and deploying highly
efficient server technology.

Today, renewable energy is often less expensive than brown power. Buyers can
negotiate long-term fixed-price or stable-price contracts for energy. This means
energy costs from companies using renewables are likely to be more stable and
offer more reliable pricing than fossil fuels.

If we can do all these things, then we are moving toward a sustainable data center
and a sustainable business. What’s good for the planet is good for business.

• How the Internet of Things (IoT) Has Impacted Data Center

Development

IoT devices gather large amounts of data which can put big demands on data
centers and their networks. Whilst much of the focus around the IoT tends to be
around the decentralization of deployment or edge computing, where devices sit
close to the end points they are monitoring, the centralized data center and Cloud
still play a crucial part as data is streamed back to a centralized hub for analysis.

Connectivity is often an issue as most of these applications require a low latency

connection from their out-of-town location back to the centralized data center.

Ironically, this means that despite measures taken to reduce energy consumption
and carbon emissions – things like electric vehicles, autonomous cars, smart
building systems controlling efficient use of HVAC systems through temperature
sensors, reduced airline travel by holding video calls, etc. – this drives more traffic
through our data centers and increases energy consumption.
In terms of Edge data centers, we are seeing increasing demand from customers
who require smaller parcels of IT capacity in out-of-town locations. This can be a
challenge for data center operators, since the size of a potential deployment may
not justify the investment required to build a new facility outside of primary data
center locations.

At Iron Mountain Data Centers, we have a unique advantage on Edge data centers
since we already operate 1,450 global storage facilities through Iron Mountain
Group. This provides access to existing facilities in many secondary and tertiary
locations.

• Selecting a Building Site

When it comes to selecting a data center location, customer demand is usually

focused on developed and established locations. As a result, all of the pre-
requisites of data center facilities – available power, access to established
networks and connectivity, local governments who understand and welcome data
center businesses – are available and can deliver functional facilities in a timely
and cost effective manner.

From a funding perspective, debt and equity lenders are far more comfortable
lending for developments in established markets such as the FLAP markets in
Europe; North Virginia, Phoenix, Dallas, New York, Silicon Valley, Atlanta and
Chicago in North America; and Singapore, Hong Kong, India, Australia and Japan
in APAC.

• Data Center Locations in Demand

At Iron Mountain Data Centers, all our developed markets are in demand. In
Europe, we’re seeing demand in FLAP and the Nordic countries, as well as
inquiries from places like Berlin and Munich in Germany, Milan in Italy, Madrid in
Spain, and other locations in Switzerland, Poland, Turkey and Belgium.

In North America, all the key markets are busy, but our biggest demand continues
to come in Virginia and Phoenix.

In APAC, our Singapore facility is close to being full and we are seeing increasing
amounts of inquiries for Hong Kong and Indonesia. Our largest growth potential,
however, is coming from India, where we expect demand to double over the next
couple of years in markets such as Mumbai, Chennai, Bangalore, Kolkata,
Hyderabad and Pune.
 • Different Solutions for a Variety of Customers

Data center customers are diverse, and their data center needs are too. Our retail
colocation customers often want a standard product offering in an existing facility.
We strive to provide tailor-made solutions for our customers, but many colocation
customers are happy with standard designs and can make it work for their
requirements.

Our bigger customers often have specific engineering requirements. These are
often larger deployments that require exclusive use of a data hall and the
associated engineering infrastructure. We are seeing an increasing trend for some
of our bigger customers to be actively involved in the design process.

• The Data Center of the Future

In the future, I think we will see a rise in decentralized locations for data centers,
driven by Edge. Data centers will be far more efficient in the engineering
infrastructure, as well as the efficiency of the servers deployed within the facilities.
As design evolves, data centers will hopefully consume less energy, generate less
heat and be able to operate at higher temperatures.

I suspect the operating temperatures within data halls will increase and engineering
infrastructure will be simplified as customers will be more dependent on the
resiliency of their own equipment, rather than rely on the infrastructure of their host.
AI will inevitably be used to much greater effect to ensure efficiency and resilience.

We will also see more carbon reduction technology such as carbon scrubbers.
These are just one more step towards a future where data centers become
harmless to the environment. Hopefully, with each new development, we are closer
to meeting that goal.

8.2 Expansion possibility

This project consisted of a Data Center Design renovation and expansion of an
existing 800 sq/ft data center which included infrastructure upgrade and increase of
overall footprint. The existing and expanded data center had to utilize independent
cooling systems (separate from the building plant), independent electrical supply
and redundant UPS and cooling equipment.

Additional infrastructure was added to their UPS room, UPS/Switch room and the
data center. These renovated rooms are now primarily cooled by a dedicated
Glycol Cooling System being distributed by a two 15 hp Glycol Pump Package with
three 3- fan Liebert dry coolers located on the roof of the 4th floor. All rooms are
now protected by a new fire suppression system and environmental monitoring was
added to monitor the new Liebert equipment installed, all fire suppression/detection
systems, the existing UPS system and the water detection system was expanded.

The renovation consisted of decommissioning and removal of four up-flow

computer room air conditioning units and three roof top dry coolers. Demolition of
existing interior walls and ceiling to accommodate new expanded data center area.
Construction of new and repairing of existing walls; all walls were constructed
and/or repaired to conform to the UL 419 1 hour assembly rating. Installation of a
new suspended ceiling system with 24” x 24” vinyl faced acoustical panels, new
lighting throughout expansion area and raised access floor with 1/16” high
performance.

EEC coordinated all delivery and rigging for provided equipment and also
coordinated the equipment start-up and certifications services for all new
equipment with the factory authorized technicians. The company also contracts
with EEC to maintain all UPS systems, UPS batteries, HVAC systems, and fire
suppression/detection systems.

Below are the details of the project:

850 sq/ft Data Center expansion area with a Tate 12” Raised Access Floor System

Protected by:

Novec 1230 Fire Suppression System

Pre-Action Sprinkler Fire Suppression System

Photoelectric and Ionization Smoke Detection

Cooled by:

Two Liebert 15-Ton DS Down Flow AC units

Room Power Distribution:

Two Square D 42-Pole Panel boards

Raised Access Floor System

Tate Access Floor System

ConCore Tiles rated for a 1250 design load

Supported by a 4’ basket weave bolted stringer system

140 sq/ft Existing UPS Room

Protected by:

Novec 1230 Fire Suppression System

Pre-Action Sprinkler Fire Suppression System

Photoelectric and Ionization Smoke Detection

Cooled by:

One Liebert 5-Ton Mini-Mate AC unit

800 sq/ft Existing UPS/Switch Room

Protected by:

Novec 1230 Fire Suppression system

Pre-Action Sprinkler Fire Suppression System

Photoelectric and Ionization Smoke Detection

Cooled by:

One Liebert 15-Ton DS Down Flow AC unit

UPS Power:

One Liebert NX Series 160 kVA Uninterruptible Power Supply

Two 40 Jar UPS Battery Cabinets

One 600 AMP Maintenance Bypass Panelboard

Room Power Distribution:

One Square D 42-Pole Panel boards.

1,500 sq/ft Existing Data Center

Protected by:

Novec 1230 Fire Suppression system

Pre-Action Sprinkler Fire Suppression System

Photoelectric and Ionization Smoke Detection

Cooled by:

Two Liebert 15-Ton DS Down Flow AC unit

Room Power Distribution:

Three Square D 42-Pole Panel boards

One 800 AMP Maintenance Bypass Panel in main electrical room

One 400 AMP MLO circuit breaker panel

Environmental Monitoring

Expanded RLE LD2500 water detection system to monitor under the expansion
area raised access floor system

One Liebert N-Form Enterprise Edition Complete Monitoring Solution. This system
is currently monitoring all the new Liebert equipment installed, all fire
suppression/detection systems, as well as the existing UPS system.
Conclusion
The consolidation of distributed data centers or server rooms on university
campuses offers many advantages to their owners and administrators, but only
minimal disadvantages. The University at Albany carried out a decade-long project
to design and build a state-of-the-art data center. The libraries participated in a two-
year project to migrate their servers to the new data center. This included the hire
of a data center migration consulting firm, the development of a migration plan and
schedule for the physical move that took place late summer 2014. The authors
have found that there are many advantages to consolidating data centers, including
taking advantage of economies of scale, an improved physical environment, better
backup services and security systems, and more. Lessons learned from this
experience include the value of participating in the process, reviewing migration
schedules carefully, clarifying the costs of consolidation, contributing to the
development of an SLA, and communicating all plans and developments to the
libraries’ customers, including faculty, staff, and students. As other university
libraries consider the possibility of consolidating their data centers, the authors
hope that this paper will provide some guidance to their efforts.
References