Professional Documents
Culture Documents
Introduce 2
Introduce 2
Mc Lc
LI CM N....................................................................................................8 LI M U....................................................................................................9 CHNG I : MNG INTERNET L G? I. GII THIU........................................................................................................11 II. III. LI CH V TC HI............................................................................11 GIAO THC KT NI INTERNET (PROTCOL)..................................12 1. LP APPLICATION.....................................................................14 2. LP TRANSPORT........................................................................16 3. LP INTERNET...........................................................................17 4. LP NETWORK INTERFACE....................................................22 5. TERMINAL SERVICES (TS )......................................................25
6. TFTP (TRIVIAL FILE TRANSFER PROTOCOL)......................25
CHNG II : S LC V HH WINDOW CA MICROSOFT PHN I : S LC V S PHT TRIN....................................................27 PHN II: GII THIU V CC H IU HNH WINDOWS CA MICROSOFT....................................................................................28
1. DOS...............................................................................................28 2. WINDOWS 1.0..............................................................................29 3. WINDOWS 2.0..............................................................................30 4. WINDOWS 3.0..............................................................................31 5. WINDOWS 3.1..............................................................................32 6. WINDOWS CHO CC NHM LM VIC (WORKGROUP). . .33 7. WINDOWS NT.............................................................................33 1 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
8. WINDOWS 95...............................................................................35 9. WINDOWS 98...............................................................................36 10. WINDOWS ME.............................................................................37 11. WINDOWS 2000...........................................................................37 12. WINDOWS XP..............................................................................38 13. WINDOWS VISTA.......................................................................39 14. WINDOWS 7.................................................................................41
15. WINDOWS 8.................................................................................42 CHNG III : H IU HNH MICROSOFT WINDOWS SERVER 2003
I.
TNG QUAN V HH WINDOWS SERVER 2003..............................52 CHUN B CI T WINDOWS SERVER 2003.................................53 YU CU PHN CNG.........................................................................56 TNG THCH PHN CNG...............................................................57 CI T MI HOC NNG CP........................................................57 PHN CHIA A.................................................................................58 CHN H THNG TP TIN..................................................................59
VIII. CHN CH S DNG GIY PHP...............................................59 IX. 1. 2. CHN PHUNG PHP KT NI MNG.............................................60
CC GIAO THC KT NI MNG................................................................60 THNH VIN TRONG WORKGROUP HOC DOMAIN...............................60 X. CI T WINDOWS SERVER 2003.....................................................60 1. GIAI ON PREINSTALLATION..............................................60
CI T T H IU HNH KHC.............................................................61 CI T TRC TIP T A CD Windows 2003..........................................61 CI T WINDOWS SERVER 2003 T MNG............................................61
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 2 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
XI. XII.
XIII. T NG HA DNG THAM BIN DNG LNH............................70 XIV. S DNG SETUP MANAGER TO RA TP TIN TR LI........71 XV. S DNG TP TIN TR LI................................................................80
CHNG IV : GII THIU S LC V WINDOWS SERVER 2008 I. TNG QUAN.....................................................................................82 1. 2. 3. 4. 5. NN TNG CHC CHN CHO DOANH NGHIP.........................................84 TCH HP CNG NGH O HA...................................................................85 C XY DNG PHC V WEB................................................................86 BO MT CAO..................................................................................................86 TNH TON HIU NNG CAO........................................................................87 II. YU CU H THNG......................................................................87 III. IM NI BT CA WINDOWS SERVER 2008...........................88 CHNG V : ISA SERVER
I.
GII THIU........................................................................................................94 SO SNH HAI PHIN BN STANDAR V ENTERPRISE............................96 SO SNH ISA 2004 V ISA 2006.....................................................................97 1. 2. 3. KH NNG PUBLISHING SERVICES..............98 KH NNG KT NI VPN................................98 KH NNG QUN L.......................................98
II. III.
IV.
ISA FIREWALL Client.......................................................................................99 1. CC FILE BN GHI CA ISA 2004...........................................101 2. KH NNG H TR NNG CAO.............................................102
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 3 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
FIREWALL CLIENT LM VIC TH NO ?.................................................104 CNH BO BO MT ISA FIREWALL.........................................................105 YU CU CI T...........................................................................................106 CI T ISA SERVER 2006 STANDAR EDITION........................................109 KT LUN.........................................................................................................115 CHNG VI : GII THIU V VPN (VIRTUAL PRIVATE NETWORK)
I. II.
LCH S V TNH TRNG..............................................................................116 GII THIU TNG QUAN................................................................................116 1. 2. 3. 4. TNG QUAN.......................................................116 LI CH CA VPN..............................................117 CHC NNG CA VPN.....................................118 NH NGHA NG HM V M HA 118 5. MT S THUT NG S DNG TRONG VPN 119
CC LOI VPN..................................................................................................121 C CH AN NINH.............................................................................................122 XC THC.........................................................................................................123 MNG LI PHN PHI NG TIN CY...................................................125 CC DNG CA VPN......................................................................................125 1. REMOTE ACCESS VPN..............................................................126 2. VPN SITE TO SITE.........................................................128
VIII...........................................................................................................VPN TRONG MI TRNG DI NG.........................................................135 CHNG VII. CC GIAO THC TRONG VPN I. B GIAO THC IPSEC.....................................................................136
1. CU TRC BO MT......................................................................136
2. HIN TRNG.....................................................................................137 3. CH LM VIC CA IPSEC.....................................................137 3.1. CH CHUYN VN.............................................................137 3.2. CH NG HM..............................................................138 II. GIAO THC GI AN TON ESP....................................................141 III. GIAO THC CHC THC MC U AH.....................................141 IV.GIAO THC TRAO I CHA KHA INERNET..........................142 V. GIAO THC PPTP V L2TP............................................................145 1. 2. GIAO THC NH NG HM TI IM..145 QUAN H GIA PPTP V PPP..........................147
VI.GIAO THC CHUYN TIP LP 2.................................................149 1. 2. 3. LP 2 4. GIAO THC NH NG HM LP 2.........151 QUAN H GIA L2TP V PPP..........................152 TNG QUAN GIAO THC NH NG HM 153 NG DNG L2TP TRONG VPN........................158
CHNG VIII. M HA V CHNG THC TRONG VPN I. TNG QUAN.....................................................................................161 II. THUT TON M HA DES..........................................................161 1. 2. 3. M T DES..........................................................162 U V NHC IM CA DES......................163 NG DNG THUT TON DES TRONG THC T 163 III. THUT TON M 3DESS...............................................................164 1.
2.
IV.GII HM THUT BM..................................................................165 V. GII THUT RSA.............................................................................165 VI.CHNG THC TRONG VPN...........................................................166 1. PASSWORD AUTHENTICATION PROTOCOL (PAP) 168 2. PROTOCOL CHALLENGE HANDSHARE AUTHENTICATION 169
VII.............................................................................................................M HNH KT HP FIREWALL VI VPN.................................................169 CHNG IX : VPN SERVER CLIENT TO GATEWAY TRN ISA SERVER 2006 STANDARD EDITTION I. GII THIU.......................................................................................171 1. 2. II. III. M HNH CHI TIT............................................171 MC CH...........................................................171
IV. V.
CHNG X : VPN SERVER GATE TO GATEWAY TRN ISA SERVER 2006 STANDARD EDITTION I.
II.
III. IV. V.
CHNG XI : TRIN KHAI M HNH VPN SERVER THNG QUA INTERNET I. II. GII THIU CHUNG........................................................................213 CC BC CI T VPN SERVER THNG QUA INTERNET. .213 1. 2. III. CHUN B............................................................213 CC BC THC HIN....................................214
KT LUN.........................................................................................234
Li Cm n
Trc khi thc hin ti nghin cu ny, chng em l nhng sinh vin cn nhiu hn ch v kin thc v chuyn mn. Chnh v vy, khi thc hin ti VPN Server chng em c gng ht sc hon thnh ti ny vi nhng kin thc c hc, v nhng thng tin mi nht m c cp nht hng ngy trn mng Internet. Nhng vn cha chng em c th hon thnh tt ti, bn cnh chng em cng xin gi li chn thnh cm n n Gio Vin Hng Dn, b sung thm nhng kin thc hu ch, v tn tnh hng dn chng em. Ngoi nhng kin thc chng em c hc trn lp, gip cho chng em nng cao trnh v c nhng tng nghin cu v ti Virtual Private Network (VPN). Trong lc thc hin ti VPN vi nhng iu hc, th Thy cng gi cho chng em c thm nhiu tng mi pht trin rng hn m hnh VPN Server. Cui cng, xin chn thnh cm n tt c qu thy c trng CKT-Vn Xun to mi thun li cho chng em c nhng iu kin tt nht hon thnh tt ti ny. Rt mong bi bo co ti Virtual Private Network Server ca nhm chng em lm hi lng mi ngi. Trong khi thc hin ti, chng em cn nhiu thiu xt, knh mong c s ch dy ca qu thy c.
Li m u
Hin nay, chng ta ang sng trong thi i ca cng ngh thng tin. Mt chic my tnh c nhn (PCs) l khng th thiu trong thi i m tin tc t cc mng Internet lun cp nht v pht trin mt cch nhanh chng. T khi xut hin mng my tnh, tnh hiu qu tin li ca mng Internet lm thay i phng thc khai thc my tnh c in. Mng Internet v cng ngh v mng mc d ra i cch y khng lu nhng n c trin khai ng dng hu ht khp mi ni trn hnh tinh chng ta. Chnh v vy chng bao lu na nhng kin thc v tin hc vin thng ni chung v v mng Internet ni ring s tr nn kin thc ph thng khng th thiu c cho nhng ngi khai thc mng my vi tnh, v th m nhu cu v mng Internet ca mi ngi ngay cng tng. ng thi cng vi vic khai thc cc thng tin mng, ngi K Thut Vin cng cn phi qun l mng nhm khai thc mng hiu qu v an ton. Qun l mng l mt cng vic rt phc tp, c lin quan n hng lot vn nh: * * * * * Qun l li. Qun l cu hnh. Qun l an ninh mng Qun l hiu qu. Qun l ti khon.
lm c iu ny mt cch c hiu qu phi theo di mt cch ton din tnh trng hot ng ca mng bng cch s dng cc nghi thc qun tr mng. Trong phn ny chng ti xin gii thiu v hng dn cc bn cc ci t v thit lp h thng qun tr mng, dch v mng, cc ng dng v mt s th thut v mng Internet. Trong phn ny chng ta s tm hiu v: - MNG INTERNET L G ? Trong phn ny chng ta s tm hiu s lc v mng ton cu hay cn gi l Internet. Vy Internet l g? N c pht trin nh th no? Nhng li ch v tc hi ca mng Internet? V.v - S LC V H IU HNH WINDOWS CA MICROSOFT:
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 9 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
y chng ta s cng bit c s hnh thnh v pht trin ca h iu hnh Windows ca Microsoft qua cc thi k khc nhau, v bit c nhng c im, chc nng, giao din,.ca tng phin bn dnh cho PCs. Mt khc, cng s gii thiu n cc bn cc h iu hnh dng trong ngnh qun tr mng chng hn nh :
1. Microsoft Windows Server 2003 Enterprise Edition 2. Microsoft Windows Server 2003 Standard Edition 3. Microsoft Windows Server 2003 Datacenter Edition 4. Microsoft Windows Server 2003 Web Edition
- H IU HNH MICROSOFT WINDOWS SERVER 2003 C th hn, chng ta s cng tm hiu v lm vic trn phin bn Microsoft Windows Server 2003 Enterprise Edition. Chng ta s tm hiu cch ci t, cu hnh, v thit lp cc quyn qun tr trn Windows Server 2003 ca Microsoft. i km theo yu cu qun tr th chng ta cn c thm mt s dch v mng i km vi yu cu ca tng cng vic qun tr. c th lm c iu chng ta cn hiu r v tng dch v v cch ci t v cu hnh cho tng dch v. - VPN SERVER : Phn ny s l ni dung chnh, s cng cp cho cc bn mt s dch v mng. V s hng dn c th cho cc bn v Virtual Private Network (VPN) hay cn c gi l Mng ring o. Cc bn s c tm hiu lch s, tnh trng, v cch thc cu hnh, cng nh truyn dn trn mng ca dch v ny. Chng ta cn tm hiu thm v xy dng cc loi VPN nh : VPN Server, VPN Client, VPN Tunnel, DMVPN (Dynamic Multipoint VPN),. Trong phn ny s hng dn cc bn cu hnh m hnh : VPN Client to Gateway v VPN Gateway to Gateway, Xy dng VPN Server thng qua kt ni Internet.
II. Li ch v tc hi :
a.
t, trao i thng tin, hp tc, giao lu gia mi c nhn, t chc v quc gia trn khp hnh tinh din ra nhanh chng v cc k tin ch, gp phn vo s pht trin ca quyn t do ngn lun trn ton th gii.Vi s hin din ca cng ngh thng tin v truyn thng, thng tin do c nhn thc hin quyn t do ngn lun gi n x hi dng nh c nhn ln gp nm, gp mi v vi tc m tin tc t bn kia tri t c th ti bn ny tri t ch sau t pht. Mi ngi u c quyn bnh ng nh nhau, c th by t kin ca mnh trn cc din n, bnh lun ngay cnhng vn lin quan n php lut v vic qun l nh nc. Chat l mt trong nhng loi hnh giao lu kt bn rt hay nu s dng ng mc ch. Xt v mt tch cc, loi hnh ny gip ch rt nhiu cho mi ngi trong cuc sng, c bit l trong giao tip, nht l la tui hc sinh. Cc em c c hi c trao i, tho lun, by t kin v hc hi kinh nghim khi tham gia cc din n. Chia s cm xc trn cc trang mng x hi, nht k cc nhn trn mng ang l cn st khng ch i vi cc em nh m ngay c ngi ln cng b cun ht vo nhng trang nht k online. Khng nhng vy, mi ngi cn c th vo Internet nghe nhc, xem phim, hi kch,.. hay gp g nhng ngi ni ting m mnh hm m. Chnh v vy, Internet gip cho mi ngi trn ton th gii gn gi nhau hn, l n by gip pht huy sc mnh cng ng, trong c sc mnh ca nhng ngi tr, gp phn xy dng v pht trin
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 11 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
kinh t tri thc. Ni tm gn hn, mng Internet ging nh mt th gii thu nh m tt c nhng g chng ta tm kim u c th tm thy cch d dng.
b.
mt tri ca n. Vi s pht trin nhanh chng, v s thun li ca Internet nhiu k li dng iu ny ph hoi. Nhng k ph hoi thng c gi vi ci tn hacker, mt s hacker vit nhng on chng trnh ph hoi m ta thng gi vi tn virus, trojan, spyware,v pht tn trn mng, ch cn truy cp Internet th nhng chng trnh ny s xm nhp vo my tnh ca bn. C loi s t nhn bn lm cho tn dung lng cng nhng c loi s ph hy h thng, lm h c h iu hnh. T hi hn chng c th n cp d liu, lm r r thng tin, nht l ti khon ca khch hng cc ngn hng, gy tn tht ln cho cc cng ty, doanh nghip Qua nhng li ch v tc hi ca Internet nu trn, ta nhn thy mt iu rng nu ta s dng ng cch, c chn lc v c nhng bin php ngn chn nhng chng trnh ph hoi th Internet tht l tuyt vi. V vy, nh nc cn pht trin ngun nhn lc c tri thc, ngi lao ng bit s dng Internet v tng bc tham gia tng tc vi Internet phc v cho li ch ca mnh, nhn rng cc m hnh kinh doanh sng to v thc y mt mi trng cnh tranh lnh mnh. Khng nhng vy,mi ngi cn nng cao nhn thc ng n v Internet ngay c ngi cung cp dch v v ngi s dng Internet c pht trin v s dng hiu qu, phc v cho tng trng kinh t x hi v i sng nhn dn. III. GIAO THC KT NI INTERNET (PROTCOL): TCP/IP l giao thc hu ht c s dng ngy nay. Trong bi ny chng ti s gii thiu v gii thch v chc nng, cch thc hat ng ca giao thc TCP/IP. Ta cng s uc tm hiu qua mt s m hnh c trong mng Internet. Vy giao thc ( Protocol ) mng l g ? Giao thc cng nh l ngn ng c dng hai my tnh c th ni chuyn c vi nhau. Cng nh trong cuc sng hng ngy nu chng ta khng ni cng mt ngn ng th khng th trao i thng tin cho nhau c .
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 12 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
M hnh OSI cho nhng giao thc mng c hng dn v gii thiu chi tit trong cc ti liu qun tr mng. TCP/IP khng phi l mt giao thc m l mt tp hp giao thc Cm giao thc - , nhng hu ht chng ta vn ch gi l Giao thc TCP/IP. ng nh ci tn ca n chng ta hiu n l hai giao thc khc nhau : TCP (Transmission Control Protocol Giao thc iu khin truyn ) v IP (Internet Protocol Giao thc Internet). C mt vi giao thc khc lin quan ti TCP/IP nh : FTP , HTTP , SMTP v UDP v cn mt vi tn na .
Hnh 1 : Cu trc ca TCP/IP Nh bn thy , TCP/IP c bn lp (M hnh OSI c 7 lp) . Nhng chng trnh s thng qua lp Application. Trong lp Application bn s tm thy nhng giao thc Application nh : SMTP ( cho Email ) , FTP ( truyn file ) v HTTP ( cho duyt Web ) . Mi loi chng trnh thng quacdb nhng giao thc Application khc nhau v n s ph thuc vo mc ch ca chng trnh . Sau khi chng trnh x l yu cu , giao thc trong lp Application s ni chuyn ti giao thc khc t lp Transfer, thng thng l TCP. Lp ny c nhim
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 13 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
v nhn d liu t lp trn gi xung, chia chng thnh nhng gi( Packet ) v gi tip nhng gi ny xung lp pha di, Internet. Ngoi ra , trong lc nhn d liu , lp ny c nhim v t gi d liu c nhn t mng theo th t v kim tra ni dung ca gi d liu xem c b hng hay khng . Trong lp Internet chng ta c giao thc IP ( Internet Protocol ) , m ly nhng gi c nhn t lp Transport v thm thng tin a ch o , c ngha l thm a ch ca my tnh m ang gi d liu v a ch ca my tnh s nhn d liu ny . Nhng a ch o ny c gi l a ch IP . Sau gi c gi ti lp thp hn , Network Interface . Trong lp ny d liu c gi l Datagram . Network Interface s ly nhng gi c lp Internet gi n v gi chng ln mng ( hoc nhn chng t mng , nu my tnh ang nhn d liu ) . Nhng g xy ra bn trong lp ny s ph thuc vo kiu mng my tnh ca bn dng . Ngy nay hu ht mi my tnh u dng kiu mng m gi l Ethernet ( c sn vi kiu tc khc nhau , mng Wireless cng l mng Ethernet ) v nh vy bn trong lp Network Interface l c lp Ethernet gm c LLC (Logic Link Control ) , MAC (Media Access Control ) v Physical , lit k t trn xung di . Nhng gi truyn trn mng c gi l nhng Frame
1.
Lp Application :
Lp ny lm nhim v truyn t gia nhng chng trnh v nhng giao thc
Transport . C mt vi kiu Giao thc khc nhau lm vic trong lp Application. Hu ht mi ngi bit cc Giao thc nh : HTTP (HyperText Transfer Protocol), SMTP (Simple Mail Transfer Protocol), FTP (File Transfer Protocol), SNMP (Simple Network Management Protocol), DNS (Domain Name System) v Telnet. Khi bn yu cu chng trnh E-mail ca bn ( gi l Email Client ) ti Email c lu tr trn my ch v my tnh ca bn , h thng s gi yu cu ny ti lp Application ca TCP/IP v yu cu giao thc SMTP phc v . Khi bn g a ch WWW vo chng trnh duyt Web m trang Web , chng trnh duyt
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 14 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Web s yu cu lp nhim v ny ti lp Application ca TCP/IP , v s c giao thc HTTP phc v ( v cng chnh l nguyn nhn ti sao bt u mt trang Web phi c http:// ). Nhng ngy nay do cn uc bo mt v thng tin nn giao thc HTPPS phc v m bo tnh bo mt Lp Application ni chuyn ti lp Transport qua cng ( Port ). Nhng cng c nh bng s v nhng ng dng chun thng dng cng cng. V d: giao thc SMTP thng dng cng 25 , giao thc HTTP thng dng cng 80 v giao thc FTP thng dng cng 20 ( truyn d liu ) v cng 21 ( iu khin ) . Vic dng cng bng s cho php giao thc Transport( thng thng TCP ) bit loi ni dung no cha bn trong gi ( Packet ) - V d : bit rng d liu ang c truyn l Email - . Do khi nhn gi ti cng 25 , giao thc TCP s bit rng n phi giao d liu vi giao thc ni ti cng ny , thng thng l SMTP, v n s quay li giao d liu ti chng trnh yu cu ( chng trnh Email ) . Hnh di minh ho xem lp Application lm vic nh th no
Hnh 2
2.
Lp Transport :
Khi truyn d liu , lp Transport ly d liu t lp Application v chia chng
ra thnh nhiu gi ( Packet ) d liu. TCP (Transmission Control Protocol ) l giao thc hu nh c dng trong lp Transport . Khi d liu nhn, giao thc TCP ly nhng gi c gi t lp Internet v t chng theo th t ca n , bi v nhng gi c th n v tr ch theo phng thc Out-of-Order khng theo mt th t , v kim tra nu ni dung ca gi nhn c nguyn vn hay khng v gi tn hiu Acknowledge - chp nhn - ti my truyn , cho bit gi d liu n ch c an ton . Nu khng c tn hiu Acknowledge ca bn nhn ( c ngha l d liu cha n ch hoc d liu b li ), bn truyn s truyn li gi d liu b mt . Trong khi TCP sp xp li nhng gi v cng dng h thng Acknowledge m chng ta cp , khi s dng truyn d liu , nhng li l mt giao thc khc m lm vic trong lp ny m khng c hai c im . Giao thc gi l UDP (User Datagram Protocol ). Nh vy , TCP c coi nh l mt giao thc tin cy , trong khi UDP c coi nh l mt giao thc khng ng tin cy . Thng thng UDP c dng khi khng c d liu quan trong c truyn , thng thng do DNS (Domain Name System H thng tn Domain ) yu cu . Bi v n khng thc hin vic sp xp li d liu cng nh h thng Acknowledge , UDP nhanh hn TCP . Khi UDP c dng , ng dng m yu cu truyn s c nhim v kim tra d liu n xem n c cn y hay khng v cng sp xp li nhng gi n , iu c ngha l ng dng c nhim v ca TCP. C hai UDP v TCP s ly d liu t lp Application v thm Header vo n khi truyn d liu . Khi nhn d liu , Header s b g trc khi gi d liu ti cng thch hp . Trong Header ny c mt vi thng tin iu khin . lin quan ti s cng ngun , s cng ti ch , chui s ( h thng sp xp li d liu v h thng Acknowledge s dng trong TCP ) v Checksum ( dng tnh ton xem d liu
n ch c b li hay khng ) . Header ca UDP c 8 Byte trong khi Header ca TCP/IP c 20 hoc 24 byte ( tu theo kiu File la chn ) . Trong hnh di , chng ta minh ho gi d liu pht ra t lp Transport . D liu ny s c gi ti lp Internet ( nu chng ta truyn d liu ) hoc c gi t lp Internet ti ( nu chng ta nhn d liu )
3.
Lp Internet :
Trong mng s dng cm giao thc TCP/IP mi mt my tnh c nhn bit
bng mt a ch o duy nht , c gi l a ch IP . Lp Internet c nhim v thm Header ti gi d liu c nhn t lp Transport , l mt loi d liu iu khin khc , n s thm a ch IP ngun v a ch IP ch c ngha l a ch IP ca my tnh ang gi d liu v a ch IP ca my tnh m s nhn d liu . Card mng ca mi my tnh c gn bng mt a ch vt l . a ch ny c ghi trong ROM ca Card mng v n c gi l a ch MAC . Do trong mng cc b ( LAN ) bt k khi no my tnh A mun gi d liu ti my tnh B , n s phi bit a ch MAC ca my tnh B . Trong khi i vi mt mng cc b nh c
th d dng tm ra mi a ch MAC khc , iu ny thc khng d dng i vi mng ton cu nh Internet. Nu khng s dng c a ch o, bn s phi bit a ch MAC ca my tnh ch , khng nhng l mt vic kh khn m cn khng tr gip dn ng cho gi d liu , bi v n khng s dng cu trc cy . L trnh l con ng m gi d liu phi dng n ch . V d : Khi d liu yu cu t my ch Internet , th d liu ny s i qua vi v tr khc nhau (gi l nhng Router ) trc khi n my tnh ca bn . Nu bn mun xem c th hy bm Start , chn Run , g CMD ri bm Enter . Trong mn hnh m phng DOS bn g lnh tracert www.quantrimang.com
Hnh 4
Bn s thy nhng con ng gia my tnh ca bn v my ch Web ca trang quantrimang.com . Nhng gi d liu s i qua mt vi Router khc nhau trc khi ti ch . Mi Router nm trung gian trn ng i c gi l Hop. Trong mi mng ni vi Internet c mt thit b gi l Router , n lm cu ni gia my tnh trong mng cc b ( LAN ) vi Internet . Mi Router c bng n
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 18 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
bit nhng mng khc v cng c thit lp cu hnh ngm nh cng ra vo ( Gateway ) ch ti Router khc trn mng Internet . Khi my tnh ca bn gi gi d liu ln mng Internet , Router kt ni ti mng ca bn , n phi xc nh a ch ca my tnh ch my tnh ch c th nm v tr trn cng mt mng hoc trn mng m n bit ng i , nu khng bit ng i th n s gi gi d liu ti Gateway ngm nh , c ngha l ti mt Router khc. Sau qu trnh c lp li c nh vy cho ti khi gi d liu n c a ch ch . C mt vi giao thc m lm vic lp Internet : IP (Internet Protocol), ICMP (Internet Control Message Protocol), ARP (Address Resolution Protocol) v RARP (Reverse Address Resolution Protocol) . Gi d liu c gi dng giao thc IP. Giao thc IP ly gi d liu nhn t lp Transport ( t giao thc TCP nu bn ang truyn d liu thc nh Email hoc File ) v chia chng thnh nhng Datagram . Datagram l gi khng c bt k h thng Acknowledge , c ngha l IP khng thc hin bt k h thng Acknowledge v nh vy n l giao thc khng tin cy . Bn phi lu rng khi truyn d liu theo giao thc TCP th bn thn n thc hin h thng Acknowledge . Nh vy qua giao thc IP khng kim tra Datagram c b li hay khng ti v tr ch th giao thc TCP s lm iu ny . Nh vy vic kt ni l hon ton tin cy , thm tr d liu qua giao thc IP l khng c tin cy . Mi Datagram ca IP c kch thc ln nht l 65.535 Byte , bao gm c Header m c th dng 20 hoc 24 byte , ph thuc vo s la chn trong chng trnh s dng . Nh vy Datagram ca IP c th mang 65.515 Byte hoc 65.511 Byte . Nu gi d liu nhn t lp Transport ln hn 65.515 Byte hoc 65.511 Byte , giao thc IP s ct gi xung thnh nhiu Datagram nu thy cn thit .
Trong hnh di, chng ta minh ho Datagram c to ra t lp Internet bng giao thc IP. Nh chng ta cp Header c giao thc IP thm vo bao gm a ch IP ngun , a ch IP ch v mt vi thng tin iu khin .
Nu bn ch , y khng phi Datagram ca IP c dung lng 65.535 Byte , nhng n c th ln ti dung lng 65.535 Byte . iu c ngha l trng d liu ca Datagram khng c kch thc c nh . Nhng Datagram s c gi ln mng bn trong nhng Frame c to ra t lp Network Interface , thng thng h iu hnh s cu hnh kch thc Datagram ca IP c kch thc ln nht ca vng d liu ca nhng Frame d liu trn mng ca bn . Kch thc ln nht trng d liu ca Frame m s c gi ln mng c gi l MTU (Maximum Transfer Unit ) . Nhng mng Ethernet - c dng hu ht cc kiu mng , bao gm c h thng mng khng dy c th ln ti 1500 Byte d liu , c ngha MTU c gi tr 1500 Byte . Nh vy h iu hnh t ng cu hnh giao thc IP to ra Datagram ca IP c chiu di 1500 Byte m khng phi l 65.535 ( s khng va trong mt
Frame ) . Trong phn tip theo s bit kch thc tht l 1497 hoc 1492 do lp LLC dng 3 hoc 5 Byte cho Header ca n . Bn c th b ln ln v vic mng c th phn loi TCP/IP v Ethernet nh th no . TCP/IP l mt tp hp ca giao thc c nhim v thc hin nhng cng vic t lp 3 ti lp 7 , Ethernet cng l tp hp giao thc c nhim v thc hin cng vic t lp 1 ti lp 2 trong m hnh OSI .Ethernet vi cng vic thuc kha cnh vt l ca truyn d liu . Nh vy chng ta vn cn m hnh OSI 7 lp (hoc mt kiu g tng ng ) thit lp kt ni mng . Chng ta s gii thch mi lin quan ny trong trang sau . Mt c tnh khc m giao thc IP cho php l s phn mnh (Fragmentation ) . Nh chng ta cp trc , ti ch , Datagram ca IP s c th qua mt vi mng khc nhau gia ca ng i . Nu tt c nhng mng trong ng i gia my tnh truyn v my tnh nhn l mt , th mi th u tt p , bi v tt c Router s lm vic vi cng mt cu trc ( c ngha l c cng kch thc MTU ) . Tuy nhin , nu nhng mng khc khng phi l mng Ethernet , chng c th s dng kch thc MTU khc nhau . Nu iu xy ra th Router m nhn nhng Frame c MTU l 1500 Byte s ct Datagram IP bn trong mi Frame thnh nhiu mu truyn trn mng khc c kch thc MTU nh hn . Nh vo vic n Router m c u ra ni vi mng Ethernet th Router ny s lp rp li Datagram gc ban u . Trong hnh bn di , bn c th xem v d ny . Frame ban u dng MTU c kch thc 1500 Byte . Khi ti mng khc vi MTU c kch thc 620 Byte th mi Frame ban u c phn chia thnh 03 Frame ( hai c kch thc 600 Byte v mt c kch thc 300 Byte ) . Sau Router m l u ra ca mng ny ( Router 2 ) s lp rp li thnh Datagram ban u . Hin nhin Header IP c trng iu khin s phn mnh ny
4.
Lp Network Interface :
Datagram c to t lp Internet s c gi xung ti lp Network Interface ,
nu chng ta ang truyn d liu , hoc lp Network Interface s ly d liu t mng v gi n ti lp Internet , nu chng ta ang nhn d liu . Lp ny vch r mng vt l kiu no m my tnh ca bn kt ni ti . Hin nay hu ht my tnh ca chng ta dng kt ni mng Ethernet ( mng khng dy cng l mng Ethernet ) . Nh chng ta ni trong phn trc , TCP/IP l mt tp hp giao thc c nhim v thc hin cng vic t lp th 3 ti lp th 7 , Ethernet cng l tp hp giao thc s dng cng vic t lp th nht ti lp th 2 trong m hnh OSI . Ethernet c ba lp Logic Link Control (LLC), Media Access Control (MAC) v Physical . Lp LLC v MAC tng ng vi lp th hai trong m hnh OSI . Bn c th xem cu trc Ethernet trong hnh 6.
Hnh 7: Cu trc Ethernet Lp LLC ( iu khin lin kt Logic ) c nhim v thm thng tin ca giao thc no lp Internet pht ra d liu c truyn i . Do khi nhn mt Frame t mng , lp ny trong my tnh nhn s bit giao thc no t lp Internet s pht ra d liu . Lp ny c xc nh bi giao thc IEEE 802.2 . Lp MAC ( iu khin truy nhp phng tin truyn thng ) c nhim v lp rp Frame m s c gi ln mng . Lp ny c nhim v thm a ch MAC ngun v a ch MAC ch chng ta gii thch trc . a ch MAC l a ch vt l ( Physical Address ) ca Card mng . Nhng Frame m l ch ti mng khc s dng a ch MAC ca Router nh l a ch ch . Lp ny c xc nh bi giao thc IEEE 802.3 nu bn dng h thng Cable , v l giao thc IEEE 802.11 nu bn dng mng khng dy . Lp Physical c nhim v chuyn i Frame do lp MAC to ra thnh tn hiu in ( nu dng h thng dy dn mng bng Cable ) hoc thnh sng t trng ( nu s dng h thng mng khng dy ) .Lp ny c xc nh bi giao thc IEEE 802.3 nu bn dng h thng Cable , v l giao thc IEEE 802.11 nu bn dng mng khng dy .
23 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Nhng lp LLC v MAC thm nhng Header ca chng ti Datagram m nhn c t lp Internet . Do cu trc y ca nhng Frame c to ra t hai lp c th hin trong hnh 7 . Lp LLC thm t 3 Byte ti 5 Byte ca Header v Datagram ca n c kch thc 1500 Byte do d liu ln nht c kch thc l 1497 hoc 1495 Byte . Lp MAC thm 22 Byte cho Header ca n , v 4 Byte CRC ( Data Correction ) vo im kt thc ca Datagram c nhn t lp LLC . Nh vy kch thc ln nht ca Frame trong mng Ethernet l 1526 Byte .
Hnh 8:Frame trong lp Network Interface By gi chng ti s i su hn mt cht gii thch nhng giao thc khc v nhng chc nng khc ca TCP/IP khng c cp trc nh Telnet, SSH, TFTP, DHCP, DNS, ICMP, RIP, OSPF, BGP, ARP Mt iu quan trng nn nh rng c mt vi giao thc lin quan ti cm TCP/IP v chng ti ch gii thch nhng g c gi l quan trng nht .
24 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
5. Terminal Services ( TS )
TS cho php bn vo my ch v truy cp ti nhn ca n ( c ngha l ti tn du nhc h thng ) t xa thng qua bn phm v mn hnh ca bn . C ba giao thc Terminal hay c s dng nht l : Telnet , Rlogin v SSH (Secure Shell ) . Tt c lm cng mt vic nhng nu s dng SSH th kt ni c m ho v an ton hn . Nu bn mun qu l my ch t xa an ton hn th nn dng SSH thay th cho Telnet hoc Rlogin , bi v kt ni Telnet v Rlogin khng c m ho , mt vi ngi dng chng trnh Sniffer l mt loi chng trnh cho php Hacker c c gi d liu m ang c truyn trn mng c th c mi th bn g k c Password. Telnet , Rlogin v SSH l nhng giao thc lp Application v dng giao thc TCP trn lp Transport , Telnet dng cng 23 , Rlogin dng cng 513 v SSH dng cng 22 . Mt trong nhng chng trnh Terminal trn my trm hay c s dng trong Windows m cho php nhng kt ni Telnet , Rlogin v SSH c tn l PuTTY . Trong Windows ch c sn tin ch cho Telnet - bm Start , chn Run , g Telnet - , nhng khng c sn cho SSH .
vic . S khc nhau na l TCP sp xp li nhng gi m c th chng c n khng theo trt t , th UDP li cng khng lm iu . Ni mt cch khc , bi v n khng c h thng xc nhn ( Acknowledge ) v cng khng c bt k h thng sp xp li no , nhng gi UDP nh hn (Header ca UDP cng nh hn Header ca TCP ) , v cng yu cu cng sut tnh ton t hn x l nh sp xp li v Acknowledge l khng cn thit - . N s l ng dng khng cn giao thc m s c nhim v ca chc nng ny . i vi cng vic hng ngy , giao thc TFTP khng c dng nhiu nh FTP v c tin cy t hn .Tuy nhin cng c ng dng da trn TFTP v bn c th c nghe ni n l : Khi ng t xa khng cn a ( RIPL , Remote Initial Program Loading ). Bn c th c my tnh khng c a cng hoc bt k thit b lu tr no khc v cu hnh n khi ng t trn mng , c ngha l ti h iu hnh v nhng chng trnh t my ch . Chng trnh ti h iu hnh t xa cn c lu tr trong b nh ROM nh nm trn Card mng ca my tnh khng c a. Nh vy n s cn giao thc truyn nhng File , v dng TFTP tt hn FTP , nhng my trm dng TFTP ny c tin ch nh hn so vi FTP nn cha va trong ROM c kch thc 64KB trn Card mng . Tm li TFTP v giao thc lp Application dng vi giao thc UDP ( cng 69 ) trong lp Transport .
Vi nhng gii thiu tng quan trn, chng ta hy xem xt chi tit hn v mi mt phin bn lin tip ca Windows bt u vi hnh thc s khai nht ca n, h iu hnh c bit n vi tn DOS.
Nhng ci tin tip tc c thc hin, IBM lin h vi cng ty Microsoft cung cp h iu hnh cho cc my tnh IBM vo thi im ban u ny. Khi Gates v Allen mua QDOS (quick and dirty operating system) t Seattle Computer Products v iu chnh nhng cn thit cho h thng my tnh mi. H iu khi c gi l DOS, vit tt cho cm t disk operating system. DOS l mt tn chung cho hai h iu hnh khc nhau. Khi c ng gi vi cc my tnh c nhn IBM, DOS c gi l PC DOS. Cn khi c bn di dng mt gi ring
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 28 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
bi Microsoft, DOS c gi l MS-DOS. Tuy nhin c hai phin bn u c chc nng tng t nhau. Hu ht ngi dng PC th h u tin u phi hc iu hnh my tnh ca h bng DOS. Nhng h iu hnh ny khng thn thin mt cht no; n yu cu ngi dng phi nh tt c cc lnh v s dng cc lnh thc hin hu ht cc hot ng hng ngy, chng hn nh vic copy cc file, thay i th mc, u im chnh ca DOS l tc v tiu tn t b nh, y l hai vn quan trng khi hu ht cc my tnh ch c 640K b nh. 2. Windows 1.0 Microsoft tin rng cc my tnh cc nhn s tr thnh xu th ch o, chng phi d dng hn trong s dng, bo v cho s tin tng chnh l giao din ha ngi dng (GUI) thay cho giao din dng lnh ca DOS. Vi quan im , Microsoft bt tay vo thc hin phin bn m u ca Windows vo nm 1983, v sn phm cui cng c pht hnh ra th trng vo thng 11 nm 1985.
Hnh 2: Phin bn u tin ca Windows - Windows 1.0 Windows ban u c gi l Interface Manager, v khng c g ngoi mt lp v ha t trn h iu hnh DOS ang tn ti. Trong khi DOS ch l mt h iu hnh s dng cc lnh bng vn bn v gn cht vi bn phm th Windows 1.0 h
tr hot ng kch vo th ca chut. Tuy nhin cc ca s trong giao din hon ton cng nhc v khng mang tnh xp chng. Khng ging cc h iu hnh sau ny, phin bn u tin ca Windows ny ch c mt vi tin ch s ng. N ch c chng trnh ha Windows Paint, b son tho vn bn Windows Write, b lch biu, notepad v mt ng h. Tuy nhin thi Windows 1.0 cng c Control Panel, y l thnh phn c s dng cu hnh cc tnh nng khc cho mi trng, v MS-DOS Executive - k tin nhim cho b qun l file Windows Explorer ngy nay. Khng h ngc nhin v Windows 1.0 khng thnh cng nh mong i. Do lc khng c nhiu nhu cu cho mt giao din ha ngi dng cho cc ng dng vn bn cho cc my tnh PC ca IBM v y cng l phin bn Windows u tin yu cu nhiu cng xut hn cc my tnh vo thi i . 3. Windows 2.0 Phin bn th hai ca Windows c pht hnh vo nm 1987, y l phin bn c ci tin da trn phin bn Windows 1.0. Phin bn mi ny b sung thm cc ca s c kh nng xp chng nhau v cho php ti thiu ha cc ca s chuyn qua li trong desktop bng chut.
Trong phin bn ny, Windows 2.0 c trong n cc ng dng Word v Excel ca Microsoft. Lc ny Word v Excel l cc ng dng ha cnh tranh vi cc i th khi WordPerfect v Lotus 1-2-3; cc ng dng ca Microsoft cn mt giao din ha c th chy hp thc, do Microsoft tch hp chng vo vi Windows. Lc ny khng c nhiu ng dng tng thch vi Windows. Ch c mt ngoi l ng lu l chng trnh Aldus PageMaker. 4. Windows 3.0 Ln th ba c tin b hn cc phin bn trc rt nhiu v nh du mt mc quan trng trong thng mi. Windows 3.0, pht hnh nm 1990, l phin bn thng mi thnh cng u tin ca h iu hnh, Microsoft bn c khong 10 triu copy trong hai nm trc khi nng cp ln 3.1. y l phin bn h iu hnh a nhim ch thc u tin. Sau s thnh cng vi Macintosh ca Apple, th gii my tnh c nhn sn sng cho mt h iu hnh a nhim cng vi giao din ha ngi dng.
Hnh 4: Phin bn Windows 3.0 Windows 3.0 l mt ci thin ln so vi cc phin bn trc y. Giao din ca n p hn nhiu vi cc nt 3D v ngi dng c th thay i mu ca desktop (tuy
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 31 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
nhin thi im ny cha c cc nh nn - wallpaper). Cc chng trnh c khi chy thng qua chng trnh Program Manager mi, v chng trnh File Manager mi thay th cho chng trnh MS-DOS Executive c trong vn qun l file. y cng l phin bn u tin ca Windows c tr chi Solitaire trong . Mt iu quan trng na l Windows 3.0 c mt ch Protected/Enhanced cho php cc ng dng Windows nguyn bn c th s dng b nh nhiu hn h iu hnh DOS ca n. Sau pht hnh Windows 3.0, cc ng dng c vit cho Windows c pht trin rt rng ri trong khi cc ng dng khng cho Windows (non-Windows) th ngc li. Windows 3.0 lm cho cc ng dng Word v Excel nh bi cc i th cnh tranh khc nh WordPerfect, 1-2-3. 5. Windows 3.1 Windows 3.1, pht hnh nm 1992, c th coi l mt nng cp cho phin bn 3.0. Phin bn ny khng ch c cc bn v li cn thit m n cn l phin bn u tin m Windows hin th cc font TrueType lm cho Windows tr thnh mt nn tng quan trng cho cc my desktop. Mt im mi na trong Windows 3.1 l b bo v mn hnh (screensaver) v hot ng ko v th.
Hnh 5: Cc font TrueType ca Windows 3.1 6. Windows cho cc nhm lm vic (Workgroup)
Cng c pht hnh vo nm 1992, Windows cho cc nhm lm vic (vit tt l WFW), l phin bn dng kt ni u tin ca Windows. Ban u c pht trin nh mt add-on ca Windows 3.0, tuy nhin WFW b sung thm cc driver v cc giao thc cn thit (TCP/IP) cho vic kt ni mng ngang hng. y chnh l phin bn WFW ca Windows thch hp vi mi trng cng ty.
Hnh 6: Windows cho cc nhm lm vic phin bn kt ni u tin ca Windows Vi WFW, cc pht hnh ca Windows c chia thnh hai hng: hng dnh cho khch hng, c thit k dnh cho s dng trn cc my tnh PC ring l, hin thn l Windows 3.1 v Windows 95 sp ra i, v mt hng l dnh cho khi doanh nghip, c thit k s dng trn cc my tnh c kt ni mng, hin thn l WFW v Windows NT sp ra i. 7. Windows NT Pht hnh k tip cho khi doanh nghip ca Windows l Windows NT (t NT l vit tt ca cm t newtechnology), phin bn chnh thc c pht hnh vo nm 1993. Mc d vy NT khng phi l mt nng cp n gin cho WFW m thay v
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 33 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
n l mt h iu hnh 32-bit ng ngha c thit k cho cc t chc c kt ni mng. (Cc phin bn khch hng vn c duy tr cc h iu hnh 16-bit).
Hnh 7: Windows NT phin bn Windows 32-bit u tin dnh cho s dng trong khi doanh nghip
Windows NT cng l mt thnh vin trong hp tc pht trin h iu hnh OS/2 ca Microsoft vi IBM. Tuy nhin khi mi quan h gia IBM v Microsoft b v, IBM vn tip tc vi OS/2, trong khi Microsoft thay i tn phin bn ca OS/2 thnh Windows NT. Phc v cho khch hng doanh nghip, Windows NT c hai phin bn: Workstation v Server. NT Workstation c dnh cho cc PC ring r trn mng cng ty, cn NT Server c nhim v my ch cho tt c cc PC c kt ni vi nhau. Vi nhng kh nng ci thin v cng ngh kt ni mng, NT tr thnh mt h iu hnh ch o cho cc my ch v my trm doanh nghip trn ton th gii. N cng l c s cho h iu hnh Windows XP, h iu hnh st nhp hai lung Windows thnh mt h iu hnh chung vo nm 2001. 8. Windows 95
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 34 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Quay tr li vi hng khch hng, Microsoft sn sng mt pht hnh mi vo thng 8 nm 1995. Phin bn Windows 95 ny c l l pht hnh ln nht trong s cc pht hnh Windows.
Hnh 8: Windows 95 pht hnh Windows ln nht cha tng c C th kh kh khn hnh dung li sau 15 nm, nhng pht hnh Windows 95 l mt s kin mang tnh lch s, vi vic a tin rng ri trn phng tin thng tin i chng, cc khch hng xp thnh nhng hng di bn ngoi cc ca hng t na m mua c nhng bn copy u tin ca h iu hnh ny. Tuy nhin nhng g mi thc s gy chong? Windows 95 c din mo p hn v kh nng lm vic cng tt hn, c hai th u t c mong mi ca ngi dng sau nhiu nm ch i. y l mt h iu hnh c vit li phn ln v ci thin c giao din ngi dng v a Windows sang nn tng 32-bit gi mo. (Nhn kernel 16-bit vn c gi li c th tng thch vi cc ng dng c). Windows 95 xut hin Taskbar, thanh tc v ny c cc nt cho cc ca s m. N cng l phin bn u tin ca Windows c s dng nt Start v menu Start;
35 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
cc shortcut trn desktop, kch phi chut v cc tn file di cng ln u tin xut hin trong phin bn ny. Mt im mi na trong Windows 95 mc d khng c trong phin bn ban u l trnh duyt web Internet Explorer ca Microsoft. IE 1.0 ln u tin xut hin l trong Windows 95 Plus! Vi t cch mt add-on; phin bn 2.0 c trong Win95 Service Pack 1, gi dch v c pht hnh vo thng 12 nm 1995. 9. Windows 98 Windows 98, cng c ly tn nm pht hnh ca n (1998), l mt thay i mang tnh cch mng so vi phin bn trc . Din mo bn ngoi ca n p hn Windows 95 kh nhiu, v thm ch n cn c nhiu ci thin hu dng bn trong. Nhng ci thin y nh s h tr cho USB, chia s kt ni mng v h thng file FAT32, tuy tt c u nhng ci thin ny rt ng gi nhng khng lm cho c th gii chong ngp nh ln ra mt ca Windows 95.
Hnh 9. Microsoft windows 98 Microsoft pht hnh phin bn nng cp "Second Edition" ca Windows 98 vo nm 1999. Phin bn ny c t nhng thay i ng ch m ch c hu ht cc bn v li.
10. Windows Me Microsoft pht hnh phin bn Windows Millennium edition vo nm 2000. Windows Me, c l l li ln nht ca Microsoft, mt nng cp th yu vi rt nhiu li thay v sa cc li trc
Trong phin bn mi ny, Microsoft nng cp cc tnh nng Internet v multimedia ca Windows 98, b sung thm ng dng Windows Movie Maker, gii thiu tin ch System Restore tt c u l nhng ng dng tt. Tuy nhin iu ng ch nht trong Windows Me l hin tng d v v h thng d b treo. Nguyn nhn ny lm cho nhiu khch hng v cc doanh nghip b qua ton b nng cp ny. 11. Windows 2000 c pht hnh gn nh ng thi vi pht hnh dnh cho khch hng Windows Me, Windows 2000 l mt nng cp thnh cng cho khi doanh nghip ca Microsoft. K v ngay sau Windows NT, Windows 2000 l mt s tin ha t nn tng c bn NT, v vn nhm n th trng doanh nghip.
Hnh 11: Windows 2000 k k nhim cho Windows NT cho th trng doanh nghip
Khng ging nh NT, Windows 2000 c hai phin bn (Workstation v Server), Windows 2000 c n 5 phin bn khc nhau: Professional, Server, Advanced Server, Datacenter Server v Small Business Server. Tt c cc phin bn u kt hp cht ch cc tnh nng t Windows 95/98 v to nn mt giao din p mt v tinh t. 12. Windows XP Cc dng h iu hnh khch hng v doanh nghip ca Windows c nhp thnh mt vi pht hnh nm 2001 ca Windows XP. y l phin bn u tin m Microsoft a s tin cy trong dng doanh nghip ra th trng khch hng v a s thn thin vo th trng doanh nghip. XP c s pha trng tt nht gia cc phin bn Windows 95/98/Me vi thao tc 32-bit ca Windows NT/2000 v giao din ngi dng c tn trang li. V bn cht c th cho rng XP l kt hp giao din ca Windows 95/98/Me vo NT/2000 core, b qua c s m DOS xut hin trong cc phin bn khch hng trc ca Windows.
Hnh 12: Giao din thn thin hn ca Windows XP Vi Windows XP, Microsoft bt u phn khc th trng bng mt s phin bn khc nhau, mi mt phin bn li c mt tp cc tnh nng ring bit. Cc phin bn khc nhau c phn khc y gm c: XP Home Edition, XP Professional (cho ngi dng khi doanh nghip), XP Media Center Edition, XP Tablet PC Edition, v XP Starter Edition (cho ngi dng trong cc nc ang pht trin). Tuy nhiu ngi dng cm thy ln xn v s phn khc ny, nhng Microsoft dng nh li khng quan tm n iu . T quan im ca ngi dng, XP l mt phin bn p hn, nhanh hn so vi cc phin bn trc Windows 95/98 hoc Windows 2000. (N cng c tin cy cao hn so vi h iu hnh Windows Me tht bi trc ). Giao din Luna cho bn thy p hn v thn thin hn, tnh nng Fast User Switching cho php cng mt my c th c chia s d dng vi nhng ngi dng khc. 13. Windows Vista c pht hnh nm 2007, phin bn Windows ny pht trin cc tnh nng ca XP v b sung thm s bo mt v tin cy, chc nng truyn thng s c ci thin v giao din ha ngi dng Aero 3D p mt.
Hnh 13: Giao din Aero ca Windows Vista Chng ta hy bt u vi giao din, chy c giao din nng cao ny i hi cc my tnh phi c cu hnh cao, chnh v l do ny m Vista b hn ch kh nng nng cp t nhiu my tnh c. Giao din Aero hin th cc thnh phn 3D gn nh trong sut v ng bao ca s kiu knh, bn cnh cn nhiu th trong Vista cng rt khc bit. Cc biu tng th mc v file hin th bng cc thumbnail ni dung ca chng. Khi bn chuyn gia cc ng dng ang m, Windows s cun v xoay vng hin th theo ngn xp 3D. Cc ca s trng uyn chuyn hn, trn tra hn v c tnh m c, tng cm gic su khi bn xem nhiu ca s trn mn hnh. Bn cnh cn c mt Sidebar gi cc Gadget, cc ng dng nh chuyn dng cho mt nhim v no . Bn trong, Vista c thit k chy an ton v trng kin hn Windows XP. Tuy nhin mt trong nhng tnh nng bo mt ngi dng phn nn nhiu l User Account Control, tnh nng ny gp phn vo lm gin on cc hot ng thng thng ca ngi dng. D nh th tt (nhm ngn chn khng cho truy cp tri php vo h thng), tuy nhin khi thc thi th chng trnh li lm cho ngi dng t ra rt kh chu vi cc ca s i hi s cho php xut hin qu nhiu.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 40 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Thm ch ti t hn, nhiu ngi dng gp phi cc vn trong vic nng cp thit b c ln Vista. Nhiu thit b ngoi vi c khng c driver tng thch vi Vista (y c th coi l mt vn vi bt c nng cp Windows no), tuy nhin c mt s chng trnh chy trn XP khng th lm vic ng cch trong mi trng Vista. Chc hn t nhng yu t khng thnh cng trn ca Windows Vista m Microsoft bt tay vo pht trin k k nhim cho Vista ngay lp tc chnh l Windows 7 c pht hnh v ph bin rng ri n nay. 14. Windows 7 Phin bn mi nht ca Windows d kin c pht hnh vo thng 10 nm 2009. l qung thi gian hai nm ngn ngi sau khi pht hnh Windows Vista, iu cng c ngha rng n khng phi mt nng cp ch o (khng thi gian). Thay v chng ta c th ngh v Windows 7 vi Windows Vista ging nh mi quan h ca Windows 98 vi Windows 95. N ch l mt pht hnh th yu, ging mt gi dch v hn l mt nng cp quy m ln.
Hnh 14: Taskbar mi trong Windows 7 Vy c nhng g thay i trong Windows 7? u tin, pht hnh ny s thay i nhng g m ngi dng khng thch trong Windows Vista. Phn cng c v phn
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 41 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
mm c tng thch nhiu hn, v thm ch cn c c tnh nng Windows XP Mode cho php chy cc ng dng trong thi i XP trong mi trng nguyn bn ca Windows 7. User Account Control cng c ci thin nhiu hn gim bt s gin on gy kh chu i vi ngi dng. Tip n, Windows 7 cn c mt s thay i v mt giao din. Sidebar b b i v thay vo bn c th t cc Gadget trc tip ln desktop. Bn cnh l ch Aero Peek mi cho php bn nhn ng sau tt c cc ca s m thy nhng g bn di desktop, cng nh cc hot ng Aero Snaps mi cho php bn d dng di chuyn v cc i ha cc ca s. Mc d vy thay i ln nht li ri vo taskbar, mt di c nh trn mn hnh xut hin ln u tin trong Windows 95. Taskbar mi trong Windows 7 cho php bn dock (neo u) c cc ca s ang m v cc ng dng ln ti liu a thch ca bn. Kch chut phi vo mt nt ca taskbar, bn s thy mt Jump List cc ti liu gn y v cc hot ng hu dng khc; a chut qua nt taskbar, bn s thy mt ng dng ang m v bn thumbnail ca tt c cc ti liu. C th ni Windows 7 thay i cch bn thc hin trong nhiu th, tuy nhin c nhiu ngi nhn nh l nhng cch mang tnh tch cc. Pht hnh Windows 7 sp ti kt thc lch s ca Windows cho n thi im ny. Tuy nhin cc chuyn gia pht trin ca Microsoft vn ang lm vic trn cc phin bn mi ca h iu hnh li. 15. Windows 8 Windows 8 chnh thc cho ngi dng ti v bn dnh cho nh pht trin vi nhiu tnh nng mi v giao din Metro ging Windows Phone 7. Pht biu ti s kin ra mt bn th nghim mi (v cng gn nh l cui cng) ca Windows 8, Steven Sinofsky, gim c b phn Windows ca Microft tuyn b y l mt s nh hnh hon ton mi ca Windows. H iu hnh ny c th hot ng trn cc b my tnh thng thng (ang s dng cc phin bn ca Windows), cng nh cc thit b s dng vi x l ARM, chng hn nh smartphone hoc my tnh bng.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 42 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Theo Sinoftsky, phin bn Consumer Preview c s khc bit so vi phin bn th nghim s khai Developers Preview c Microsoft tung ra trc . c bit Windows 8 thay i v thm 100 ngn on code trong m ngun ca Windows 8, nn vi nhiu ngi, y thc s l mt sn phm hon ton mi.
Hnh 15 : Lot sn phm s dng Windows 8 c trnh din ti MWC 2012. Microsoft cng cho bit thm Windows 8 l h iu hnh c th p ng c y cng vic, t nhng ngi c kin thc c bn n chuyn su v my tnh. Cc ng dng trn Windows 8 cng c th hot ng lng vo nhau, ng dng ny chy bn trong ng dng khc lm vic cng nhau, gip p ng hiu qu hn cho ngi dng. Micorosoft cng trnh din kh nng hot ng ca Windows 8 trn my tnh bng. Cc thnh phn trn Windows 8 c thit k li h tr mn hnh cm ng nn vic s dng Windows 8 rt thun tin v mt m. Tnh nng chuyn i gia cc ng dng v phn mm ang chy cng c s khc bit. Thay v s dng t hp phm Alt-Tab nh trc y chuyn i gia cc ca s, ngi dng ch vic s dng ngn tay lt trn mn hnh chuyn i, hoc lt trn cnh mn hnh xem cc ng dng ang chy v chn ng dng cn chuyn n.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 43 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
D nhin, Windows 8 khng th thiu dnh cho my tnh truyn thng, ng thi trnh din Windows 8 Consumer Preview trn my chic my tnh truyn thng, gii thiu cch Windows 8 hot ng vi chut v bn phm thng thng. Bn cnh vic trang b h tr hon ton cm ng, Windows 8 cng nh trc y khi cung cp y cc ty chn cho chut v bn phm. Microsoft cng bin 4 gc mn hnh ca Windows thnh 4 gc ma thut, m khi di chuyn con tr chut n s kch hot 4 tnh nng khc nhau ca Windows, chng hn nh khi chuyn chut n 1 gc s kch hot danh sch cc chc nng iu khin Chc nng Copy d liu trn Windows 8 cng c thit k li, cho php ngi dng tm ngng qu trnh sao chp khi cn thit v tr li sau ny. Nu gp li trong qu trnh sao chp d liu, ngi dng c th phc hi v tip tc t thi im b li. Microsoft cng khng nh rng cc phn mm ang hot ng trn Windows 7 vn c th hot ng bnh thng trn Windows 8, vi cu hnh tng t v khng c nhiu khc bit. im ng ch trn Windows 8 chnh l giao din Metro, vi cc khung ng dng c th c ty bin theo ngi dng. Tuy nhin bn cnh , Windows 8 vn gi nguyn mn hnh desktop truyn thng, nhng nt bm Start b loi b, thay vo ngi dng ch vic di chuyn chut n v tr nt bm Start trc y kch hot menu. Microsoft cng tch hp thm h iu hnh ca mnh nhiu dch v tin ch m rng, nh tnh nng chia s ln mng x hi bt k ng dng ny, tin kch SkyDrive, dch v lu tr d liu ln cc my ch m my Cng vi Windows 8, Microsoft cng ra mt kho ng dng Windows Apps dnh cho h iu hnh mi ca mnh. Vi kho ng dng ny, cc nh pht trin ng dng v ngi dng s c mt a im qung b v tm kim cc ng dng ph hp vi cng vic ca mnh c thun tin hn. Nhng hnh nh v giao din v tnh nng mi trn Windows 8 Consumer Preview:
Hnh 18 : Tnh nng chia s gip ngi dng d dng chia s ni dung thng qua email v mng x hi.
Hnh 19 : Nhiu ng dng c kch hot v hot ng trc tip trong giao din Metro ca Windows 8.
Hnh 21 : ng dng Bing Maps tng t nh cc ng dng Metro khc, hot ng ch ton mn hnh.
Hnh 22 : Ngi dng c th xem ton b cc ng dng ang chy bng cch a chut vo cnh tri ri lt dc. Kch chut phi vo thumbnail ca ng dng ng chng nu mun.
Hnh 24 : Giao din ng dng Internet Explorer 10, cho php hin th hnh nh ca cc
tab ang m trn trnh duyt d dng la chn.
Hnh 25 : Chc nng email c tch hp trong hu ht cc ng dng d dng gi i cc ni dung khi cn thit.
Hnh 27 : Microsoft cung cp cho ngi dng 25GB dung lng min ph ca dch v m my SkyDrive lu tr d liu.
Hnh 29 : Giao din mn hnh xanh cht chc vn khng th trnh khi trn Windows, nhng vi phin bn mi, giao din ny c thit k n gin v thn thin hn.
Ngoi nhng h iu hnh m Microsoft pht trin dnh cho ngi dng s dng, th Microsoft cn pht trin nhng h iu hnh s dng cho mc ch qun tr mng. V ni bt nht trong cc h iu hnh qun tr server ca Microsoft l Microsoft Server 2003. Gm c 4 phin bn chnh : 5. Microsoft Windows Server 2003 Enterprise Edition 6. Microsoft Windows Server 2003 Standard Edition 7. Microsoft Windows Server 2003 Datacenter Edition
8. Microsoft Windows Server 2003 Web Edition
Hin nay, h iu hnh dng qun tr mng do Microsoft pht hnh mi nht l Microsoft Windows Server 2008, pht trin da trn nn tng ca Microsoft Windows Server 2003 Chng ta s cng tm hiu v s dng mt trong 4 phin bn Microsoft Windows Server 2003, ci t, thit lp, cu hnh, nng cp domain, v qun l ngi dng trong vic qun tr mng.
- B sung thm tnh nng NetBIOS over TCP/IP cho dch v RRAS (Routing and RemoteAccess).Tnh nng ny cho php bn duyt cc my tnh trong mng xa thng qua cng c Network Neighborhood. - Phin bn Active Directory 1.1 ra i cho php chng ta y quyn gia cc gc rng vi nhau ng thi vic backup d liu ca ActiveDirectory cng d dng hn. - H tr tt hn cng tc qun tr t xa do Windows 2003 ci tin RDP (Remote DesktopProtocol) c th truyn trn ng truyn 40Kbps. Web Admin cng ra i gip ngi dung qun tr Server t xa thng qua mt dch v Web mt cch trc quan v d dng. - H tr mi trng qun tr Server thng qua dng lnh phong ph hn - Cc Cluster NTFS c kch thc bt k khc vi Windows2000 Server ch h tr 4KB. - Cho php to nhiu gc DFS (Distributed File System) trn cng mt Server.
Edition
Edition
,NET Framework Act as a Domain Controller in the ActiveDirectory Microsoft Metadirectory Services (MMS)support Internet Information Services (IIS) 6.0 ASP .NET Enterprise UDDI services Network load balancing Server clusters Virtual Private Network (VPN) support Internet Authentication Services (IAS) No No
Yes
Yes
Yes
Yes
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
c Tnh
Web Edition
Standard
Enterprise
Datacenter
54
Distributed File System (DFS) Encrypting File System (EFS) Shadow Copy Restore Removable and Remote Storage Fax services Services for Macintosh Print Services for Unix Terminal Services No Yes No Yes Yes No No No No Yes Yes Yes Yes Yes Yes Yes No No Yes Yes Yes Yes
Yes
Yes
Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No
Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
IntelliMirror Remote OS Installation (RIS) 64-bit support for Itanium-based computers Datacenter Program
Ipv6
Yes
Yes
Yes
Yes
55
Bng so snh cc c tnh Hoch nh v chun b y l yu t quan trng quyt nh qu trnh ci t c trn tru hay khng. Trc khi ci t, bn phi bit c nhng g cn c c th ci t thnh cng v bn c c tt c nhng thng tin cn thit cung cp cho qu trnh ci t. ln k hoch cho vic nng cp hoc ci mi cc Server bn nn tham kho cc hng dn t Microsoft Windows Server 2003 DeploymentKit. Cc thng tin cn bit trc khi nng cp hoc ci mi h iu hnh: - Phn cng p ng c yu cu ca Windows Server 2003. - Lm sao bit c phn cng ca h thng c c Windows Server 2003 h tr hay khng. - im khc bit gia cch ci t mi v cch nng cp (upgrade). - Nhng la chn ci t no thch hp vi h thng ca bn, chng hn nh chin lc chia partition a, v bn s s dng h thng tp tin no
c Tnh
Edition
128MB 256MB 256MB 256MB 32GB cho my dng 2GB 4GB X86, 64GB cho my dng Itanium 133Mhz cho my dng 133Mhz 133Mhz X86, 733Mhz cho my dng Itanium 550Mhz 2 550Mhz 4 733Mhz 8 1.5GB cho my dng 1.5GB 1.5GB X86, 2GB cho dng my Itanium Khng h tr Khng h tr 128MB 128MB
Web Edition
Standard
Enterprise Edition
Datasenter Edition
512MB 1GB 64GB cho my dng X86, 512GB cho my dng Itanium 400Mhz cho my dng X86, 733Mhz cho my dng Itanium 733Mhz 8 n 32 CPU cho my dng X86 32bit,64CPU 1.5GB cho my dng X86, 2GB cho my dng Itanium
57
Dung lng RAM ti thiu Dung lng RAM gi Dung lng RAM h tr ti a Tc ti thiu ca CPU Tc CPU gi
8 my
8 my
H tr nhiu CPU
- Windows NT Server 4.0, Terminal Server Edition,vi ServicePack5 hoc ln hn. - Windows NT Server 4.0, Enterprise Edition, vi Service Pack5 hoc ln hn. - Windows 2000 Server. - Windows 2000 Advanced Server. - Windows Server 2003, Standard Edition.
Windows 2003 mc nh ch ci mt giao thc TCP/IP, cn nhng giao thc cn li nh IPX, AppleTalk l nhng ty chn c th ci t sau nu cn thit. Ring giao thc NetBEUI, Windows2003 khng a vo trong cc ty chn ci t m ch cung cp km theo a CD-ROM ci t Windows 2003 v c lu trong th mc \VALUEADD\MSFT\NET\NETBEUI .
Nu my tnh ca bn nm trong mt mng nh, phn tn hoc cc my tnh khng c ni mng vi nhau, bn c th chn cho my tnh lm thnh vin ca workgroup, n gin bn ch cn cho bit tn workgroup l xong. Nu h thng mng ca bn lm vic theo c ch qun l tp trung, trn mng c mt vi my Windows 2000 Server hoc Windows 2003 Server s dng Active Directory th bn c th chn cho my tnh tham gia domain ny. Trong trng hp ny, bn phi cho bit tn chnh xc ca domain cng vi ti khon (gm c username v password ) ca mt ngi dng c quyn b sung thm my tnh vo domain. V d nh ti khon ca ngi qun tr mng ( Administrator). Cc thit lp v ngn ng v cc gi tr cc b.Windows 2000 Server h tr rt nhiu ngn ng, bn c th chn ngn ng ca mnh nu c h tr.Cc gi tr local gm c h thng s, n v tin t, cch hin th thi gian, ngy thng.
1.1 Ci t t h iu hnh khc: Nu my tnh ca bn c mt h iu hnh v bn mun nng cp ln Windows 2003 Server hoc l bn mun khi ng kp, u tin bn cho my tnh khi ng bng h iu hnh c sn ny, sau tin hnh qu trnh ci t Windows 2003 Server. Tu theo h iu hnh ang s dng l g, bn c th s dng hai lnh sau trong th mcI386 : - WINNT32.EXE nu l Windows 9x hoc Windows NT. - WINNT.EXE nu l h iu hnh khc. 1.2 Ci t trc tip t a CD Windows 2003 : Nu my tnh ca bn h tr tnh nng khi ng t a CD, bn ch cn t a CD vo a v khi ng li my tnh. Lu : l bn phi cu hnh CMOS Setup, ch nh thit b khi ng u tin l a CD-ROM . Khi my tnh khi ng ln th qu trnh ci t t ng thi hnh, sau lm theo nhng hng dn trn mn hnh ci t Windows 2003. 1.3 Ci t Windows 2003 Server t mng : c th ci t theo kiu ny, bn phi c mt Server phn phi tp tin, cha b ngun ci t Windows 2003 Server v chia s th mc ny. Sau tin hnh theo cc bc sau: - Khi ng my tnh nh ci t. - Kt ni vo my Server v truy cp vo th mc chia s cha b ngun ci t. - Thi hnh lnh WINNT.EXE hoc WINNT32.EXE tu theo h iu hnh ang s dng trn my. - Thc hin theo hng dn ca chng trnh ci t.
(2) a a ci t Windows 2003 Server vo a CD-ROM v khi ng li my. (3) Khi my khi ng t a CD-ROM s xut hin mt thng bo Press any key to continue yu cu nhn mt phm bt k bt u qu trnh ci t. (4) Nu my c a SCSI th phi nhn phm F6 ch Driver ca a .
Hnh 1 (5) Trnh ci t tin hnh chp cc tp tin v driver cn thit cho qu trnh ci t.
Hnh 3 (7) Nhn phm F8 chp nhn tha thun bn quyn v tip tc qu trnh ci t. Nu nhn ESC, th chng trnh ci t kt. (8) Chn mt vng trng trn a v nhn phm C to mt Partition mi cha h iu hnh.
Hnh 5 (10) Chn Partition va to v nhn Enter tip tc. (11) Chn kiu h thng tp tin (FAT hay NTFS) nh dng cho partition. Nhn Enter tip tc.
Hnh 7
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 65 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
(13) Khi ng li h thng bt u giai on Graphical Based . Trong khi khi ng, khng nhn bt k phm no khi h thng yu cu Press any key to continue
3. GIAI ON GRAPHICAL-BASEDSETUP :
(1) Bt u giai on Graphical, trnh ci t s ci driver cho cc thit b m n tm thy trong h thng.
Hnh 8 (2) Ti hp thoi Regional and Language Options, cho php chn cc ty chn lin quan n ngn ng, s m, n v tin t , nh dng ngy thng nm,.Sau khi thay i cc ty chn ph hp, nhn Next tip tc.
Hnh 9
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 66 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
(3) Ti hp thoi Personalize Your Software, in tn ngi s dng v tn t chc. Nhn Next.
Hnh 10 (4) Ti hp thoi Your Product Key, in vo 25 s CD-Key vo 5 trng bn di. Nhn Next.
Hnh 11 (5) Ti hp thoi Licensing Mode, chn ch bn quyn l Per Server hoc Per Seat ty thuc vo tnh hnh thc t ca mi h thng mng.
Hnh 12 (6) Ti hp thoi Computer Name and Administrator Password , in vo tn ca Server v Password ca ngi qun tr ( Administrator).
Hnh 13 (7) Ti hp thoi Date and Time Settings, thay i ngy, thng, v mi gi ( Time zone) cho thch hp.
Hnh 14 (8) Ti hp thoi Networking Settings, chn Custom settings thay i cc thng s giao thc TCP/IP. Cc thng s ny c th thay i li sau khi qu trnh ci t hon tt.
Hnh 15 (9) Ti hp thoi Workgroup or Computer Domain, ty chn gia nhp Server vo mt Workgroup hay mt Domain c sn. Nu mun gia nhp vo Domain th nh vo tn Domain vo bn di.
Hnh 17
XI. T NG HA QU TRNH CI T:
Nu bn d nh ci t h iu hnh Windows 2003 Server trn nhiu my tnh, bn c th n tng my v t tay thc hin qu trnh ci t nh hng dn trong chng trc. Tuy nhin, chc chn cng vic ny s v cng nhm chn v khng hiu qu. Lc ny vic t ng ho qu trnh ci t s gip cng vic ca bn tr nn
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 70 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
n gin, hiu qu v t tn km hn. C nhiu phng php h tr vic ci t t ng. Chng hn, bn c th s dng phng php dung nh a (disk image) hoc phng php ci t khng cn theo di (unattendedinstallation) thng qua mt kch bn (script ) hay tp tin tr li.
/t
vo a . Nu khng ch nh, trnh ci t s t xc nh. /u : Ci t khng cn theo di vi mt tp tin tr li t ng (kch bn). Nu s dng /u th phi s dng /s. / udf : Ch nh tn ca Server v tp tin c s d liu cha tn, cc thng tin c trng cho mi my (unattend.udf). winnt32 [/checkupgradeonly] [ /s:sourcepath ] [ /tempdrive: drive_letter: ] [ /unattend [ num ] :[ answer_file]] [ /udf:id [, UDB_file ]] ngha ca cc tham s: /checkupgradeonly Kim tra xem my c tng thch nng cp v ci t Windows 2003 Server hay khng? /tempdrive Tng t nh tham s /t /unattend Tng t nh tham s /u
Setupmgr.exe
Hnh 19 (3) Hp thoi Setup Manager xut hin, nhn Next tip tc.
Hnh 20 (4) Xut hin hp thoi New or Existing Answer File.Hp thoi ny cho php bn ch nh to ra mt tp tin tr li mi, mt tp tin tr li phn nh cu hnh ca my tnh hin hnh hoc l chnh sa mt tp tin sn c. Bn chn Create new v nhn Next.
Hnh 21
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 74 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
(5) Tip theo l hp thoi Type of Setup. Chn Unattended Setup v chn Next.
Hnh 22 (6) Trong hp thoi Product, chn h iu hnh ci t s dng tp tin tr li t ng.Chn Windows Server 2003, Enterprise Edition, nhn Next.
Hnh 23
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 75 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
(7) Ti hp thoi User Interaction, chn mc tng tc vi trnh ci t ca ngi s dng. Chn Fully Automated, nhn Next.
Hnh 24 (8) Xut hin hp thoi Distribution Share, chn Setup from a CD, Next. nhn
Hnh 25
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 76 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Hnh 26 (10) Ti ca s Setup Manager, chn mc Name and Organization. in tn v t chc s dng h iu hnh. Nhn Next.
Hnh 27
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 77 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Hnh 29 (13) Ti mc Licensing Mode, chn loi bn quyn thch hp. Nhn Next.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 78 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Hnh 31
(15) Ti mc Administrator Password, nhp vo password ca ngi qun tr. Nu mun m ha password th nh du chn vo mc Encrypt the Administrator password. Nhn Next.
Hnh 32 (16) Ti mc Network Component, cu hnh cc thng s cho giao thc TCP/IP v ci thm cc giao thc. Nhn Next.
Hnh 33
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 80 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
(17) Ti mc Workgroup or Domain, gia nhp my vo Workgrup hoc Domain c sn. Nhn Next.
Hnh 34 (18) Cui cng, trong th mc ch nh, Setup Manager s to ra ba tp tin. Nu bn khng thay i tn th cc tp tin l: Unattend.txt : y l tp tin tr li, cha tt c cc cu tr li m Setup Manager thu thp c. Unattend.udb: y l tp tin c s d liu cha tn cc my tnh s dng khi bn thc hin ci t khng cn theo di. Unattend.bat: cha dng lnh vi cc tham s c thit lp sn. Tp tin ny cng thit lp cc bin mi trng ch nh v tr cc tp tin lin quan. c ci
_ a a CD Windows 2000 Server v a mm trn vo a, khi ng li my tnh, m bo a CD l thit b khi ng u tin. Chng trnh ci t trn a CD s t ng tm c tp tin WINNT.SIF trn a mm v tin hnh ci t khng cn theo di. - S dng mt b ngun ci t Windows 2003 Server : Chp cc tp tin to trong bc trn vo th mc I386 ca ngun ci t Windows 2003 Server. Chuyn vo th mc I386 . Tu theo h iu hnh ang s dng m s dng lnh WINNT.EXE hocWINNT32.EXE theo c php sau: WINNT /s:e:\i386 /u:unattend.txt hoc WINNT32 /s:e:\i386 /unattend:unattend.txt Nu chng trnh Setup Manager to ra tp tin Unatend.UDB do bn nhp vo danh sch tn cc my tnh, v gi nh bn nh t tn my tnh ny l server01 th c php lnh s nh sau: WINNT /s:e:\i386 /u:unattend.txt /udf:server01,unattend.udf
Tng quan Sn phm Windows Server 2008 Window Server 2008 l h iu hnh Windows Server tn tin nht cho ti thi im ny, c thit k nhm tng sc mnh cho cc mng, ng dng v dch v Web th h mi. Vi Windows Server 2008, bn c th pht trin, cung cp v qun l cc tri nghim ngi dng v ng dng phong ph, em ti mt h tng mng c tnh bo mt cao, v tng cng hiu qu v mt cng ngh v gi tr trong phm vi t chc ca mnh. Windows Server 2008 k tha nhng thnh cng v th mnh ca cc h iu hnh Windows Server th h trc, ng thi em ti tnh nng mi c gi tr v nhng ci tin mnh m cho h iu hnh c s ny. Cng c Web mi, cng ngh o ha, tnh bo mt tng cng v cc tin ch qun l gip tit kim thi gian, gim bt cc chi ph, v em ti mt nn tng vng chc cho h tng Cng ngh Thng tin (CNTT) ca bn. Windows Server 2008 bao gm cc phin bn sau: Windows Server 2008 Datacenter em ti mt nn tng cp doanh nghip trin khai cc ng dng quan trng i vi hot ng kinh doanh v o ha quy m ln trn cc my ch ln v nh. Phin bn ny ci thin tnh sn c nh cc kh nng clustering v phn vng phn cng ng, gim bt chi ph cho c s h tng h thng bng cch hp nht cc ng dng vi cc quyn cp php o ha khng hn ch, v m rng t 2 ti 64 b x l. Windows Server 2008 Datacenter mang li mt nn tng t xy dng cc gii php m rng v o ha cp doanh nghip. Windows Server 2008 Enterprise em ti mt nn tng cp doanh nghip trin khai cc ng dng quan trng i vi hot ng kinh doanh. Phin bn ny gip ci thin tnh sn c nh cc kh nng clustering v cm nng b x l, gip ci
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 83 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
thin tnh bo mt vi cc c tnh c cng c qun l nhn dng, v gim bt chi ph cho c s h tng h thng bng cch hp nht ng dng vi cc quyn cp php o ha. Windows Server 2008 Enterprise mang li nn tng cho mt c s h tng CNTT c nng ng v kh nng m rng cao. Windows Server 2008 Standard l h iu hnh Windows Server mnh nht hin nay. Vi cc kh nng o ha v Web dng sn v tng cng, phin bn ny c thit k tng tin cy v linh hot ca c s h tng my ch ca bn ng thi gip tit kim thi gian v gim chi ph. Cc cng c mnh m gip bn kim sot my ch tt hn, v sp xp hp l cc tc v cu hnh v qun l. Thm vo , cc tnh nng bo mt c ci tin lm tng sc mnh cho h iu hnh gip bn bo v d liu v mng, v to ra mt nn tng vng chc v ng tin cy cho doanh nghip ca bn. Windows Web Server 2008 dnh cho cc h thng da trn b x l Itanium c ti u ha cho cc trung tm d liu ln, cc ng dng nghip v ring, ng dng ty bin mang li sn sng v kh nng m rng cao cho ti 64 b x l p ng nhu cu cho cc gii php kht khe v quan trng. Windows HPC Server 2008, c xy dng trn nn Windows Server 2008, cng ngh 64 bit v c th m rng mt cch hiu qu ti hng nghn li x l vi tnh nng c sn ci thin hiu sut, v gim tnh phc tp ca mi trng HPC. Windows HPC Server 2008 cho php p dng rng ri hn nh cung cp mt tri nghim ngi dng phong ph v tch hp, t ng dng dnh cho my bn ti cc cm my, v cha mt b ton din cc cng c trin khai, qun tr, v gim st. Cc cng c ny d trin khai, qun l v tch hp vi h tng CNTT hin c ca bn. Windows HPC Server 2008, th h k tip ca tnh ton hiu nng cao
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 84 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
(HPC), cung cp cc cng c cp doanh nghip cho mt mi trng HPC hiu sut cao. c xy dng da trn Windows Server 2008, cng ngh 64-bit, Windows HPC Server 2008 c th m rng ti hng nghn li x l v cha cc console qun l gip bn ch ng theo di v duy tr tnh trng an ton v tnh n nh ca h thng. Kh nng tng kt v linh hot trong iu khin cng vic cho php tch hp gia cc nn tng HPC trn nn Windows v Linux, h tr cc ti lm vic theo m v cc ti lm vic theo ng dng hng dch v (SOA). Nng sut c ci thin, hiu nng c th ty bin, v d s dng l mt s c trng khin Windows HPC Server 2008 tr thnh sn phm tt nht cho cc mi trng Windows. Windows Server 2008 for Itanium-Based Systems dnh cho cc h thng da trn b x l Itanium c ti u ha cho cc trung tm d liu ln, cc ng dng nghip v ring, ng dng ty bin mang li sn sng v kh nng m rng cao cho ti 64 b x l p ng nhu cu cho cc gii php kht khe v quan trng. Windows Server 2008 Standard khng c Hyper-V. Windows Server 2008 Enterprise khng c Hyper-V.
Windows Hyper-V.
Server
2008
Datacenter
khng
cc tc v thng trnh v qun tr h thng trn nhiu my ch. Windows Deployment Services em ti mt phng tin bo mt cao, n gin ha nhanh chng trin khai h iu hnh ny qua cc bc ci t trn nn mng.Thm vo , cc wizard Failover Clustering ca Windows Server 2008, v vic h tr y cho Giao thc Internet phin bn 6 (gi tt l IPv6) cng vi kh nng qun l hp nht Network Load Balancing khin d dng trin khai vi tnh sn c cao, thm ch bi nhng ngi c hiu bit chung nht v CNTT. Ty chn ci t mi Server Core ca Windows Server 2008 cho php ci t cc vai tr my ch ch vi nhng thnh phn v h thng ph cn thit m khng cn giao din ngi dng. Vic c t hn cc vai tr v c tnh ng ngha vi vic gim thiu cng vic cho a v dch v, ng thi gim bt cc b mt tn cng. Sn phm cng cho php nhn vin CNTT xy dng c t ty theo cc vai tr my ch cn h tr.
4. Bo mt cao
Windows Server 2008 l h iu hnh Windows Server bo mt nht t trc n gi. H iu hnh ny c cng c chc chn gip bo v chng li hng hc. Mt s cng ngh mi gip ngn chn cc kt ni bt hp php ti cc mng, my ch, d liu ca bn v cc ti khon ngi dng. Chc nng Network Access Protection (NAP) gip m bo rng nhng my tnh no mun kt ni vi mng ca bn u phi tun th chnh sch bo mt ca t chc. Vic tch hp cng ngh v nhiu tnh nng nng cao khin cc dch v Active Directory tr thnh mt gii php IDA (Identity and Access - Nhn dng v Truy cp) tch hp, hp nht v mnh m. Thm vo , Read-Only Domain Controller (RODC) v M ha a bng BitLocker cho php bn trin khai c s d liu AD mt cch bo mt hn trn khp cc khu vc ca vn phng chi nhnh.
Yu cu
Ti thiu : 1Ghz (x86) hoc 1.4Ghz (x64) Khuyn ngh : Tc x l 2Ghz hoc cao hn Ch : Cn b x l Intel Itanium 2 cho Windows Server i vi cc h thng da trn kin trc Itanium. Ti thiu : RAM 512MB Khuyn ngh : RAM 2GB hoc ln hn Ti u : RAM 2GB ( Ci t ton b)/ 1GB (Ci Server Core) hoc hn Ti a (HH x86) : 4GB (Bn Standard), 64GB (Enterprise/Datacenter) Ti a (HH x64) : 32GB (Standard), 2TB (Enterprise/Datacenter/ HH da trn kin trc Itanium. Ti thiu : 10GB Khuyn ngh : 4GB tr ln Ch : Cc my tnh c RAM ln hn 16GB s cn nhiu khng gian a hn dnh cho paging, hibernation, v dump files DVD-ROM Super VGA (800x600) hoc c phn gii cao hn 88 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
B nh
* Yu cu thc t s thay i ty theo cu hnh h thng ca bn, ng dng v cc c tnh bn chn ci t. Hiu nng ca b x l khng ch ph thuc vo tn s xung ca b x l m cn ph thuc vo s lng cc li v kch c b nh m ca b x l. Nhng yu cu v khng gian a phn hoch h thng ch mang tnh tng i. Cc h iu hnh da trn kin trc Itanium v x64 s thay i theo c lng v kch c nhng a ny. C th cn thm khng gian trng trong cng nu tin hnh ci t qua mng (network).
III.
mnh m cho h iu hnh li Windows Server gip cc t chc mi quy m tng cng kh nng kim sot, tnh sn c, v linh hot nhm i ph vi nhu cu kinh doanh lun bin i ca h. Cc cng c Web mi, cng ngh o ha, nhng ci tin v vn bo mt, v cc tin ch qun l gip tit kim thi gian, gim bt chi ph, v em ti mt nn tng chc chn cho h tng CNTT ca bn.
Windows Server 2008 cung cp mt nn tng vng chc cho tt c cc yu cu v ng dng v ti lm vic cho my ch ng thi d trin khai v qun l. Tnh tin cy to ra s khc bit ca Windows Server v cc c tnh c sn c cao gip m bo ng dng v d liu quan trng ca bn lun sn sng khi cn. .
ti mt giao din hp nht cu hnh v gim st bng winzard sp xp hp l cc tc v qun l ph bin ca my ch.
dng lnh dnh cho giao din ngi my, cho php qun tr vin t ng ha cc tc v thng trnh qun tr h thng trn nhiu my ch.
on mnh m nhm gip bn theo di lin tc mi trng my ch ca mnh, c vt l v o, xc nh v khc phc s c nhanh chng.
trnh ci t, trong ch ci t nhng vai tr my ch v tnh nng bn cn, gip gim bt nhu cu bo tr v b mt tn cng ca my ch.
ha v bo mt cao trin khai nhanh cc h iu hnh Windows ti nhiu my tnh thng qua ci t trn nn mng.
Cc winzard failover clustering gip ngay c nhng ngi c hiu bit chung
nht v CNTT cng d dng trin khai c cc gii php c sn sng cao. Giao thc Internet phin bn 6 (IPv6) gi y hon ton c tch hp, v cc nt cm my ch phn b theo khu vc a l khng cn phi trn cng mt mng con IP hoc c cu hnh bng Mng LAN o (VLAN).
Windows Server 2008 Hyper-V, cng ngh o ha th h mi dnh cho my ch, trn nn hypervisor, cho php hp nht cc my ch v s dng phn cng hiu qu hn. Nhiu tnh nng nng cao vi Terminal Services (TS) gip ci thin vic o ha trnh din (present virtualization). Thm vo , cc iu khon cp php n gin hn khin c th s dng ngay cc cng ngh ny.
nhng my o ring bit (VM) chy trn mt my vt l duy nht m khng cn phi mua phn mm ca nh cung cp th 3.
Cc ty chn trin khai mi cho php bn trin khai nhng phng thc o ha
o chy trn my ch WSv v sao lu cc my o trong khi chng vn ang chy gip cho cc my ch c o ha lun trng thi sn sng cao.
chng trnh c truy cp t xa c th c m ra ch bng mt ln nhp chut v hin th nh th cc chng trnh ny ang chy mt cch nhp nhng trn my tnh ti ch ca ngi dng cui.
91 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
trnh hot ng trn nn Windows thng qua cc tng la m khng cn mt mng ring o (VPN).
php Truy cp My trm ca ngi dng (User Client Access Licenses CLAs). c tch hp sn trong Windows Server 2008, TS Licensing l mt dch v nh hng thp, cho php tp trung ha vic qun l, theo di, bo co v mua TS trn mi Giy php CALs dnh cho ngi dng mt cch hiu qu.
Windows Server 2008 ci thin kh nng qun tr, chn on, pht trin v cc cng c ng dng Web bng Internet Information Services 7.0 (IIS 7.0), y l s nng cp ng k t IIS 6.0. Windows Server 2008 hp nht nn tng xut bn Web ca Microsoft, bao gm IIS 7.0, ASP .NET, Windows Communication Foundation, v Windows Sharepoint Services.
tnh cn thit, gip gim bt b mt tn cng v khin vic qun l bn v d dng hn.
Vic trin khai cho cc trang cho php d dng sao chp cc thit lp ca
Vic y quyn qun tr cc ng dng v trang Web cho php bn trao quyn
kim sot ti cc b phn khc nhau ca my ch Web cho nhng ngi c nhu cu.
cc cng ngh chn on v khc phc s c cho php d dng quan st v theo di nhng yu cu ang chy trn my ch Web .
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 92 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Microsoft.Web.Administration, mt API qun l mi cho php chnh sa cc file cu hnh nh dng XML cho my ch Web, cc trang hoc ng dng ca bn.
H tr CGI nhanh chy cc apps PHP, Perl script v cc ng dng Ruby. Tch hp cht ch hn vi cc c tnh ASP.NET v mt kho lu tr cu hnh
cho tt c cc ch cu hnh cho nn tng Web trn khp IIS 7.0 v ASP.NET.
M hnh c kh nng m rng linh hot cho php ty bin nh b sung module
H iu hnh Windows Server 2008 c cng c, tch hp nhiu cng ngh nhn dng & truy cp, v cha nhiu i mi v tnh bo mt trin khai d dng mt mng thng tin c vn hnh theo chnh sch nhm gip bo v h tng my ch, d liu v doanh nghip ca bn.
hnh cho cc vai tr my ch ang c trin khai gim bt din tch b mt tn cng, em ti mt mi trng my ch bn vng v bo mt hn
Policy) cho php to v qun l mt cch hiu qu cc Chnh sch nhm ng thi m rng s lng khu vc c th c qun l mt cch bo mt bng chnh sch.
s khng b nh hng bi cc my tnh khng an ton, ng thi cch ly v/hoc khc phc nhng my tnh no khng tun th chnh sch bo mt do bn lp ra.
ca Microsoft, mang li tnh linh hot m ha cao hn nh kh nng h tr cc thut ton m ha tiu chun cng nh cc thut ton m ha ty bin, cho php to, lu tr, v truy xut cc kha m ha mt cch hiu qu hn.
hn xc thc ti ch nhng ngi dng xa v ngi dng ti cc khu vc vn phng chi nhnh ang s dng cc bn sao ch c ca c s d liu AD chnh.
mi quan h tin cy gia i tc bng nhiu th mc nhn dng v truy cp khc nhau, hot ng trn cc mng khc nhau, ng thi cho php truy cp ch cn ng nhp mt ln (SSO) mt cch bo mt ti cc mng ca nhau.
Active Directory Certificate Services (AD CS) cung cp nhiu tnh nng
nng cao cho Pubic Key Infrastruture (KPI- C s h tng kha cng) trong Windows Server 2008, bao gm PKIView gim st tnh trng Certification Authorities (CA) v kh nng kim sot COM mi, bo mt hn i vi vic ng k Web bng chng ch trong ActiveX.
quyn trong Active Directory) cng vi nhng ng dng c RMS h tr gip bn d dng bo v thng tin s ca doanh nghip khi b s dng tri php.
liu trn my ch b n cp hoc b l nu phn cng my ch b mt hoc b nh cp, v gip xa d liu mt cch bo mt hn khi cc my ch ca bn khng tip tc lm vic na
dng firewall kim sot lung d liu vo ra ca h thng, thit lp cc chnh sch firewall ngn chn vic truy cp vo cc Website c ni dung khng ph hp.
ISA Server 2006 Standard Edition p ng nhu cu bo v v chia s
lung d liu vo v ra h thng mng ni b ca cng ty Kim sot qu trnh truy cp ca ngi dng theo giao thc, thi gian v ni dung nhm ngn chn vic kt ni vo nhng trang web c ni dung khng thch hp, thi gian khng thch hp ( v d nh gi lm vic ) Bn cnh chng ta cn c th trin khai h thng VPN site to site hay remote access h tr vic truy cp t xa vo h thng mng ni b ca cng ty, hoc trao i d liu gia vn phng v hi s i vi cc cng ty c nhng h thng my ch public nh Mail Server, Web Server, FTP Server cn c nhng chnh sch bo mt ring th ISA Server 2006 cho php trin khai vng DMZ nhm ngn nga s tng tc trc tip gia ngi dng bn trong v bn ngoi h thng
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 95 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Ngoi cc tnh nng bo mt thng tin trn, ISA Server 2006 bn standard cn c chc nng to cache cho php rt ngn thi gian, tng tc kt ni internet ca mng ni b. Chnh v l do m sn phm firewall ny c tn gi l Internet Security & Aceleration (bo mt v tng tc Internet).
thng mng ln, p ng c nhu cu trao i thng tin ln gia mng ni b v bn ngoi. Ngoi nhng tnh nng c trn ISA Standard Edition, phin bn Enterprise cn cho php thit lp h thng mng cc ISA Server cng s dng mt chnh sch, iu ny gip d dng qun l v cung cp tnh nng Load Balancing (cn bng ti).
Phin bn Enterprise cho php ta chia s vic cache gia mt dy cc ISA vi nhau. Vi bn Enterprise, mt dy gm nhiu my ISA s c cu hnh tr thnh
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 96 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
mt vng cache n lun l bng cch kt ni kh nng cache ca tt c cc ISA li vi nhau. thc hin tnh nng ny, ISA s dng CARP. C ch nh sau : khi mt my client i mt trang web no , CARP s ch nh mt ISA trong dy cache li trang . Khi mt my client khc i trang web khc, CARP ch nh tip mt my ISA khc cache li trang web. C lun phin nh th. Khi mt client bt k i mt trang web c cache th CARP s ch nh ra my ISA no cache trang tr v cho my client. CARP gip ti u ha kh nng cache. Integration of Network Load Balancing NLB ( Tch hp cn bng ti trn ISA ) NBL l mt thnh phn network c sn trong Windows 2000 Server v Windows Server 2003. S dng NLB tc l chng ta phi chp nhn d tha (redundancy), ta s c t 2 n nhiu my cng chc nng (vd cng l ISA) cn bng ng truyn, trnh hin tng qu ti. NLB cng l mt hnh thc backup, v nu c mt my b down (cht) th s c my khc thay th nhim v trong thi gian phc hi my kia. NLB p ng nhu cu v tnh n nh v tnh sn sng cao trong h thng. Vi bn Standard, bn phi cu hnh NLB bng tay. Cn vi bn Enterprise, NLB c tch hp vo ISA nn bn c th qun l NLB t ISA. Bn c th dng ISA Server Management Console cu hnh, qun l, gim st (monitor) NLB. III. So snh ISA 2006 v ISA 2004 ISA Server 2006 l phin bn mi nht ca sn phm Microsoft ISA Server. V giao din th ISA 2006 ging ISA 2004 n 90%. Tuy nhin, n c nhng tnh nng mi ni tri hn m ISA 2004 vn cn hn ch, chng hn nh:
Pht trin h tr OWA, OMA, ActiveSync v RPC/http Publishing
H tr SharePoint Portal Server h tr cho vic kt ni nhiu Certificates ti 1 Web listener H tr vic chng thc LDAP cho Web Publishing Rules c im ni bt ca bn 2006 so vi 2004 l tnh nng Publishing v VPN (chng ta s cng tm hiu phn sau)
1. V kh nng Publishing Service ISA 2006 c th t to ra cc form trong khi ngi dng truy cp vo trang OWA, qua y h tr chng thc kiu form-based. chng li cc ngi dng bt hp php vo trang web OWA. tnh nng ny c pht trin di dng Add-ins. Cho php public Terminal Server theo chun RDP over SSL, m bo d liu trong phin kt ni c m ha trn Internet (k c password). Block cc kt ni non-encrypted MAPI n Exchange Server, cho php Outlook ca ngi dng kt ni an ton n Exchange Server Rt nhiu cc Wizard cho php ngi qun tr public cc Server ni b ra internet 1 cch an ton. h tr c cc sn phm mi nh Exchange 2007. 2. Kh nng kt ni VPN Cung cp Wizard cho php cu hnh t ng site-to-site VPN 2 vn phng ring bit. tt nhin ai thch cu hnh bng tay ti tng im mt cng c. tch hp hon ton Quanratine, Stateful filtering and inspection (ci ny th quen thuc ri), kim tra y cc iu kin trn VPN Connection, Site to site, secureNAT for VPN Clients, ... Cho php Public lun 1 VPN Server khc trong Intranet ra ngoi Internet (th mi gu), h tr PPTP, L2TP/IPSec, IPSec Tunnel site-to-site (vi cc sn phm VPN khc, cha th ci ny u nh). 3. V kh nng qun l D dng qun l Rt nhiu Wizard Backup v Restore n gin. Cho php y quyn qun tr cho cc User/Group Log v Report cc tt. Cu hnh 1 ni, chy mi ni (ci ISA Enterprise) Khai bo thm server vo array d dng Tch hp vi gii php qun l ca Microsoft: MOM SDK, nu ai thch lp trnh cc gii php tch hp vo ISA 2006 th rt khoi b ny.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 98 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
H tr nhiu network, khng cn ong m ci ny, n t cc loi khc. Route/NAT theo tng network Firewall rule a dng IDS (cng tm c) Flood Resiliency HTTP compression Diffserv
IV.
ISA FIREWALL Client: Phn mm tng la my khch (Firewall client) l mt phn mm c ci t trn cc h iu hnh Windows nhm cung cp s bo mt v kh nng truy cp nng cao. Phn mm ny cung cp cc tnh nng nng cao di y cho my khch Windows:
Cho php thm nh da trn nhm ngi dng hoc mt ngi dng ring l cho tt c cc ng dng Winsock bng s dng cc giao thc TCP v UDP Cho php ngi dng v thng tin ng dng c ghi li trong file bn ghi ca tng la ISA Cung cp h tr nng cao cho cc ng dng mng gm giao thc phc hp c yu cu n kt ni th cp Cung cp h tr proxy DNS cho tng la my tnh Cho php bn a ra cc my ch yu cu giao thc phc hp m khng cn s h tr ca b lc ng dng C s h tng nh tuyn mng l trong sut i vi tng la my khch Cho php thm nh da trn nhm ngi dng hoc ngi dng ring bit i vi cc ng dng Winsock bng s dng giao thc TCP v UDP. Phn mm Firewall client gi thng tin ngi dng mt cch trong sut n tng la ISA. iu ny cho php bn to cc nguyn tc truy cp p dng cho nhm hay ngi dng ring l, hn ch hay cho php truy cp vo giao thc, trang, hoc ni dung da vo ti khon ngi dng hoc hi vin nhm. Kim sot truy cp i ra ca cc nhm hoc ngi dng ring l l rt quan trng. Khng phi tt c ngi dng u yu cu cc mc truy cp nh nhau v ngi dng ch nn c php truy cp vo giao thc, trang v ni dung m h yu cu thc hin cng vic ca h. *Lu Khi nim cho php ngi dng ch truy cp vo cc giao thc, trang v ni dung m h yu cu c da trn nguyn l c quyn ti thiu. Nguyn l c quyn ti thiu p dng cho c truy cp vo v ra. Vi kch bn truy cp vo, cc nguyn l Server v Web Publishing cho php lu lng t cc my m rng n ti nguyn mng Internet trong mt kiu cch kim tra v iu khin cao. Nhng iu nh vy cng ng cho truy cp ra. Trong cc mi trng mng truyn thng, truy cp vo
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 100 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
thng b gii hn cao hn trong khi ngi dng c cho php truy cp ra n bt k ti nguyn no m h mong mun. Phng php kim sot truy cp ra yu km ny khng ch gy ri ro cho mng cng tc m cn cho c cc mng khc bi su Internet c th xm nhp vo tng la m khng b hn ch truy cp ra. Firewall client t ng gi cc y nhim ngi dng (tn v mt khu) n ISA firewall. Ngi dng phi c ng nhp vi ti khon ngi dng trong c min Windows Active Directory hay NT, hoc ti khon ngi dng phi c phn nh n ISA firewall. V d, nu bn c mt min Active Directory th ngi dng phi ng nhp vo min, ISA firewall phi l mt thnh vin ca min. ISA firewall c th thm nh ngi dng v cho php hoc hn ch truy cp da trn y nhim min ca ngi dng. Nu khng c min Windows, bn c th vn s dng phn mm Firewall client iu khin truy cp ra da trn nhm hoc ngi dng n l. Trong trng hp ny, bn phi phn nh cc ti khon m ngi dng ng nhp vo my trm lm vic ca h bng cc ti khon ngi dng c lu trong Security Account Manager (SAM) ni b hoc trn ISA firewall. V d: mt doanh nghip nh khng s dng Active Directory, nhng h mun kim sot c truy cp ra tt da trn cc hi vin nhm v ngi dng. Ngi dng ng nhp vo cc my tnh ca h bng ti khon ngi dng ni b. Bn c th nhp vo cng tn ngi dng v mt khu trong ISA firewall. ISA firewall s c th thm nh ngi dng da trn cng thng tin ti khon s dng khi ngi dng ng nhp vo cc my tnh cc b. Cc my khch Windows 9x c th c cu hnh theo y nhim min nu h c phn mm Active Directory ci t.
1.
u im ln trong vic s dng Firewall Client l khi tn ngi dng c gi n ISA Firewall, th tn c cha trong cc file bn ghi ca ISA Firewall. iu ny cho php bn d dng cht vn cc file bn ghi ly c tn ngi dng v c c thng tin chnh xc v cc hot ng Internet ca ngi dng . Trong ni dung ny, Firewall client khng ch cung cp mt mc bo mt cao bi cho php bn kim sot c s truy cp ra da trn ti khon ngi dng v ti khon nhm m cn cung cp mt mc cao ca trch nhim gii trnh. Ngi dng s t chia s thng tin ti khon ca h vi cc ngi dng khc khi h bit rng hot ng Internet ca h ang b kim tra da trn tn ti khon v h phi chu trch nhim cho hnh ng .
2.
Ngc li vi SecureNAT client, Firewall client khng cn phi cu hnh vi DNS server lin quan n Internet host name. ISA Firewall c th thc hin chc nng proxy DNS cho cc Firewall client. V d: khi mt Firewall client gi mt yu cu kt ni n
ftp://ftp.microsoft.com, yu cu c gi trc tip n ISA Firewall. ISA firewall x l tn ca Firewall client da trn cc thit lp DNS trn card giao din mng ca ISA firewall. ISA firewall tr li a ch IP cho my Firewall client, v my tnh Firewall client gi yu cu FTP n a ch IP cho trang FTP ftp.microsoft.com. ISA firewall cng lu cc kt qu cht vn DNS m n thc hin cho Firewall client. Khng ging nh ISA Server 2000, lu tr thng tin trong mt chu k mc nh l 6 gi, ISA firewall lu tr ton b cho mt chu k c ch r bi TTL trn bn ghi DNS. iu ny lm tng s lng tn cho cc kt ni Firewall client n sau i vi cng trang. Hnh sau th hin chui tn Firewall:
Hnh 2. Chui tn Firewall Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 103 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Bc 1. Firewall client gi mt yu cu cho ftp.microsoft.com. Bc 2. ISA firewall gi mt cht vn DNS n my ch DNS bn trong. Bc 3. My ch DNS x l tn ftp.microsoft.com vi a ch IP ca n v tr v kt qu cho ISA firewall. Bc 4. ISA firewall tr v a ch IP ca ftp.microsoft.com cho Firewall client to yu cu. Bc 5. Firewall client gi mt yu cu n a ch IP l ftp.microsoft.com v kt ni c hon tt Bc 6. My ch Internet tr li cc thng tin yu cu cho Firewall client thng qua kt ni Firewall client thc hin vi ISA firewall.
- Lu
Firewall client ch thit lp mt kt ni knh kim sot khi kt ni n ti nguyn khng t trong mng bn trong. Trong ISA Server 2000, mng bn trong c nh
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 104 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
ngha bng Local Address Table (LAT). ISA 2004/2006 firewall khng s dng LAT v kh nng kt ni a mng nng cao ca n. Tuy nhin, Firewall client phi c mt s c ch thay th quyt nh s truyn thng no s c gi n dch v tng la trn ISA firewall v s truyn thng no c gi trc tip n ch m Firewall client mun. Firewall client gii quyt vn bng s dng cc a ch c nh ngha bi ISA Firewall Network trn my khch hin c. ISA Firewall Network cho cc Firewall client c th c tt c a ch c th t giao din mng c kt ni n ISA Firewall Network ca chnh Firewall client. Tnh hung ny to nn mt th v trong ISA firewall, nhiu gia nh c nhiu ISA Firewall Network c kt hp vi cc adapter mng khc. Nhn chung, tt c cc host c t bn trong cng mt adapter mng (khng quan tm n ID mng) c xem xt nh l mt phn ca cng ISA Firewall Network v tt c s truyn thng gia cc host trn ISA Firewall Network phi c qua Firewall client. Cc a ch cho ISA Firewall Network c nh ngha trong sut qu trnh ci t ca phn mm ISA firewall, nhng bn c th to cc mng khc sau khi ci t c hon tt. in hnh, sau khi ci t, ch c ISA Firewall Network bn trong c to cho bn v bn cn phi to mt cch th cng ISA Firewall Network khc nu c nhiu hn 2 NIC trn ISA Firewall ca bn.
sau khi ci t c hon tt hn ch s truyn thng gia ISA Firewall v Internal Network mc nh ch cho truyn thng c yu cu cho kch bn ca bn. Mc d vy, cu hnh tp trung ca Firewall client c th c thc hin trn ISA Firewall Network; v vy bn c th kim sot c cc thit lp Firewall client tn mi mng c bn. iu ny cho php bn c c php o v s kim tra cc thit lp cu hnh Firewall client c qun l trn mi mng nh th no. Mc d gii php ny khng gip trong kch bn mng trong mng, ni c nhiu ID mng c t ng sau cng mt card giao din mng. Trong kch bn mng trong mng, bn c th s dng file locallat.txt LAT ni b ghi cc thit lp mng bn trong tp trung nu thy n l cn thit. Nhn chung, kch bn mng trong mng khng to ra nhiu vn ng k cho Firewall client. S ci thin ng k nht m ISA 2004/2006 Firewall client c c hn so vi cc phin bn trc (Winsock Proxy Client 2.0 v ISA Server 2000 Firewall Client) l bn c ty chn s dng mt knh c m ha gia the Firewall client v ISA firewall. Nh rng, Firewall client gi cc y nhim ngi dng trong sut n ISA firewall. ISA Firewall client m ha knh gi b mt. Lu rng bn c th ty chn vic cu hnh ISA firewall cho php truyn thng knh kim sot khng bo mt v bo m bo mt.
Lu :
Nu ch truyn ti Internet Protocol security (IPSec) c kch hot cho mt mng my Firewall client s dng ch ny kt ni n ISA firewall th bn c th cm nhn thy s khng bnh thng hoc cc vn kt ni khng d on trc. Nu Firewall client trong mng khng thc hin nh mong i, hy v hiu ha IP routing ti giao din s dng ca ISA firewall. Trong giao din , m server, m rng Configuration, kch vo nt General. Trong ca s chi tit, kch Define IP
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 106 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Preferences. Trn tab IP Routing, thm nh rng hp kim Enable IP Routing l khng c tch. Lu rng vic v hiu ha IP Routing c th lm gim ng k hiu sut ca SecureNAT clients yu cu truy cp n cc kt ni th cp.
VII. YU CU CI T:
THNH PHN B X L (CPU) H iu hnh (OS) B Nh ( Memory) Khng gian a (Disk Space) NIC YU CU NGH CPU Intel hoc AMD ti thiu 773 MHz. HH Windows Server 2003 SP1 32bit, Windows Server 2003 R2 32bit RAM ti thiu 512MB a cng ti thiu 150MB, nh dng NTFS Ti thiu 1 Card mng nu dng ISA lm Proxy server Bng thng s ci t Trong hu ht trng hp, bng thng mng c sn v c bit l cc lin kt Internet c th c bo m bng ISA Server chy trn phn cng nhp cnh cp. Mt in hnh mc nh trin khai ca ISA Server m bo truy cp web gi i cho cc Hypertext Transfer Protocol (HTTP) giao thng i hi cu hnh phn cng c th cho cc lin kt Internet khc nhau. Nhng cu hnh phn cng c hin th trong bng sau y. ( bit thm chi tit, kch bn Web Proxy trong ti liu ny.).
Ln n 5 T1 7,5 T3 45 Mbps
Ln n 90 Mbps
108
Ch Bin / Cores
2/2
Xeon Dual Core Kiu B X L MGhz hoc cao hn Pentium III750 Pentium 4 3,0-4,0 gigahertz (GHz)
Xeon3.0-4,0 GHz
2,0-3,0 GHz
B Nh
Bo Co Thc Tp VPN Server
521 MB
512MB
1 gigabyte (GB)
2 GB
Khng Gian a
150MB
2.5 GB
5 GB
10 GB
10/100 Mbps
10/100 Mbps
10/100 Mbps
10/100 Mbps
150
700
850
2000
S dng stateful lc lp vn chuyn thay v lc Web Proxy ci thin s dng CPU cho cng mt m hnh giao thng bi mt yu t ca 10. C hai trng thi lc v lc ng dng c th c s dng song song cung cp s kim sot trn hiu sut.
VIII. CI T ISA SERVER 2006 STANDAR EDITION - Ci t ISA Server 2006 trn h iu hnh Windows Server 2003:
Ta tin hnh ci t ISA Server 2006. u tin ta chy tp tin ISA Autorun.exe t b ci t ISA 2006 Standard Edition. - Ta Click chn Install ISA Server 2006 trong hp thoi Microsoft ISA Server 2006 Setup
Hnh 3 - Trong hp thoi Installation Wizard ta nhn Next tip tc. V ta chn I accept trong hp thoi License Agreement, chn Next .
Hnh 4 Bc ny ta c th nhp tn User Name hoc Organization. mc nh Product Serial Number Nhn Next tip tc
+ Nu ta chn Typical mc nh v nhn Next. H thng s mc nh nhng ty chn c sn + Nu ta chn Custom Next : trong hp thoi Custom Setup mc nh h thng chn Firewall Services, Advanced Logging, v ISA Server Management. Trn Unihomed ISA firewall ch h tr Web Proxy Client nn ta c th khng chn ty chn Firewall client Installation share tuy nhin ta c th chn n cc Client c th s dng phn mm ny h tr truy xut Web qua Web Proxy. Chn Next tip tc.
Hnh 6 Trong hp thoi Internal Network ta click vo Add ch nh Address Range cho Internet network
Hnh 7 Hp thoi Address xut hin ta click vo Add Adapter chn a ch Card mng.
Hnh 11
Hnh 12 Trong hp thoi Firewall Client Connections s thng bo ch nh nu ISA s chp nhn cc kt ni t khch hng Firewall m m ha khng c h tr. - Nu ta check vo Allow non-encrypted Firewall client connections : ISA s chp nhn cc kt ni Firewall ca khch hng khng c m ha Ta nhn Next Chng Trnh s bt u Install. Lu : Xut hin hp thoi Services cnh bo ISA Firewall s dng mt s dch v SNMP v IIS Admin Service trong qu ci t. ISA Firewall cng s v hiu ha (disable) Connection Firewall (ICF) / Internet Connection Sharing (ICF), v IP Network Address Translation (RRAS NAT service) services.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 114 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Sau khi Install hon tt cc bn nhn Finish hon tt qu trnh Ci t ISA server 2006
Hnh 13
IX. Kt lun
Trong bi vit ny chng ti gii thiu cho cc bn phn mm Firewall client ca ISA firewall. Firewall client thc hin nh mt ng dng Winsock proxy my khch m ng dng Winsock ca mng iu khin xa gi n ISA Firewall. Dch v tng la ca ISA Firewall sau y nhim cc kt ni n ch c yu cu bi my khch. Firewall client h tr cc giao thc c nhiu kt ni chnh v ph v khng yu cu nh ngha giao thc c th nu mt nguyn tc truy cp m tt c c to ra. Quan trng nht, Firewall client c th gi thng tin tn my tnh v s dng n ISA Firewall v thng tin ny c lu trong cc bn ghi v bo co bn c th c c thng tin chi tit v nhng g ngi dng ang thc hin vi kt ni Internet, vi hu ht cc ng dng v giao thc, nhng th m khng th c thc hin vi my tnh c cu hnh nh Web proxy hoc SecureNET client. Thm vo , Firewall client gi tn nh ng dng n ISA Firewall bn c th quyt nh mt cch d dng xem ng dng b cm c ang c s dng bi ngi dng hay khng. Ngoi ra cn hng dn cc bn yu cu ci t ISA Server 2006, cc bn c th cu hnh qun l cc my c trong mt Domain c dng ln t trc. ISA
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 115 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Server thit lp cc ch nh, hn ch,.cho ngi dng trong Domain. Tt c cc Traffic bn trong nu mun truy xut ra ngoi u phi thng qua ISA Server c trong Domain. Cng nh cc Traffic bn ngoi mun vo trong Domain. ISA Server 2006 Standard Edition dnh cho nhng doanh nghip c quy m va v nh.
Hnh 1 Thng qua VPN, ngi dng c th truy cp cc chc nng trn ton mng li, chng hn nh truy cp t xa ti cc ngun ti nguyn nh cc tp tin, my in, c s d liu hoc cc trang web ni b mt cch an ton. VPN ngi dng t xa c c nhng n tng c kt ni trc tip vi mng trung tm thng qua mt lin kt im-im.
2. Li ch ca VPN
VPN cung cp nhiu c tnh hn so vi nhng mng truyn thng v nhng mng leased-line. Nhng li ch u tin bao gm: Chi ph thp hn nhng mng ring: VPN c th gim chi ph khitruyn ti 2040% so vi nhng mng thuc mng leased-line v gimvic chi ph truy cp t xa t 60-80% Tnh linh hot cho kh nng kinh t trn Internet: VPN vn c tnh linh hot v c th leo thang nhng kin trc mng hn l nhng mng c in, bng cch no n c th hot ng kinh doanh nhanh chng v chi ph mt cch hiu qu cho vic kt ni t xa ca nhng vn phng, nhng v tr ngoi quc t, nhng ngi truyn
thng, nhng ngi dng in thoi di ng, nhng ngi hot ng kinh doanh bn ngoi nh nhng yu cu kinh doanh i hi n gin ha nhng gnh nng Nhng cu trc mng ng, v th gim vic qun l nhng gnh nng: S dng mt giao thc Internet backbone loi tr nhng PVC tnh hp vi kt ni hng nhng giao thc nh l Frame Relay v ATM Tng tnh bo mt: Cc d liu quan trng s c che giu i vi nhng ngi khng c quyn truy cp v cho php truy cp i vi nhng ngi dng c quyn truy cp H tr cc giao thc mng thng dng nht hin nay nh TCP/IP Bo mt a ch IP: Bi v thng tin c gi i trn VPN c m ho do cc a ch bn trong mng ring c che giu v ch s dng cc a ch bn ngoi Internet
4. nh ngha ng hm v m ho
Chc nng chnh ca mt mng ring o VPN l cung cp s bo mtthng tin bng cch m ho v chng thc qua mt ng hm (tunnel) a, nh ngha ng hm: Cung cp cc kt ni logic, im ti im vn chuyn cc gi d liu mho bng mt ng hm ring bit qua mng IP, iu lm tng tnh bo mtthng tin v d
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 119 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
liu sau khi m ho s lu chuyn trong mt ng hm cthit lp gia ngi gi v ngi nhn cho nn s trnh c s mt cp, xemtrm thng tin, ng hm chnh l c tnh o ca VPN.Cc giao thc nh ng hm c s dng trong VPN nh sau: L2TP (layer 2 Tunneling Protocol): Giao thc nh ng hm lp2 PPTP (Point-to-Point Tunneling Protocol) L2F (Layer 2 Forwarding)Cc VPN ni b v VPN m rng c th s dng cc cng ngh: IP Sec (IP security) GRE (Genenic Routing Encapsulation) b, M ho v gii m (Encryption/Deccryption): Bin i ni dng thng tin nguyn bn dng c c (clear text hay plain text) thnh mt dng vn bn mt m v ngha khng c c(cyphertex), v vy n khng c kh nng c c hay kh nng s dng binhng ngi dng khng c php. Gii m l qu trnh ngc li ca m ho,tc l bin i vn bn m ho thnh dng c c bi nhng ngi dngc php.
Xc thc(Authentication): L qu trnh ca vic nhn bit mt ngi s dng hay qu trnh truy cp h thng my tnh hoc kt ni mng. Xc thc chc chn rng c nhn hay mt tin trnh l hon ton xc nh Cho php(Authorization): L hot ng kim tra thc th c c php thc hin nhng quyn hn c th no Qun l kho(Key management): Mt kho thng tin, thng l mt dyngu nhin hoc trng ging nh cc s nh phn ngu nhin, c s dng ban u thit lp v thay i mt cch nh k s hot ng trong mt h thng mt m. Qun l kho l s gim st v iu khin tin trnh nh cc kho c to ra, ct gi, bo v, bin i, ti ln, s dng hay loi b. Dch v chng thcCA (Certificate of Authority): Mt dch v m ctin tng gip bo mt qu trnh truyn tin gia cc thc th mng hoc cc ngi dng bng cch to ra v gn cc chng nhn s nh cc chng nhn kho cng cng, cho mc ch m ho. Mt CA m bo cho s lien kt gia cc thnh phn bo mt trong chng nhn. - Cc thut ton c s dng trong m ho thng tin DES (Data Encryption Security) 3DES (Triple Data Encryption Security) SHA (Secure Hash Algorithm) AH ( Authentication Header): La giao thc bo mt gip xc thc d liu, bo m tnh ton vn d liu v cc dch v anti-replay (dch v bo m tnhduy nht ca gi tin). AH c nhng vo trong d liu bo v. ESP (Encapsulation Security Payload): L mt giao thc bo mt cung cp s tin cy d liu, bo m tnh ton vn d liu, v xc thc ngun gc d liu, cc dch v anti-replay. ESP ng gi d liu bo v. Oakley vSkeme mi ci nh ngha mt phng thc thit lp mt s trao i kho xc thc, ci bao gm cu trc ti tin, thng tin m cc ti tin mang, th t m cc kho c s l v cc kho c s dng nh th no. ISAKMP (Internet Security Association and Key Management) IKE (Internet Key Exchange): L giao thc lai m trin khai trao i kha Oakley v trao i kho Skeme bn trong khung ISAKMP (Protocol): L mt
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 121 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
khung giao thc m nh ngha cc nh dng ti tin, cc giao thc trin khai mt giao thc trao i kho v s trao i ca mt SA (Security Association) SA(Security Association): L mt tp cc chnh sch v cc kho c s dng bo v thng tin. ISAKMP SA l cc chnh sch chung v cc kho c s dng bi cc i tng ngang hang m phn trong giao thc ny bo v thng tin ca chng AAA(Authentication, Authorization v Accouting): l cc dch v bo mt mng m cung cp cc khung chnh qua iu khin truy cp c t trn Router hay cc Server truy cp. Hai s la chn chnh cho AAA l TACACS+v RADIUS TACACS+(Terminal Access Controller Access Control System Plus): L mt ng dng bo mt m cung cp s xc thc tp trung ca cc ngi dng c gng truy nhp ti Router hay mng truy cp Server. RADIUS (Remote Authentication Dial-In User Service): L mt h thng phn tn client/server m bo mt cc truy cp khng c php ti mng
mng Edge
Cho d h cung cp trang web, hoc kt ni truy cp t xa Mc bo mt cung cp Lp OSI h th hin vi mng kt ni, chng hn nh lp 2 mch hoc lp 3
Bo mt nh vy ngay c khi giao thng c nh hi , mt k tn cng s Cho php ngi gi xc thc ngn chn ngi dng khng c php truy Tnh ton vn tin nhn pht hin bt k gi mo email truyn
cp VPN
Task Force (IETF), v bc u c pht trin cho IPv6 , trong yu cu n. Giao thc ny da trn cc tiu chun an ninh cng c s dng rng ri vi IPv4 . Layer 2 Tunneling Protocol thng xuyn chy trn IPSec. Thit k ca n p ng hu ht cc mc tiu an ninh: xc thc, tnh ton vn v bo mt. Cc IPSec chc nng thng qua m ha v ng gi mt gi tin IP bn trong mt gi tin IPSec. De-ng gi xy ra cui ng hm, ni m cc gi tin IP ban u c gii m v chuyn tip n ch d nh ca n.
hm giao thng, ging nh trong cc d n OpenVPN , hoc bo m mt kt ni c nhn. Mt s nh cung cp cung cp kh nng VPN truy cp t xa thng qua SSL. Mt SSL VPN c th kt ni t cc a im ni IPSec chy vo rc ri vi dch a ch mng v cc quy tc tng la.
Datagram Transport Layer Security (DTLS), c s dng trong Cisco Microsoft Point-to-Point Encryption (MPPE) lm vic vi Point-to-Point Microsoft Secure Socket Tunneling Protocol (SSTP), c gii thiu
Tunneling Protocol v trong vic trin khai tng thch trn cc nn tng khc.
trong Windows Server 2008 v Windows Vista Service Pack 1. SSTP ng hm Point-to-Point Protocol (PPP) hoc Layer 2 Tunneling Protocol lu lng truy cp thng qua SSL knh 3,0.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 123 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
MPVPN (a ng dn Virtual Private Network). Cng ty Pht trin H thng Secure Shell (SSH) VPN - OpenSSH cung cp VPN ng hm (khc bit
t cng chuyn tip ) m bo cc kt ni t xa vi mt mng hoc lin mng li lin kt. OpenSSH my ch cung cp mt s lng gii hn ca ng hm ng thi cc tnh nng VPN chnh n khng h tr chng thc c nhn.
V. XC THC
Thit b u cui ng hm phi xc thc trc khi an ton ng hm VPN c th c thnh lp. Ngi dng to ra VPN truy cp t xa c th s dng mt khu , sinh trc hc , hai yu t xc thc hoc m ha cc phng php khc . Network-to-mng li ng hm thng s dng mt khu hoc giy chng nhn k thut s , nh thng lu tr cc cha kha cho php cc ng hm thit lp t ng v khng c s can thip t ngi s dng.
ca subnet . Khch hng ni b a ch IP 192.168.1.50 v d. Mt khch hng VPN bnh thng s to ra mt giao din mng o m qua n s gi cc gi tin c m ha cc thit b u cui ng hm khc (thit b u kia ca ng hm). Giao din ny c cc a ch 192.168.1.50.
3. Cc khch hng VPN mong mun giao tip vi my ch cng ty. Cc khch
hng VPN chun b mt gi tin ti 192.168.1.10, m ha n v ng gi n trong mt gi VPN bn ngoi, ni rng mt gi tin IPSec. Gi tin ny sau c gi n my ch VPN qua Internet cng cng. Cc gi tin bn trong c m ha m ngay c nu mt ai ngn chn cc gi d liu qua Internet, h khng th c c bt k thng tin no t n. H ch c th thy rng cc my ch t xa c giao tip vi mt my ch / tng la, nhng khng phi l ni dung thc t ca thng tin lin lc, v c bit l khng thc t cc thng tin lin lc vi my ch cng ty. Cc gi tin c m ha bn trong c a ch ngun 192.168.1.50 v 192.168.1.10 a ch ch. Cc gi tin bn ngoi c a ch ngun 1.2.3.4 v 5.6.7.8 a ch ch.
4. Khi gi tin n my ch VPN t Internet, my ch VPN de-ng gi cc gi
d liu v gii m n. N kim tra v tm thy a ch ch l 192.168.1.10. 5. Cc my ch VPN chuyn tip cc gi tin n my ch nh ti 192.168.1.10.
6. Sau mt thi gian, my ch VPN s nhn c mt gi tin tr li n t
192.168.1.10 v dnh cho 192.168.1.50. Cc my ch VPN t vn ca bng nh tuyn , v nhn thy gi tin ny c dnh cho mt my ch t xa m phi i qua VPN.
7. Cc my ch VPN m ha gi tin tr li ny, ng gi n trong mt gi VPN
v gi n qua Internet. Cc gi tin c m ha bn trong c a ch ngun 192.168.1.10 v 192.168.1.50 a ch ch. VPN bn ngoi gi tin c a ch ngun 5.6.7.8 v 1.2.3.4 a ch ch.
8. Cc my ch t xa nhn c cc gi tin. Cc khch hng VPN de-ng gi
cc gi tin bn trong v gii m n. Gi tin ny sau c thng qua phn mm ph hp ti cc lp trn.Ni chung, n l nh nu my tnh t xa v my ch cng ty l trn cng mt mng 192.168.1.0/24.
125 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
1. REMOTE ACCESS VPN : Remote Access cn c gi l Dial-up ring o (VPDN) l mt kt ni ngi dng n LAN , thng l nhu cu ca mt t chc c nhiu nhn vin cn kin h n mng ring ca cng ty t nhiu a im rt xa. VD: cng ty mun thit lp mt VPN ln n mt nh cung cp dch v doanh nghip (ESP). Doanh nghip ny to ra mt my ch truy cp mng (NAS) v cung cp cho nhng ngi s dng xa mt phn mm my khch cho my tnh ca h. sau , ngi s dng c th gi mt s min ph lin h vi NAS v dng phn mm VPN my khch truy cp vo mng ring ca cng ty. Loi VPN ny cho php cc kt ni an ton, c mt m.
Hnh 2
yu cu kh xa so vi trung tm. - H tr cho nhng ngi c nhim v cu hnh, bo tr v qun l RAS v h tr truy cp t xa bi ngi dng. - Bng vic trin khai Remote Access VPNs, nhng ngi dng t xa hoc cc chi nhnh vn phng ch cn t mt kt ni cc b n nh cung cp dch v ISP hoc ISPs POP v kt ni n ti nguyn thng qua internet. Thng tin Remote Access Setup c m t bi hnh sau:
Hnh 3
trnh kt ni t xa c cc ISP thc hin. cch xa c thay th bi cc kt ni cc b thng qua mng Internet.
tc cao hn so vi cc truy nhp khong cch xa. VPN cung cp kh nng truy nhp tt hn n cc site ca cng ty bi v
chng h tr mc thp nht ca dch v kt ni. + Khuyt im : Mng VPN truy nhp t xa khng h tr cc dch v m bo cht lng Nguy c b mt d liu cao. Hn na, nguy c cc gi c th b phn pht Bi v thut ton m ho phc tp, nn tiu giao thc tng mt cch ng Do phi truyn d liu thng qua internet, nn khi trao i cc d liu ln dch v. khng n ni hoc mt gi. k. Thm vo vic nn d liu IP xy ra chm. th s rt chm.
Hnh 4
+ u im:
- D liu ca bn c M ha v Xc thc cng lc (Hoc ch m ha, ch xc thc ty nhu cu s dng). - C ch trao kha trong IP Sec rt an ton, kch thc kha ln. - a dng trong vic la chn phng thc m ha, xc thc.
+ Hn ch v khuyt im:
1. Do l Tunnel tnh nn a ch IP hai u ca Tunnel cng l IP tnh, vy kh tn tin thu IP nu chng ta c nhiu Site ch khng phi ch 2 Site. 2. Nu Router mt u Tunnel b treo, Tunnel s b gii phng, lc khng truyn d liu gia cc Site c na. 3. Phi xc nh r LAN cn c VPN (Bng Access Control List). V d: Bn cho php 192.168.1.0 ti HN i ti 192.168.2.0 ti HCM th OK. Tuy nhin nu Router 192.168.1.0 ti HN ca bn mun nh tuyn ng vi Router 192.168.2.0 ti HCM th n phi gi ra cc gi tin ti a ch Broadcast hoc Multicast ch khng gi ti c th 192.168.2.0, do vi phm qui tc VPN c cho php bi Access Control List. Ni tm li, chng ta khng th qung b cc gi tin cp nht nh tuyn ng qua Tunnel VPN Site-to-Site Over IP Sec c. 4. Khi c t hai chi nhnh tr ln trong t chc, vic truyn d liu khng cn ch xy ra gi tr s v chi nhnh m cn xy ra gia tt c cc chi nhnh vi nhau. Vi bn cht "tnh" ca VPN Site-to-Site Over IP Sec, chng ta phi thit lp kt ni Tunnel theo kiu Full Mesh (Mt-ni-Tt c), ngha l bn cu hnh to ra [n.(n-1)]/2 Tunnel, l cha k mi Tunnel u phi cu hnh c hai pha, chnh v vy rt mt thi gian.
Nhng VPN ny vn cung cp nhng c tnh ca mng WAN nh kh nng m rng, tnh tin cy v h tr cho nhiu kiu giao thc khc nhau vi chi ph thp nhng vn m bo tnh mm do. Kiu VPN ny thng c cu hnh nh l mt VPN Site- to- Site.
Hnh 5 Nhng u im ca mng VPN cc b : -Cc mng li cc b hay ton b c th c thit lp (vi iu kin mng thng qua mt hay nhiu nh cung cp dch v). -Gim c s nhn vin k thut h tr trn mng i vi nhng ni xa. -Bi v nhng kt ni trung gian c thc hin thng qua mng Internet, nn n c th d dng thit lp thm mt lin kt ngang cp mi. -Tit kim chi ph thu c t nhng li ch t c bng cch s dng ng ngm VPN thng qua Internet kt hp vi cng ngh chuyn mch tc cao. V d nh cng ngh Frame Relay, ATM.
Cc nhc im i cng: Kh nng b mt gi khi truyn d liu vn rt cao. Trong trng hp truyn ti cc d liu a phng tin th gy qu ti,
- Bi v d liu c truyn ngm qua mng cng cng mng Internet cho nn vn cn nhng mi e da v mc bo mt d liu v mc cht lng dch v (QoS).
Hnh 6 Cc VPN m rng cung cp mt ng hm bo mt gia cc khch hng, cc nh cung cp v cc i tc qua mt c s h tng cng cng. Kiu VPN ny s dng cc kt ni lun lun c bo mt v c cu hnh nh mt VPN Siteto Site. S khc nhau gia mt VPN cc b v mt VPN m rng l s truy cp mng c cng nhn mt trong hai u cui ca VPN. Nhng u im chnh ca mng VPN m rng: - Chi ph cho mng VPN m rng thp hn rt nhiu so vi mng truyn thng. - D dng thit lp, bo tr v d dng thay i i vi mng ang hot ng.
- V mng VPN m rng c xy dng da trn mng Internet nn c nhiu c hi trong vic cung cp dch v v chn la gii php ph hp vi cc nhu cu ca mi cng ty hn. - Bi v cc kt ni Internet c nh cung cp dch v Internet bo tr, nn gim c s lng nhn vin k thut h tr mng, do vy gim c chi ph vn hnh ca ton mng. Bn cnh nhng u im trn gii php mng VPN m rng cng cn nhng nhc im i cng nh: - Kh nng bo mt thng tin, mt d liu trong khi truyn qua mng cng cng vn tn ti. - Truyn dn khi lng ln d liu, nh l a phng tin, vi yu cu truyn dn tc cao v m bo thi gian thc, l thch thc ln trong mi trng Internet. - Lm tng kh nng ri ro i vi cc mng cc b ca cng ty.
5.1 An ton v tin cy. S an ton ca h thng my tnh l mt b phn ca kh nng bo tr mt h thng ng tin cy c. Thuc tnh ny ca mt h thng c vin dn nh s ng tin cy c. C 4 yu t nh hng n mt h thng ng tin cy:
Tnh sn sang: Kh nng sn sang phc v, p ng yu cu trong khon thi
gian. Tnh sn sang thng c thc hin qua nhng h thng phn cng d phng.
S tin cy: N nh ngha xc xut ca h thng thc hin cc chc nng ca
n trong mt chu k thi gian. S tin cy khc vi tnh sn sang , n c o trong c mt chu k ca thi gian. Ntng ng ti tnh lin tc ca mt dch v.
S an ton: N ch bo hiu mt h thng thc hin nhng chc nng ca n
chnh xc hoc thc hin trong trng hp tht bi mt ng x khng thit hi no xut hin.
S an ninh: Trong trng hp ny s an ninh c ngha nh mt s bo v tt c
cc ti nguyn h thng. Mt h thng my tnh ng tin cy mc cao nht l lun m bo an ton bt k thi gian no. N m bo khng mt s v chm no m khng cnh bo thng tin c cm gic, lu tm n d liu c cm gic c 2 kha cnh xem xt:
-
Thut ng tnh bo mt nh c xc nh c ngha rng d liu khng thay i trong mt ng x khng hp php trong thi gian tn ti ca n. Tnh sn sang, s an ton v anh ninh l nhng thnh phn ph thuc ln nhau. S an ninh bo v h thng khi nhng mi e do v s tn cng. N m bo mt h thng an ton lun sn sang v ng tin cy. 5.2 Hnh thc an ton C 3 kiu khc nhau ca s an ton:
S an ton phn cng S an ton thng tin S an ton qun tr
Nhng mi e do v tn cng c lin quan ti phn cng ca h thng. N c th c phn ra vo 2 phm tr:
S an ton vt l bo v phn cng trong h thng khi nhng mi e do vt l bn ngoi nh s can thip, mt cp thng tin, ng t v nc lm ngp lt. Tt c nhng thng tin nhy cm trong nhng ti nguyn phn cng ca h thng cn s bo v chng li tt c nhng s bo v ny. An ton thng tin: Lin quan n tnh d b tn thng trong phn mm, phn cng v s kt hp ca phn cng v phn mm. N c th c chia vo s an ton v truyn thng my tnh. S an ton my tnh bao trm vic bo v ca cc i tng chng li s phi by v s d b tn thng ca h thng, bao gm cc c ch iu khin truy nhp, cc c ch iu khin bt buc chnh sch an ton, c ch phn cng, k thut m ho S an ton truyn thng bo v i tng truyn. An ton qun tr: An ton qun tr lin quan n tt c cc mi e do m con ngi li dng ti mt h thng my tnh. Nhng mi e do ny c th l hot ng nhn s. S an ton nhn s bao bao trm vic bo v ca nhng i tng chng li s tn cng t nhng ngi dng u quyn. Mi ngi dng ca h thng c nhng c quyn truy nhp nhng ti nguyn nht nh. S an ton nhn s cha ng nhng c ch bo v chng li nhng ngi dng c tnh tm kim c nhng c quyn cao hn hoc lm dng nhng c quyn ca h, cho nn s gio dc nhn thc rt quan trng n thc s l mt c ch bo v s an ton h thng. Thng k cho thy nhng ngi dng u quyn c t l e do cao hn cho mt h thng my tnh so vi t bn ngoi tn cng. Nhng thng tin c thng k cho thy ch c 10% catt c cc nguy hi my
tnh c thc hin t bn ngoi h thng, trong khi cn 40% l bi nhng ngi dng trong cuc v khong 50% l bi ngi lm thu c.
Tu theo tng lp ng dng c th m mi giao thc u c u v nhcim khc nhau khi trin khai vo mng VPN.
1. Cu trc bo mt
IPSec c trin khai (1) s dng cc giao thc cung cp mt m (cryptographic protocols) nhm bo mt gi tin (packet) trong qu trnh truyn,(2) phng thc xc thc v (3) thit lp cc thng s m ho. Xy dng khi nim v bo mt trn nn tng IP. Mt s kt hp bo mt n gin khi kt hp cc thut ton v cc thng s (v d nh cc kho-keys) l nn tng trong vic m ho v xc thc trong mt chiu. Tuy nhin trong ccgiao tip hai chiu, cc giao thc bo mt s lm vic vi nhau v p ng qu trnh giao tip. Thc t la chn cc thut ton m ho v xc thc li
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 137 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
ph thuc vo ngi qun tr IPSec bi v IPSec bao gm mt nhm cc giao thc bo mt p ng m ho v xc thc cho mi gi tin IP. Trong cc bc thc hin phi quyt nh ci g cn bo v v cung cp cho mt gi tin outgoing (i ra ngoi), IPSec s dng cc thng s Security Parameter Index (SPI), mi qu trnh Index ( nh th t v lu trong d liu Index v nh mt cun danh b in thoi) bao gm Security AssociationDatabase (SADB), theo sut chiu di ca a ch ch trong header ca gi tin, cng vi s nhn dng duy nht ca mt tho hip bo mt cho mi gi tin. Mt qu trnh tng t cng c lm vi gi tin i vo (incoming packet), ni IPSec thc hin qu trnh gii m v kim tra cc kho t SADB. Cho cc gi multicast, mt tho hip bo mt s cung cp cho mt group, v thc hin cho ton b cc receiver trong group . C th c hn mt tho hip bo mt cho mt group, bng cch s dng cc SPI khc nhau, tuy nhin n cng cho php thc hin nhiu mc bo mt cho mt group. Mi ngi gi c th c nhiu tho hip bo mt, cho php xc thc, trong khi ngi nhn ch bit c cc keys c gi i trong d liu. Ch cc chun khng miu t lm th no cc tho hip v la chn vic nhn bn t group ti cc c nhn.
2. Hin trng
IPSec l mt phn bt buc ca IPv6, c th c la chn khi s dng IPv4. Trong khi cc chun c thit k cho cc phin bn IP ging nhau, ph bin hin nay l p dng v trin khai trn nn tng IPv4. Cc giao thc IPSec c nh ngha t RFCs 1825 -1829, v c ph bin nm 1995. Nm 1998, c nng cp vi cc phin bn RFC 2401-2412, n khng tng thch vi chun 1825-1829. Trong thng 12 nm 2005, th h th 3 ca chun IPSec, RFC 4301-4309. Cng khng khc nhiu so vi chun RFC2401-2412 nhng th h mi c cung cp chun IKE second. Trong th h mi ny IP security cng c vit tt li l IPSec.
3. Ch lm vic ca IPSec
3.1 Ch chuyn vn (Transport mode) Ch ny h tr truyn thng tin gia cc my hoc gia my ch vi my khc m khng c s can thip no ca cc gateway lm nhim v an ninh mng.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 138 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Trong Transport mode ch nhng d liu bn giao tip cc gi tin c m ho v hoc xc thc. Trong qu trnh Routing c IP header u khng b chnh sa hay m ho; tuy nhin khi authenticationheader c s dng a ch IP khng th chnh sa ( v d nh port number). Transport mode s dng trong tnh hung giao tip host-to-host. iu ny c ngha l ng gi cc thng tin trong IPSec cho NAT traversal c nh ngha bi cc thng tin trong ti liu ca RFC bi NAT-T. 3.2 Ch ng hm ( Tunnel Mode ): Ch ny h tr kh nng truy nhp t xa v lin kt an ton cc Website. Ch chuyn vn s dng AH v ESP i vi phn ca tng chuyn vn trong mt gi tin IP. Phn d liu thc ca giao thc IP ny l phn duy nht c bo v trong ton gi tin. Phn header ca gi tin IP vi a ch ca im truyn v im nhn khng bo v. Khi p dng c AH v ESP th AH c p dng sau tnh ra tnh ton vn ca d liu trn tng lng d liu. Mt khc ch ng hm cho php m ho v tip nhn i vi ton b gi tin IP. Cc cng bo mt s dng ch ny cung cp cc dch v bo mt thay cho ccthc th khc trn mng. Cc im truyn thng u cui c bo v bn trong cc gi tin IP n trong khi cc im cui m ho li c lu trong cc gi tin IP truyn i. Mt gateway bo mt thc hin phn tch gi tin IP n cho im nhn cui cng sau khi IPSec hon thnh vic s l ca mnh. Trong ch ng hm, a ch IP ca im n c bo v. Trong ch ng hm, c mt phn header IP ph c thm vo, cn trong ch chuyn vn th khng c iu ny. IPSec nh ra ch ng hm p dng cho AH v ESP. Khi host 1 mun giao tip vi host 2, n c th s dng ch ng hm cho php cc gateway bo mt c th cung cp cc dch v m bo an ton cho vic lin lc gia hai nt mng trn mng cng cng. IPSec cho php ch bo mt theo nhiu lp v theo nhiu tuyn truyn.Trong , phn header ca gi tin ni ti c hon ton bao bc bi phn header ca gi tin c pht i. Tuy vy, phi c mt iu kin l cc tuyn truyn khng c gi chng ln nhau. i vi vic s l lung d liu truyn i, tng IP s tham chiu n SPD (Security Policy Database ) quyt nh cc dch v bo mt cn p dng.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 139 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Cc b chn lc c ly ra t cc phn header s dng ch ra mt cch thc hot ng cho SPD. Nu hot ng ca SPD l p dng tnh nng bo mt th s c mt con tr, tr n SA trong SADB ( Security AssociationDatabase ) c tr v. Trng hp SA khng c trong SADB th IKE s c kch hot. Sau cc phn header AH v ESP c b xung theo cch m SA nh ra v gi tin s c truyn i. Vi vic s l lung d liu gi n, sau khi nhn c mt gi tin, tng c nhim v bo mt s kim tra danh mc cc phng thc bo mt a racc hnh ng sau y: hu b, b qua hoc p dng. Nu hnh ng l p dng m SA khng tn ti th gi tin s b b qua. Tuy nhin, nu SA c trong SADB th gi tin s c chuyn n tng tip theo x l. Nu gi tin c cha cc phn header ca dch v IPSec th stack ca IPSec s thu nhn gi tin ny v thc hin s l. Trong qu trnh s l, IPSec ly ra phn SPI, phn a ch ngun v a ch ch ca gi tin. ng thi, SADB c nh s theo cc tham s chn ra SA nht nh s dng: SPT, a ch ch hoc l giao thc.
Hnh 1 + IPSec cho php thit lp cc mi truyn thng ring bit v m bo tnh b mt trn mng internet m khng cn bit n cc ng dng ang chy trn my hay cc giao thc tng cao hn nh tng vn chuyn( Transport layer).
Hnh 2 + IPSec l b giao thc c kh nng thm nh d liu c hai pha ngi gi vngi nhn, m bo tnh b mt v ton vn d liu bng cch m ho chngthc. IPSec c kh nng thch ng vi tt c cc trnh ng dng chy trn mng IP. + IPSec hot ng hiu qu v nhanh hn cc ng dng bo mt hot ng tng ng dng ( Application layer).
Hnh 3
+ IPSec c th c coi nh l mt lp di ca giao thc TCP/IP, lp ny kim sot cc ngi dng truy nhp da vo mt chnh sch an ton v mi my tnh v mt t chc m phn an ninh gia ngi gi v ngi nhn.
II. Giao thc ng gi an ton ESP( Encapsulation SecurityPayload):
L giao thc s 50 c gn bi IANA. ESP l mt giao thc bo mt c th c s dng cho vic cung cp tnh bo mt v xc thc cc gi d liu khi s nhm ng ca ngi dng khng c php. ESP cung cp phn ti tin ca gi d liu, ESPcung cp s xc thc cho gi tin IP ni b v phn tiu ESP. S xc thc cung cp s xc thc v ngun gc v tnh ton vn ca gi d liu. ESP l giao thc h tr v kiu m ho i xng nh: Blowfish, DES. Thut ton m ho d liu mc nh s dng trong IPSec l thut ton DES 56 bit. Trong cc sn phm v thit b mng ca Cisco dng trong VPN cn s dng vic m ho d liu tt hn bng cch s dng thut ton 3DES( Triple DataEncryption Security ) 128 bit. + Giao thc ESP c th c s dng c lp hoc kt hp vi giao thc chng thc u mc AH ( Authentication Header ) tu thuc vo tng mi trng. Hai giao thc ESP v AH u cung cp tnh ton vn, xc thc cc gi d liu. + Giao thc ESP cng c th bo v c tnh duy nht ca gi tin bng cch yu cu bn nhn t bit replay trong tiu ch ra rng gi tin c gi.
III. Giao thc chng thc mc u AH ( Authentication Header Protocol).
Trong h thng IPSec c mt u mc c bit: u mc chng thc AHc thit k cung cp hu ht dch v chng thc cho d liu IP. - Vi IP v4:
Hnh 4
142 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Vi IPv6:
Hnh 5
IV. Giao thc trao i cha kho Inernet ( IKE ):
AH v ESP l nhng giao thc m IPSec yu cu nhng b mt dng chung trong vic phn phi kho, do cc cha kho c th mt cp khi trao i qua li. Do mt c ch trao i cha kho an ton cho IPSec phi tho mn yu cu sau:
1) Khng ph thuc vo cc thut ton c bit. 2) Khng ph thuc vo mt nghi thc trao i kho c bit, 3) S chng thc ca nhng thc th qun l kho 4) Thit lp cc SA trn cc tuyn giao thng khng an ton. 5) S dng hiu qu cc ngun ti nguyn.
Giao thc IKE da trn khung ca Hip hi qun l cha kha trn Internet v giao thc phn phi kho Oakley. Giao thc IKE c cc c tnh sau: + Cc cha kho pht sinh v nhng th tc nhn bit. + T ng lm mi li cha kho + Gii quyt vn mt kho. + Mi mt giao thc an ton ( AH, ESP ) c mt khng gian ch s an ton ca chnh mnh + Gn sn s bo v. + Chng li cc cuc tn cng lm nghn mch ti nguyn nh: Tn cng t chi dch v DoS ( Denial- of- Service ). + Tip cn hai giai on Thit lp nhng SA cho kho trao i. Thit lp SA cho d liu chuyn.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 143 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
+ S dng ch k s. + Dng chung kho. Giao thc IKE thit k ra cung cp 5 kh nng:
Cung cp nhng phng tin cho hai bn v s ng nhng m bo trao i kho n ng ngi dng. Qun l nhng cha kho sau khi c chp nhn. m bo rng s iu khin v trao i kho an ton. Cho php s chng thc ng gia cc i tng ngang hang.
thit lp mt hip hi kho IKE bt u t mt im, ch nh hay cng vo an ton mt Intranet tp on, ta cn thit k 4 khon.
Mt gii thut m ho d liu. Mt gii thut hm bm gim bt d liu trn. Mt phng php chng thc d liu. Thng tin v nhm ngi dng khi trao i Diffie-Hellman
Trc khi IPSec gi xc nhn hoc m ho d liu IP, gia hai ngi gi v ngi nhn phi thng nht v gii thut m ho v cha kho m ho hoc nhng cha kho s dng. IPSec s dng giao thc IKE t thit lp nhng giao thc m phn v nhng cha kho m ho, thut ton s dng. Giao thc IKE cung cp s chng thc s cp: vic xc minh s nhn bit cc h thng t xa trc khi bn bc, thng lng v cha kho v gii thut. Giao thc IKE l giao thc lai ghp ca 3 giao thc: ISAKMP ( InternetSecurity Association and Key Management Protocol ), Oakley, SKEME. Giao thc ISAKMP cung cp mt khung cho s trao i chng thc v cha kho. Giao thc Oakley m t nhng kiu trao i cha kho. Giao thc SKEME inh ngha k thut trao i cha kho. Trong ISAKMP c hai knh thnh lp SA ( Security Association - Hip hi an ton ). Giao thc IKE c hai lung chung:
ISAKMP thc hin ln mt ( kiu chnh): m phn thit lp Hip hi an ton ISAKMP, mt knh an ton truyn thng t xa hn na cho IKE, hai h thng pht sinh mt cha kho dng chung Diffie-Ellman. Xc minh nhn bit h thng t xa ( Chng thc s cp ).
Hnh 6: S hnh thnh kho dng chung Diffie-Hellman ISAKMP thc hin ln 2 ( Kiu nhanh). S dng knh truyn thng an ton ca ISAKMP SA cho s m ho IPSec AH hoc ESP
Hnh 7: Thit lp SA
+ S chng thc s cp IKE ( IKE Primary Authentication ):IKE phi xc nhn nhng h thng s dng thut ton Diffie-Hellman, qui trnh ny c gi l chng thc s cp. IKE c th s dng hai phng php chng thc s cp: Ch k s ( Digital Signatures). Kho dng chung ( Pre-shared keys) Ch k s v s m ho cha kho cng cng l c s v s m ho cha kho bt i xng v yu cu mt c ch phn phi nhng cha kho cng cng. S chng thc ch k s ( IKE Digital Signature Authentication ):Mt ch k s tng t nh mt gi tr hm bm cha kho i xng. S khc nhau gia chng l ch c mt ngi nm gi cha kho ring mi c th pht sinh ra ch k s, trong khi mi ngi gi cha kho i xng c th pht sinh mt gi tr hm bm cha kho i xng, S chng thc kho dng chung ( IKE Pre-Shared KeyAuthentication ): Vi s chng thc kho dng, gia ngi gi v ngi nhn phi trao i bng tay v nh hnh mt cha kho dng chung i xng. Kho dng chung ch c s dng chng thc s cp.
Hnh 8
Hnh 9
PPTP ch h tr IP, IPX, NetBIOS, NetBEUI, PPTP khng lm thay i PPP m n ch l gii php mi, mt cch to ng hm trong vic chuyn ch giao thng PPP.
Hnh 10
Hnh 11
2. Quan h gia PPTP v PPP PPP tr thnh giao thc quay s truy cp Internet v cc mng TCP/IPrt ph bin hin nay. Giao thc ny lm vic lp th 2 trong m hnh OSI.PPP bao gm cc phng php ng gi cho cc loi gi d liu khc nhau truyn ni tip. PPTP da trn PPP to ra cc kt ni quay s gia khch hng v my ch truy cp mng. PPTP da trn PPP thc thi cc chc nng. Thit lp v kt thc kt ni vt l. Xc thc cc ngi dng. To ra gi d liu PPP. Sau khi PPP thit lp kt ni, PPTP s dng cc quy lut ng gi ca PPP ng gi cc gi truyn trong ng hm nh di y:
Hnh 12
tn dng u im ca kt ni to ra bi PPP, PPTP nh ngha hai loi gi: Gi iu khin v gi d liu ri gn chng vo hai knh ring. Sau , PPTP phn tch cc knh iu khin v knh d liu thnh lung diu khin vi giao thc TCP v lung d liu vi giao thc IP. Kt ni TCP c to ra gia client PPTP vi my ch PPTP c s dng chuyn thng bo iu khin. Sau khi ng hm c thit lp th d liu c truyn t client sang my ch PPTP cha cc gi d liu IP. Gi d liu IP c ng gi tiu nh hnh sau:
Hnh 13 Khi ng gi n c s dng s ID ca host cho iu khin truy cp. ACK cho gim st tc truyn d liu trong ng hm PPTP cng c c ch iu khin tc nhm gii hn s lng d liu truyni. Ch ny lm gim ti thiu kch thc d liu phi truyn li do mt gi.
PPTP cho php ngi dng v cc ISP c th to ra nhiu loi ng hm khc nhau. Ngi dng c th ch nh im kt thc ca ng hm ngay ti my tnh ca mnh nu nh c ci client PPTP, hay ti my ch ISP nu nh my tnh ca h ch c PPP m khng c PPTP. ng hm c chia ra lm hai loi: ng hm t nguyn c to ra theo yu cu ca ngi dngcho mc ch xc nh. ng hm bt buc c to ra khng thng qua ngi dng chonn n trong sut i vi ngi dng u cui.
Hnh 14
Hnh 15
L2F s dng giao thc PPP cho s chng thc khch hng nh giao thc PPTP, tuy nhin L2F cn h tr chng thc ngi dng quay s t xa RADIUS( Remote Authentication Dial-up User Service ) v h thng iu khin gim st u cui TACACS+ ( Terminal Access Controller Access Control System ). S chng thc L2F th hin hai mc: u tin khi ngi dng t xa kt ni ti nh cung cp dch v ISP qua giao thc bu in POP sau kt ni c chuyn ti cng vo mng Intranet ca t chc. L2F chuyn nhng gi d liu xuyn qua mt ng hm ring o gia hai u cui ca mt kt ni im ti im, L2F lm iu ny ti giao thc.
151 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
L2F l mt lp hai giao thc cho nn L2F c th s dng cho nhng giao thc khc IP nh: IPX, NetBEUIVi giao thc L2F, mt s an ton y gia hai u im cui VPN cth c to ra v s dng, n l mt gii php bin i c v ng tin cy. 1. Giao thc nh ng hm lp 2 (Layer 2 Tunneling Protocol) L2TP l mt k thut ny sinh cung cp mt kt ni t xa ti mt Intranet tp on hay t chc. L2TP l giao thc c pht trin ho trn gia hai giao thc PPTP v L2F
Hnh 16 L2TP cung cp mt k thut xy dng cho mt kt ni ng hm qua giao thc im ti im PPP. ng hm c th v u c to ra gia ngi dng t xa ti nh cung cp dch v.
Hnh 17
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 152 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Giao thc L2TP khng nhng cung cp cc kt ni t xa ca ngi dng trong mt mng ring o VPN m cn c th h tr cc giao thng a th tc, l tt c cc giao thc lp mng h tr bi giao thc PPP ng tin cy. Hn na, L2TP cung cp s h tr cho bt k s nh v cho bt k lp mng no ln s kt ni qua Internet. 2. Quan h gia L2TP vi PPP Giao thc nh ng hm lp 2, L2TP l s kt hp gia hai giao thc l PPTP v L2F. Ging nh PPTP, L2F l giao thc ng hm, n s dng tiu ng gi ring cho vic truyn cc gi lp 2. im khc bit gia PPTP v L2F l L2F khng ph thuc vo IP v GRE. Cho php n c th lm vic cc mi trng vt l khc. L2TP mang c tnh ca PPTP v L2F. Tuy nhin, L2TP nh ngha ring mt giao thc ng hm da trn hot ng caL2F. L2TP da trn PPP to kt ni quay s gia client v my ch truy cp mng ( NAS ). L2TP s dng PPP to kt ni vt l, tin hnh xc thc u,to gi d liu PPP v ng kt ni khi kt thc phin lm vic. L2TP c th to nhiu ng hm gia ISP v cc my ch mng client.
Thng bo iu khin Thng bo d liu Cng tng t nh PPP, sau khi ng hm c thit lp th d liu c truyn t client sang my ch PPTP cha cc gi d liu IP. Gi d liu IP c ng gi tiu nh hnh sau.
Hnh 19 L2TP cng s dng nhng lp ng hm nh PPTP. ng hm t nguyn: To theo yu cu ca ngi dng ng hm bt buc: c to t ng ( Ngi dng khng cla chn ). 3. Tng quan giao thc inh ng hm lp 2 ( L2TP Overview). Giao thc L2TP c th h tr s truy cp mng LAN t xa s dng bt k giao thc lp mng no c h tr bi giao thc PPP qua cc phin ng hm v ci trc tip c qun l bi vic kt thc kt ni PPP trong s truy nhp cng vo mng Intranet ca mt t chc hay mt tp on.
Hnh 20
Trong giao thc L2TP c mt s phn t tham gia vo vic thit lp ng hm: L2TP Access Concentrator (LAC): B tp trung truy nhp giao thc. B tp trung truy nhp LAC c inh v ti nh cung cp dch v ISP qua giao thc POP cung cp cc kt ni vt l ca ngi dng t xa. Trong LAC phng tin truyn thng vt l c kt thc v n c th c ni ti mng in thoi chuyn mch cng cng PSTN hoc mng s tch hp a dch v ISDN. Qua b tp trung LAC ny, ngi ta c th thit lp kt ni ng hm L2TP qua b nh tuyn LAC router ti ngi dng u cui ni ng hm c kt thc. L2TP Network Server ( LNS): My ch phc v L2TPLNS tip nhn cc phin kt ni ca ngi dng t xa, ch c mt kt ni n c s dng trn LNS kt thc cc knh kt ni gi n t nhng ngi dng t xa t cc phng tin truyn thng khc nhau nh ISDN, V120 B tp trung a truy nhp cng c th c s dng nh LNS khi n c s dng nh cng vo truy nhp Intranet tp on. Network Access Server (NAS): My ch truy cp mng
155 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
NAS l mt thit b truy nhp t im ti im p ng nhng yu cu truy nhp ca ngi dng t xa qua ISDN hay PSTN. NAS thnh lp v iu khin cc phin hp v ng hm. + Ngi dng t xa bt u mt kt ni PPP ti NAS + NAS chp nhn cuc gi + S chng thc ngi dng u cui c my ch u nhim cho php ti NAS + Ngi dng u cui thit lp kt ni vi LNS to ra ng hm ti Intranet tp on. Cc phin kt ni c LAC qun l v cc gi d liu c gi qua ng hm LAC LNS, mi LAC v LNS theo di tnh trng cc kt ni ca ngi dng.
Hnh 21
+ Ngi dng t xa cng c xc nhn bi my ch chng thc ca cng ra vo LNS trc khi c chp nhn kt ni ng hm. + LNS chp nhn kt ni v thit lp ng hm L2TP v NAS chng thc. + LNS trao i vi ngi dng t xa qua giao thc PPP.L2PT c th h tr cc hm sau: Thit lp ng hm ca ngi dng n quay s trong nhngkhch hang S xuyn ng hm bng cc chng trnh chuyn vn nh. u vo ca mt kt ni gi ti LNS t LAC. Thit lp a ng hm. U nhim chng thc cho PAP v CHAP
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 156 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
S chng thc im cui ca ng hm. Che du cp thuc tnh truyn mt mt khu PAP u nhim. S xuyn ng hm s dng mt lookup table. S xuyn ng hm s dng tn lookup ngi dng PPP trong h thng AAA. Nhng kiu ng hm L2TP: Nhng ng hm L2TP bt buc: Vi kiu ng hm L2TP bt buc ny th ng hm L2TP c thit lp gia LAC, nh cungcp dch v ISP v mt LNS ti mng Intranet ca tp on.
Hnh 22
Mt ng hm bt buc c thit lp nh sau: Ngi dng t xa bt u mt kt ni PPP ti nh cung cp dchv ISP Nh cung cp dch v ISP chp nhn kt ni v mi lin kt PPP c thnh lp ISP thit lp mt ng hm L2TP ti LNS, nu LNS chp nhn kt ni th LAC ng gi PPP vi L2TP v chuyn vo ng hm, LNS chp nhn khung ny, tc b L2TP v s l u voPPP. LNS s dng chng thc lm cho c hiu lc vi ngi dng sau gn a ch IP
Hnh 24: S dng IPSec bo v L2TP trong ng hm bt buc gia ngidng t xa vi mt cng vo tp on
Hnh 25
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 158 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Hnh 26 L2TP l mt th h giao thc quay s truy cp mi ca VPN. N phi hp nhng c im tt nht ca PPTP v L2F. Hu ht cc nh cung cp sn phm PPTP u a ra cc sn phm tng thch L2TP hoc gii thiu sau ny. Mc d n chy ch yu trn mng IP nhng n cng khng c kh nng chy trn mng Frame Relay, ATM iu ny cng lm cho n cng tr nn ph bin.
PPTP kt ni s dng MPPE, mi chui mt m l mt c bn trnRSA RC-4 thut ton m ho s dng 40, 56, hoc 128 bit cc kho m ho. Chui mt m m ho d liu nh mt bit cc chui kt ni L2TP\IPSec s dng DES, ci no l mt khi mt m m s dng hoc mt kho 56 bit cho DES, hoc 3 kho 56 bit cho 3DES. Cc khi mt m m ho d liu trong cc khi ring bit( cc khi 64 bit, trong trng hp ca DES). Cc kt ni PPTP yu cu ch s dng mc chng thc qua mt giao thc chng thc PPP c bn. Cc kt ni L2TP\IPSec yu cu nh s dng mc chng thc v thm mc my tnh chng thc s dng my tnh cp chng nhn.
1. u im ca L2TP.
Sau y l nhng thun li s dng L2TP\IPSec hn PPTP trong Windows 2000: IPSec cung cp cho mi gi d liu chng thc ( Chng minh d liu c gi bi ngi dng cho php), ton ven d liu(Chng minh l d liu khng b sa i trong qu trnh truyn ), replay protection ( Ngn cn t vic gi li mt chui cacc gi ly c ), v d liu tin cy ( Ngn cn t vic phin dch cc gi ly c vi ngoi cc kho m ho). Bi tri ngc, PPP cung cp ch cho mi gi d liu tin cy. Cc kt ni L2TP/IPSec cung cp chng thc chc chn bng yucu c hai chng thc mc my tnh qua giy chng nhn v mc chng thc ngi dng qua mt giao thc chng thc PPP. Cc gi PPP thay i trong thi gian mc chng thc ngi dng l khng bao gi gi dng khng phi bng m v kt ni PPP x l cho L2TP/IPSec xut hin sau khi IPSec lin kt bo mt (SAs) c thit lp. Nu chc, xc thc PPP thay i mt vi kiu ca cc giao thc xc thc PPP c th s dng thc thi cc tn cng t in ngoi tuyn v quyt nh s dng cc mt khu. Bi m ho thay i xc thc PPP, cc tn cng t in ngoi tuyn l ch c th thc hin c sau khi cc gi m ho hon thnh gii m.
2. u im ca PPTP
Sau y l nhng thun li ca PPTP hn L2TP/ IPSec trong Windows2000. PPTP khng yu cu mt chng nhn c s h tng. L2TP/IPSec yu cu mt chng nhn c s h tng a ra cc chng nhn my tnh ti my ch VPN v tt c cc my khch. PPTP c th s dng bng cc my tnh chy Windows XP,Windows 2000 vi mng Windows quay s thc thi v cp nht bo mt. L2TP/IPSec c th ch s dng vi Windows XP vWindows 2000 cc my khch VPN. Ch cc khch h tr giaothc L2TP/IPSec, v s dng cc chng nhn. Cc my khch v cc my ch PPTP c th t gia mt my truyn a ch mng (NAT) nu NAT c my ph trch thch hp cho giao thng PPTP. Cc my khch hoc my ch L2TP/IPSecc bn khng th t gia mt NAT unnless c hai h tr IPSec NAT traversal (NAT-T). IPSec NAT-T l h tr bi WindowsServer 2003.
Thut ton m ho DES c IBM pht trin vo nhng nm 1970 sau c U ban tiu chun Quc gia Hoa K (The National Bureau of Standard). Ngy nay l NIST chp nhn ngy 15-5-1973. DES tr thnh chun m hod liu chnh thc cho Chnh ph Hoa K v nm 1977 v tr thnh h mt c s dng rng ri nht trn th gii.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 162 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Thut ton m ho DES c th tho mn cc yu cu sau: Thut ton phi c an ton cao. Thut ton phi c nh ngha y v hon ton d hiu. an ton phi nm kha, khng ph thuc vo tnh b mt cathut ton. Thut ton phi sn sng cung cp cho mi ngi dng. Thut ton phi thch nghi c vi vic dng cho cc ng dng khc nhau. Thut ton phi c ci t c mt cch tit kim trong ccthit b in t. Thut ton khi s dng phi pht huy ti a hiu qu. Thut ton phi c kh nng hp thc ho. Thut ton phi c tnh thng mi.
1. M T DES
Mt m t y v DES c nu ra trong Cng bo v chun x l thng tin Lin bang s 46 ngy 15-1-1977. DES m ho mt dng bit r x c di 64 vi kho K l dng 56 bit, a ra bn m y cng l mt dy bit c di 64.
Cho bn r x, ta tnh c x0 qua vic hon v cc bt ca x theo hon v u IP: X0 = IP(x) = L0R0 L0 l 32 bit u tin ca X0, R0 l 32bit cn li v IP l hon v u c nh
Lp 16 vng: 1 i 16
L i = Ri 1 Ri = Li 1 f(Ri 1, k); Du th hin php ton hoc loi tr hai dy bit, f l mt hm, Ki l nhng dy di 48 bit c to t kho k bi thut ton ring. Bn m y c tnh ton bi hon v IP-1 ca R16L16, ch o ngc v tr ca L16v R 16 Y= IP-1(R 16L16)
Hnh 2 Cc mu hot ng ca DES: nh ta thy, u vo ca DES ch c 8 byte, vy m vn bn cn m li c th rt di, c vi kbyte chng hn. gii quyt vn ny, ngi ta ra 4 mu hot ng cho DES l: Electronic Code Book mode (ECB). Cippher Feed Back mode (CFB). Cipher Block Chaining mode (CBC). Output Feed Back mode (OFB).
2. u v nhc im ca DES
- u im: Thut ton m ho DES tc m ho d liu rt nhanh. - Nhc im: Do DES c kch c ca khng gian kho 256 l qu nh, khng an ton, cho nn nhng my c mc ch c bit c th s b gy v d ra kho rt nhanh. 3. ng dng ca thut ton DES trong thc t. Mt ng dng rt quan trng ca DES l ng dng cho cc vn bn trong giao dch ngn hang s dng cc tiu chun c hip hi cc ngn hang M pht trin. DES c s dng m ho cc s nhn dng c nhn (Pins) v cc vn bn v ti khon c my thu ngn t ng thc hin (ATMs)
Thut ton m ho 3DES l mt bin th ph ca DES, nh ta bit DES vn tn ti nhiu nhc im nh: C th b gy bng nhng my c mc ch c bit tm ra kha.
1. M t 3DES.
Thut ton m ho 3DES gm 3 cha kho 64 bit, tc l ton b chiu di kho l 192 bit. Trong khi m ho ring t, chng ta n gin l nhp ton b 192 bit kho n l vo mi 3 cha kho c nhn.
Hnh 3 Th tc m ho cng tng t DES nhng n c lp li 3 ln tc l tng ln 3 ln DES. D liu c m ho vi cha kho u tin, v c gii m vi cha kho 2, sau m ho ln na vi cha kho th 3 thu c d liu m ho cui cng. + Cc mu hot ng ca 3DES: Triple ECB (Triple Electronic Code Book): Sch m ho in t.
165 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Mc ni khi k s.
2. u v Nhc im Ca 3DES.
- u im: Khc vi DES, thut ton m ho 3DES c m ho 3 ln DES vi kch c khng gian kho 168 bit cho nn an ton hn rt nhiu so vi DES. -Nhc im: V 3DES s dng 3 ln m ho DES cho nn tc m ho s chm hn rt nhiu so vi DES. Phn mm ng dng t ra rt chm i vi hnh nh s v mt s ng dng d liu tc cao v kch thc khi 64 bit vn cn l mt nhc im i vi nhng h c tc ca th k 21.
m: di tu z=h(m)
vi cc h mt m kho cng khai. RSA da trn tnh kh ca bi ton phn tch cc s ln thnh ra tha s nguyn t: bit mt s nguyn t nhn chng vi nhau thu c mt hp s l bi ton d. Cn khi bit hp s, phn tch n ra thnh tha s nguyn t l bi ton rt kh m hu nh khng thc hin c nu 2 nguyn t l nhng s ln. Gi s n l mt s nguyn t v l tch ca hai s nguyn t ln khc nhau p v q (n=p.q). Ta chn mt s nguyn t vi (n)=(p-1)(q-1),v tnh b=a-1. Mod (n), tc l a.b 1 mod (n) H RSA c m t nh sau: Ly n=p.q, trong p v q l hai s nguyn t.t P=C=Zn: K={(n,b,a):ab 1 mod (n)}, Trong (n, b) l kho cng khai, cn a l kho b mt Vi K = (K,K), K= (n,b), K= a, ta nh ngha ek(x) = xb mod n dk(y) = yb mod n Vi x, y Zn Ta thy rng vi mi x Z n*(Tc l x Zn*v x l nguyn t vi n) Dk(ek(x))= (x b)a= xab= xt.(n) + 1= x mod n Vi x Zn\Zn*ta vn c ng thc ni trn, v khi hoc x chia ht cho p v x nguyn t vi q hoc x chia ht cho q v x nguyn t vi p. Trong c hai trng hp ta u c: xt.(n) + 1 = x mod p xt.(n) + 1 = x mod q T suy ra ta c xt.(n) + 1 = x mod n.
VI. Chng Thc Trong VPN
S chng thc l mt b phn cu trc ca s an ton mng ring o VPN, c th ta c mt h thng ng tin cy xc nhn nhng mng, ngi dng v dch v mng nhng nh vy cha hn l mt h thng an ton tuyt i, ta khng th kim sot c cc truy nhp vo h thng ti nguyn mng tp on ca ta trc
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 167 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
nhng ngi dng bt hp php. Cho nn mt gii php c th iu khin v ngn cn ngi dng bt hp php c tnh truy nhp h thng l ta s dng phng php chng thc.
Hnh 4: Kch bn ca s chng thc S chng thc th da vo mt trong ba thuc tnh sau: Something you have : Cha kho hay mt th du hiu Something you know: Mt khu Something you are: Ting ni hay qut vng mc
Ngi dng c th chng thc bng: Password. One-time Password (s/key). USB ikey. Smart card. PKI/ certificate IP. Tuy nhin ch l nhng phng php chng thc n, khng thch hp hay cha mnh m bo v nhng h thng, thay vo cc chuyn gia anton gii thiu phng php chng thc mnh m, p dng hai trong nhng thuc tnh trc cho s chng thc. S a dng ca nhng h thng mng VPN sn c hin thi ph thuc vo nhng phng php khc nhau ca s chng thc hoc nhng s kt hp ca chng, Ngoi cc phng php chng thc n, trong mng ring o VPN cn s dng s chng thc bng giao thc.
168 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Giao thc chng thc: Password Authentication Protocol (PAP). Challenge Handshare Authentication Protocol (CHAP). Extensible Authentication Protocol (EAP). Remote Authentication Dial-up User Services (RADIUS).
My ch chng thc: Radius. Kerberos. LDAP. NT domain. Solaris Pluggable Authentication Modules (PAM). Novell Directory Services (NDS).
1. Password Authentication Protocol (PAP): Giao thc chng thc bng mt khu.
Giao thc chng thc mt khu PAP trc kia c thit k ra chnh l mt my tnh xc nhn my tnh khc thng qua giao thc t im ti im PPP c s dng nh th tc truyn tin. S chng thc PAP c th c s dng ti ni bt u mt mi lin kt PPP tc l khi mt my trm truy nhp t xa ti h thng mng tp on n phi gi ID (tn ngi dng) v mt khu ti h thng mng ch, my ch iu khin truy nhp NAS c nhim v chng thc my trm ca ngi dng c c php truy nhp ti ti nguyn mng ca tp on hay khng. Tuy nhin, s chng thc bng giao thc chng thc bng mt khu cha s an ton v tin cy v thng tin chng thc c trao i khng an ton trong mi trng mng cng cng Internet nn cc ti phm tin hc c th nghe trm, nh cp thng tin t on ra c mt khu truy nhp vo h thng.
Giao thc CHAP c thit k tng t giao thc PAP nhng c an ton cao hn nhiu. Cng nh giao thc PAP, giao thc CHAP cng c th c s dng ti ni bt u mt mi lin kt PPP v sau lp li sau khi mi lin kt c thit lp.
VII.
mm c t gia mt mng tin cy cn c bo v ti mng khng tin cy bn ngoi nh mng cng cng Internet bo v mng ring o VPN ca mt cng ty hay mt tp on thot khi s nguy him n t cc mng khng tin cy cng nh nhng ngi dng khng hp php c tnh truy nhp vo mng khai thc ti nguyn thng tin.
Hnh 5: M hnh s dng Firewall iu khin truy nhp gia hai mng my tnh Cc lung trao i thng tin d liu v nhng yu cu truy nhp gia hai mng my tnh u phi i qua Firewall Mt mng ring o VPN cung cp nhng phin kt ni an ton da trn c s h tng mng cng cng Internet, do mng ring o VPN s lm gim chi ph xy dng c s h tng mt mng my tnh cng nh gi thnh truy cp t xa bng vic s dng ti nguyn, c s h tng mng cng cng Internet dng chung bi nhiu ngi dng. Cng ngh mng ring o VPN cho php nhng cng ty xy dng nhng mng Intranet lin kt cc tr s, chi nhnh vn phng ti mng tp on. VPN c s dng kt hp vi Firewall cung cp s bo v an ton ton din hn cho mt t chc.
Hnh 6: M hnh kt hp Firewall v VPN S truy nhp ti nguyn mng tp on c iu khin bi Firewall, qua thit lp c s tin tng gia ngi dng v mng. Tuy nhin d liu truyn gia ngi dng v mng tp on vn tim n nhng mi nguy him nh: R r, mt cp hay thay i thng tin bi ngi dng bt hp php khi cc lung thng tin i ngang qua mng cng cng Internet. Do VPN c to ra cung cp s an ton d liu ring t gia hai v tr mng. Nh vy vic s dng kt hp gia hai cng ngh Firewall v mng ring o VPN l mt gii php ti u v hiu qu an ton thng tin cao Trong phn tip theo, chng ti s gii thiu v hng dn mt s cch ci t v cu hnh m hnh VPN Server da trn Windows Server 2003 v thit lp VPN Server trn ISA Server. Thng qua cc m hnh nh : VPN Server Client to Gateway, VPN Server Gateway to Gateway, v VPN Server thng qua Internet.
CHNG IX. VPN SERVER CLIENT TO GATEWAY TRN ISA SERVER 2006 STANDARD EDITTION
I. GII THIU: 1. M hnh chi tit
M hnh miu t cch thc kt ni thng qua mt my tnh ci t ISA Server trc mt mng VPN Server bn trong. Cc Clietn s kt ni thng qua nhng rule c thit lp bn trong ISA Server v truy sut n VPN Server.
Hnh 1. M hnh tng quan VPN Server Client to Gateway 2. Mc ch : Do nhu cu ca cc doanh nghip cn phi x l cc thng tin v d liu ca cng ty mnh mi lc, v lun phi c tnh thng xuyn. Nhng vi yu cu hin nay, nu mun chnh sa, cp nht thng tin, v x l tc thi th theo hin trng nh hin nay th khng th p ng c cc yu cu ca cc doanh nghip a ra. C ngha l cc nhn vin phi lun tc trc, v nhanh chng x l thng tin khi c thay i. t trng hp nu trong lc ht gi lm vic, nhng trong thi im c mt s thng tin cn c x l Khng l cc nhn vin li phi chy n cng ty v x l thng tin trn. Chnh v iu ny nn c mt gii php ring dnh cho cc doanh nghip, m cc nhn vin c th x l thng tin nhanh chng khi nh, hoc mt ni c kt ni
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 172 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Internet n cng ty, hay mt chi nhnh ca cng ty . Gii php VPN Server Client to Gateway l gii php hiu qu khc phc nhng kh khn trn. Vi nhng thit lp d dng v c tnh bo mt cao, nn m hnh ny thng c s dng nng cao hiu qu x l thng tin ca cc doanh nghip va v nh. Mt c nhn, hay mt chi nhnh c th kt ni trc tip n d liu ca vn phng trung tm v x l chng. Cc kt ni ny c bo mt thng qua c ch ng ng c trong VPN. Sau y l cch cu hnh VPN Server Client to Gateway da trn ISA Server 2006. II. CU HNH VPN SERVER - Thc Hin: Quy c : P : S phng X : S my Quy trnh thc hin m phng trn 3 my PC Card LAN My VPN Server IP Subnet Mask Default Gateway DNS IP My ISA (Firewall) Subnet Mask Default Gateway DNS Disable Card CROSS 172.16.1.10 255.255.0.0 172.16.1.1 172.16.1.10 172.16.1.11 255.255.0.0 x 172.16.1.10
Hnh 3
174 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Hnh 4
-
Hnh 6
-
Hnh 8
-
Chn du + trc ISA Virtual Private Networks(VPN) VPN Clients Tasks Define Address Assigment
Hnh 9
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 177 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Hnh 10
-
Properties
Hnh 12
-
Hnh 13
Hnh 14
-
Hnh 15
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 180 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Apply OK
Hnh 16 Bc 4:nh ngha nhm VPN client - Vo ISA Sever Management Firewall Policy Toolbox User New
Hnh 17
-
khung
Hnh 18
-
Hnh 19
-
Hnh 20
-
Hnh 21
in tn u1 vo khung object name Check name.Nu hin ui @hdhn.com l thnh cng OK Next
Hnh 22
Hnh 23
-
Hnh 24
-
Hnh 25 Bc 5 To rule cho php kt ni VPN ISA sever management Firewall New Access Rule
Trong hp thoi Protocol cho php ta chn cc giao thc kt ni ca cc chn All outbound trafic Next
ng dng .Nhn nt
ngun c bit t trong cc thit lp. Nhn Add Networks VPN clients Add Next
Hnh 30
-
Hnh 31
Hnh 32
-
Hnh 33
Hnh 34
Hnh 35
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 191 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Wizard s cho php ta to ra 1 kt ni VPN hoc 1 kt ni Dial-up,. V c nhiu giao thc kt ni khc nhau. Ta double-click vo New Connection Wizard. (Hnh 36)
Hnh 36 Hp thoi Welcome to the New Connection Wizard xut hin Ta click next tin hnh ci t. ( Hnh 37)
Hnh 37 Hp thoi Network Connection Type cho php bn chn cch kt ni mng m bn mong mun. + Connect to the Internet : Kt ni n Internet gip cho bn c th duyt web v c mail.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 192 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
+ Connect to the network at my workplace: Kt ni n 1 mng doanh nghip (dng quay s hoc mng ring) chnh v vy bn c th lm vic ngay ti nh, vn phng chi nhnh, hoc 1 ni no . + Setup an advanced connection : Kt ni trc tip n 1 my tnh khc dng cc cng ni tip, song song, hng ngoi hoc kt ni vi my tnh ny n my tnh khc m c th kt ni vi n y ta chn Connect to the network at my workplace Next
Hnh 38 Trong hp thoi Network Connection cho php bn to 2 kt ni: + Dial-up Connection + Virtual Private Network connection. Chng ta s chon Virtual Private Network connection kt ni VPN Server. Nhn Next tip tc.
Hnh 39
-
Hnh 40
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 194 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
in a ch ip card mng LAN ca my ISA Next Lu : ta cn phi bit chnh xc a ch card mng LAN ca my ISA Server.
Hnh 42
Sau khi tin trnh ci t kt thc, h thng s xut hin mt bng Connect VPN client. Yu cu ta in y thng tin. Lu y phi l account m bn my Domain controller to v cho php truy sut.
-
nh tn u1 v pass vo Connect
Hnh 44
-
Hnh 45
V.
KT LUN
M hnh VPN Server Client to Gateway l mt gii php hu hiu dnh cho cc
doanh nghip va v nh. M hnh h tr cho cc User ngoi tuyn bn ngoi mng cc b c th truy sut vo ti nguyn ca cng ty ( nu c cho php) v x l cch nhanh chng m khng cn phi trc tip trong mng cc b. M hnh ny em li li ch cho cc doanh nghip, khng cn tn nhiu chi phi bo mt m cn em li hiu qu cao trong vic x l cc lung d liu. Cc lung d liu s c truyn theo dng ng, chnh v vy cc thit b nghe ln s kh c th thc hin c trn cc phng thc trong VPN.
CHNG X. VPN SERVER GATEWAY TO GATEWAY TRN ISA SERVER 2006 STANDARD EDITTION
I. Tng quan v m hnh:
M hnh VPN site to site c xy dng da trn m hnh client to site, nhng y hai site s va ng vai tr l client v server lun phin, m hnh ny thng c s dng bi cc doanh nghip ln, khi c 2 vn phng trung tm, hoc vn phng th 2 t cch xa nhau. M hnh ny s gip 2 site trao i thng tin qua li cch nhanh chng v bo mt nht.
Hnh 1. M hnh tng quan Thit lp mng VPN Server, kt ni 2 site vi nhau, c 2 gateway l 2 my ISA Server. Thc hin to cc user account gia 2 site cho php thc hin cc kt ni VPN cng lm vic. Ngoi ra trong m hnh ny cn qui nh v cung cp s Pool IP cp cho cc VPN Client lm vic trc tip trn cc site, quy nh s ngi c kt ni VPN. To ra cc remote access trn cc Site
II. Mc ch
Mc ch ca VPN site-to-site l kt ni 2 site vi nhau c p dng ci t mng t mt v tr ny kt ni ti mng ca mt v tr khc thng qua VPN. Trong hon cnh ny th vic chng thc ban u gia cc thit b mng c giao ISA Server chng thc. Khi cc ISA Server ng vi tr nh l mt gateway, v m bo rng vic lu thng c thit lp trc cho cc site khc VPN Server Site to Site c th c xem nh l Intranet VPN hoc ExtranetVPN. Nu chng ta xem xt chng di gc chng thc n c th c xem nh l mt intranet VPN, ngc li chng c xem nh mt extranet VPN.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 198 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Tnh cht ch trong vic truy cp gia cc site c th c iu khin bi c hai (Intranet v Extranet VPN) theo cc site tng ng ca chng. Gii php VPN Server Site To Site khng phi l mt remote access VPN nhng n c thm vo y v tnh cht hon thin ca n.S phn bit gia remote access VPN v Site To Site VPN ch n thun mang tnh cht tng trng v xa hn l n c cung cp cho mc ch tho lun. V d nh l cc thit b VPN da trn phn cng mi (Router Cisco 3002 chng hn) y phn loi c, chng ta phi p dng c hai cch, bi v harware-based client c th xut hin nu mt thit b ang truy cp vo mng. Mc d mt mng c th c nhiu thit b VPN ang vn hnh. Mt v d khc nh l mt ch m rng ca gii php Ez VPN bng cch dng Router 806 v 17xx VPN Server Site to Site l s kt ni hai mng ring l thng qua mt ng hm bo mt, ng hm bo mt ny c th s dng cc giao thc PPTP,L2TP, hoc IPSec, mc ch ca VPN Server Site to Site l kt ni hi mng khng c ng ni li vi nhau, khng c vic tho hip tch hp, chng thc, s cn mt ca d liu, bn c th thit lp mt VPN Server Site to Site thng qua s kt hp ca cc thit b VPN concentrators, Router, v Firewalls. Kt ni VPN Server Site to Site c thit k to mt kt ni mng trc tip, hiu qu bt chp khong cch vt l gia chng. C th kt ni ny lun chuyn thng qua Internet hoc mt mng khng c tin cy. Bn phi m bo vn bo mt bng cch s dng s m ho d liu trn t c cc gi d liu ang lun chuyn gia cc mng . III. CU HNH V CI T - Thc Hin: Quy c : P : S phng X : S my Quy trnh thc hin m phng trn 4 my PC :
-
Site 1 gm c 2 my : PC1 (My VPN Server ci trn ISA 2006), PC2 ( My Domain Controller ).
Card LAN My Domain IP Subnet Mask Default Gateway DNS IP Subnet Mask Default Gateway DNS Disable
My VPN Server
Site 2 gm c 2 my : PC3 (My VPN Server ci trn ISA 2006), PC4 ( My Domain Controller ). Card LAN My IP Subnet Mask Default Gateway DNS IP Subnet Mask Default Gateway DNS Disable Card CROSS 172.16.2.2 255.255.0.0 172.16.1.1 172.16.1.2 172.16.2.1 255.255.0.0 x 172.16.2.2
Domain
My VPN Server
Hnh 2
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 200 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
- Trn my my ISA 1 ta bt u xc nh s pool IP c gn. Chng ta vo ISA Server Management | Virtual Private Network | VPN Client | Task Pane | Tasks | Define Address Assignments. ( Hnh 3) - Trong ca s Virtual Private Networks (VPN) Propertise. Chn Static address pool | Add (Hnh 4) Hnh 3
Hnh 4 Ta mc nh s pool IP s c gn cho cc my Client. Start address: 10.10.10.1 End address: 10.10.10.150
Sau khi thit lp nhn Apply | Ok hon tt qua trnh gn pool IP - Tip theo chng ta s bt chc nng VPN Client Access, v xc nh cc kt ni VPN. Chng ta vo ISA Management | Virtual Private Network (VPN) | Configure VPN Client Access.
Hnh 5 - Trn hp thoi VPN Client Propertises ta vo Tab General | check vo Enable VPN client access. Tnh nng ny cho php cc my Client t xa c th kt ni ti VPN Server. di l s my Client c cho php truy sut n cng lc. y ta 100 | chn Apply | OK (Hnh 6)
Hnh 6
- Sau khi thit lp cc tnh nng Remote Access cho my Client, chng ta bt u to cc Rule cho php Remote site ca cc Client. Ta vo Virtual Private Network (VPN) | Remote Sites | Great VPN Site-to-Site Connection. (Hnh 7)
Hnh 7 hp thoi Welcome ta in tn Site2 | Next. iu ny c ngha l ta cho php truy sut t Site 2 vo Site 1. (hnh 8)
Hnh 8 Trong hp thoi VPN Protocol cho php ta la chon cc giao thc kt ni VPN ti cc site sao cho cc traffic c bo mt.
-
IP Security protocol (IPSec) tunnel mode : H tr bo mt v kh nng tng tc cao vi 1 nh cung cp VPN th 3 Layer Two Tunneling Protocol (L2TP) over IPSec : H tr 1 phng php bo mt kt ni cao, dng giao thc L2TP Point to Point Tunneling Protocol (PPTP) : Cng ging nh s dng giao thc L2TP, cng h tr 1 phng php bo mt l giao thc PPTP.
Hnh 9 Ta Click chn giao thc Point to Point Tunneling Protocol (PPTP) | Next tip tc. (Hnh 9) Ti Remote Site Gateway yu cu ta nhp vo a ch IP hoc tn ca Server m s c truy sut n VPN Server ca n. Trong Remote site VPN server ta in vo IP ca my ISA2 cng l my site 2 : 192.168.1.9 | Next tip tc (Hnh 10)
Hnh 10
Hp thoai Remote Authentication cho cc site cc b bt u mt kt ni n cc trang site t xa, mt ti khon trn cc site t xa l cn thit xc thc. Ta check vo Allow the local site to intiate connection to the remote site, using this user account. User Domain: Password : : MayISA2 <Nu c> <My VPN Server> HDHN1.com <Tn Domain ca PC4>
Hnh 11 Lu : Ti khon phi ph hp vi tn ca VPN site to site c to kt ni trong trang kt ni t xa. Hp thoi Network Address s yu cu 1 vng a ch IP, vng a ch ny phi ph hp vi vng ni b ti cui mi ng ng khc nhau. Ta click Add Range. Start Address : 192.168.1.1 End Address : 192.168.1.255
Hnh 12 Hp thoi Site to Site Network Rule cho php ta to ra 1 rule c th nh tuyn c cc traffic ti 1 VPN site to site mi trong mng. Ta click Next .
Hnh 13 Hp thoi Site to Site Network Access Rule. Ta chn All outbound traffic | Next
Hnh 14 Ta hon thnh thit lp Remote Site | Nhn Finish hon tt qu trnh.
Hnh 15 Mt bng thng bo s xut hin bo cho bn bit : Mt User vi truy sut dial-up phi c nh dng trc. V khi truy sut phi c ti khon v mt khu ca Site 2
Hnh 17
Hnh 18
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 208 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Bc 2 : Cu hnh VPN trn Site 2: Sau khi cu hnh VPN Server trn Site 1 ta tip tc cu hnh VPN Server trn Site 2: Cc bc cu hnh trn Site 2 tng t ging nh chng ta cu hnh trn Site 1 - u tin ta cng to 1 user c tn site2 trong PC4 (Domain 2) v c pass l 123456789, cp quyn log on cho User : site2 - Quy nh Pool s IP cp cho VPN Client
Hnh 20
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 209 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Hnh 21 phn Remote Site Gateway ta nhp IP ca PC1 ( My ISA 1 cng l VPN Server Site 1) | Next
. Hnh 24
Hnh 25
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 211 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Sau khi cu hnh hon tt, chng ta cng tin hnh kim tra cc Rule Site 2:
Hnh 26
Hnh 27 Bc 3 : Tin hnh kim tra kt ni n VPN Server ca 2 Site vi nhau: Tin hnh trn PC 2 ( DC 1) Click Start | Run \\172.168.2.2 ( Address PC4 <my Domain 2>) in Username v Password
Hnh 29 My PC4 (My DC 2) Click Star | Run \\172.168.1.2 ( Address PC2 <my Domain 1>) in User name v password
Hnh 30
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 213 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Hnh 31
V. Kt Lun
Bn cnh gii php s dng ng Leased Line (Knh thu ring - Gi kh cao) th mt gii php na ang c s dng ph bin trong thc t doanh nghip, l VPN Site-to-Site. Bn cht mt ng VPN l nh h tng ISP mang d liu ca t chc t Site ny n Site khc v m bo tnh ring t cho d liu ca h khi i qua mng cng cng Internet. Tuy nhin VPN thun ty khng h c bo mt v chng thc, chnh v th hin nay VPN Site-to-Site thng kt hp vi IP Security m bo an ton d liu trn Internet. Tunnel VPN c bo mt thm bng IP Sec, Attacker c bt c cc gi tin trn Tunnel ny cng khng th c hay chnh sa c ni dung. Vy u im y l: - D liu ca bn c M ha v Xc thc cng lc (Hoc ch m ha, ch xc thc ty nhu cu s dng). - C ch trao kha trong IP Sec rt an ton, kch thc kha ln. - a dng trong vic la chn phng thc m ha, xc thc.
CHNG XI. TRIN KHAI M HNH VPN SERVER THNG QUA INTERNET I, Gii Thiu Chung: VPN trn Windows 2003 thng qua Internet di dng Remote Access s cho php cc my tnh truy nhp n mng ni b ca cng ty thng qua Internet. C th xy dng mt m hnh n gin nh sau:
Modem ADSL c a ch IP tnh. Trong trng hp khng c a ch IP tnh, c th s dng DDNS. 01 my tnh ci h iu hnh Windows 2003 Server. My tnh ny s dng cu hnh VPN Server. My tnh ny nn s dng 02 card mng. My tnh t xa (Client) s dng Windows XP, Windows 2000, hoc Windows 7,. c th t kt ni VPN kt ni n Server ni trn
II, Cc Bc Ci t VPN Server Thng Qua Internet 1. Chun B: Mt modem ADSL: Cn c mt ng truyn ADSL tc cao (Nu l dch v ADSL vi a ch IP tnh cng tt) phc v cho qu trnh kt ni v truyn thng gia trong v ngoi cng ty. Cc ngi dng xa (VPN Client) s kt ni n my ch cung cp dch v VPN Server gia nhp h thng mng ring o
215 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
ca cng ty v c cp pht a ch IP thch hp kt ni vi cc ti nguyn ni b ca cng ty. Mt my Domain Controller dng lm VPN Server s dng h iu hnh Windows Server 2003, c 1 card mng kt ni vi h thng mng ni b v mt card mng kt ni ti lp mng chy dch v Internet bn ngoi ADSL (cn IP tnh, nu dng IP ng th phi s dng kt hp vi cc dch v Dynamic DNS nh dynDNS.org hay no-ip.com) kt ni vi bn ngoi (Internet).
-
Cn c 1 Hosting hoc c th to 1 host ti nh bng dch v IIS Server. Thng qua host ny, my client s remote access n VPN Server. V cn ci t thm 1 DNS Server.
Mt my tnh lm VPN Client kt ni thng qua Internet, s dng h iu hnh Windows XP, Vista, hoc Windows 7,.( Trong phn ny s hng dn to 1 VPN Client trn Windows 7 vi kt ni workplace).
Cu hnh Remote access/VPN Server vi cc dch v LAN routing, NAT and basic Firewall, VPN access
2. Cc Bc Thc Hin:
Bc 1: Cu hnh VPN Server trn 2003: - Trn AD to 1 user vi : Username: vpn_client Password : 123456789 Bn cng thit lp cho php User ny c quyn truy sut n VPN Server. Bn click phi chut vo User chn Properties | trong tab Dial-in check vo Allow Access | Apply | OK. Sau , bn cp quyn logon cho user ny. Trc khi ci VPN, cn Stop dch v Windows Firewall/Internet Connection Sharing (ICS) v chuyn dch v sang ch Disable (mc nh sau khi ci l Automatic). Chy Services Manager bng cch click Start Programs Administrative Tools Services
- By gi, chng ta bt u cu hnh VPN Server trn Windows Server 2003. Ta vo Start | Programs | Administrative Tools | Manage Your Server. Trong Manage Your Server bn chn Add or remove a role | Chn Next.
- Trong hp thoi Configrure Your Server Wizard c nhiu Role la chn ci t cho Server ca bn. Nu ban mun chy nhiu role cho Server ca mnh,sau khi ci t hon tt 1 dch v bn c th chy li wizard ny. y chng ta ang mun to ra 1 kt ni VPN Server v vy chng ta chn Role Remote access / VPN server| Nhn Next | Next tip tc qu trnh ci t. Ch : Trong qu trnh ci t, h thng s yu cu Insert t tp tin I386 t a ci t, v vy chng ta a a Setup Windows Server 2003 vo h thng cp nht
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 217 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
- Hp thoi Routing and Remote Access Server Setup Wizard xut hin bn nhn Next
and Remote Access. Chng ta chn Custom Configuration sau nhn Next
Trong hp thoi Custom Configuration chng ta check vo 3 mc: 1. VPN access 2. LAN routing 3. NAT and basic firewall Nhn Next tip tc.
Bc 2: Cu hnh Remote Access Policies : Sau khi ci t Routing and Remote Access, bt u cu hnh VPN Server ta vo Start | Programs |Administrative Tools | Routing and Remote Access. ( hoc ta vo Manage Your Server, sau click vo Manage this remote access/VPN Server)
Xc nh s Pool IP cho Client. Ta click phi chut vo tn my VPN (local) chn Properties. Ta chn tab IP| Check vo Static address pool | Add
Ta s xc nh s Pool IP cho Client, Start IP Address ta nhp 10.10.10.1 v End IP Address l 10.10.10.100. Nh vy ta gii hn c khong 100 Clietn c truy sut n cng mt lc. Cu hnh Routing and Remote Access Properties, trong phn Remote Access Policies ra nhn chut phi vo Connection to Microsoft Routing and Remote Access Server | Properties
Tng t mc Connections to other access servers | Propertise Trong tab Setting | bn check vo Grant remote access permission | Apply | OK Mc ny s cp quyn truy xut t xa cho clients
Hnh 13 Bc 3: Cu hnh NAT / Basic Firewall Ta click phi chut vo NAT/Basic Firewall | New Interface | Ta chn ln lt Local Area Connection v Internal
- By gi s tin hnh cu hnh trn Local Area Connection | Click phi chut ln Local Area Connection chn Propertise
Trong tab NAT/Basic Firewall mc Interface type bn chn Public interface connected to the Internet v check vo 2 :
-
Enable NAT on this interface : My trm c h tr NAT trn mng s gi v nhn d liu t Internet. Enable a basic firewall on this interface : Mt Firewall s chp nhn d liu t Internet nu c c yu cu t mng.
Ta tip tc n Tab Address Pool y ta s xc nh s Pool IP s c gn cho my Clients. Ta nhn Add sau thit lp s Pool IP.
Tip tc vo Tab Sevices and Port: Chn cc Port v nhng dch v bn mun cung cp ngi dng Internet c th truy sut vo.
y chng ta chn nhng Port v dch v sau: 1. Remote Desktop : check v double click vo mc ny cu hnh nh sau:
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 225 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
Trong hp thoi Edit Service ta nhp Private address ca my VPN Server vo : 192.168.1.6 | OK. 2. Secure Web Server (HTTPS), Telnet Server, VPN Gateway(L2TP/IPSec running on this server),VPN Gateway (PPTP), Web Server (HTTP), v port 8080 : ta cng thao tc tng t nh Remote Desktop - Tip tc Tab ICMP ta check vo Incoming echo request | Apply | OK hon tt cu hnh trn NAT/Basic Firewall
Bc 4: Cu hnh NAT cho port 1723 trn Modem ADSL M trnh duyt v truy cp vo a ch ca modem \\192.168.1.1 | nhp Username v Password vo.
Trong mc Select a Service ta s tm kim v chn giao thc PPTP c trong VPN Server. Trong phn ny s hng dn kt ni n VPN Server bng giao thc Point to Point Tunneling Protocol (PPTP).
- mc Server IP Address ta nhp IP ca my lm VPN Server. Ta nhn thy cc mc External Port Start, External Port End, Internal Port Start, Internal Port End port 1723 xut hin. Bn nhp Save/Apply hon tt.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 228 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
clients c th truy xut thng qua Internet ta cn m them port 80. Thao tc cng tng t nh m port 1723. Nhng ta s khng chn PPTP m ta s check vo mc Custom Server nhp vo tn domain : hdhn.name.vn
- Sau khi hon tt vic m port ta phi kim tra xem trn Internet nhn thy c port chng ta va m cha. lm c iu chng ta vo http://www.canyouseeme.org tin hnh check port.
-
Sau khi check thnh cng s c thng bo Success: I can see your service on Your IP(115.72.204.86) on port (1723). Your ISP is not blocking port 1723
Trong giao din iu khin bn s thy 1 s ch dn nh sau: + Nu Record Type l : A th Address phi l a ch IP.( y khng phi a ch IP my ca bn, m chnh l a ch IP trn mng m khi truy sut ra ngoi cc nh ISP cp cho) VD : 115.72.204.86 Lu : a ch ny c th b thay i khi bn tt hoc khi ng li Modem. Chnh v vy, bt buc bn phi cu hnh li bng tay khi IP thay i. Nhng thun li cho vic thc hin, cc bn c th ng k 1 domain c 1 a ch DynDNS. + Nu Record Type l : CNAME th Address phi l tn min. VD: hdhn.name.vn + Nu Record Type l : MX th Host record phi l @ v Address phi l tn mail server, VD:mail.hdhn.name.vn + Nu Record Type l : URL Redirect/URL Frame th Address phi l tn. VD : http://www.hdhn.name.vn
phn Host Record l @ cng thao tc tng t. c bit y do cu hnh sn Host Record l VPN, mc nh l khng c. V th bn click vo + Thm record v nhp tng t nh trn. Sau nhn Lu cu hnh, h thng s thng bo qu trnh s c thc hin hon thnh sau t pht, nhn OK Nh vy, chng ta hon tt qu trnh cu hnh VPN trn Internet. Vic cn li chng ta s thc hin 1 kt ni n VPN Server thng qua kt ni Internet c sn tn min m chng ta va cu hnh nh trn.
-
Bc 6: To mt kt ni VPN Client t Windows 7: Sau khi hon tt cc bc cu hnh cho VPN Server. Tip theo chng ta cn bit rng, cc thit lp sn sng cho mt kt ni t xa n. Chnh v iu , chng ta
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 232 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
cn thit lp 1 kt ni VPN Client kt ni n VPN Server v lm vic nh ang ngi ti my VPN Server. lm c iu ta tin hnh nh sau: Vo Start | Control Panel | Network and Internet | Network and Sharing Center. Ta click chn Set up a new connect or network. - Mc ny cho php ta ci t cc kt ni nh: Wireless, Broadband, Dial-up, Ad hoc, hoc kt ni VPN, ci t Router v mt im truy sut.
Hnh 29. Ci t mt s kt ni trong Win 7 Trong hp thoi Choose a connection option cho ta nhiu la chn kt ni: + Connect to the Internet : Ci t cc kt ni nh wireless, broadband, dial-up n Internet. + Set up a new network: Ta c th cu hnh mt router hoc mt im truy sut no . + Manually connect to a wireless network : Kt ni n mt mng n hay to ra 1 cu hnh wireless mi. + Connect to a workplace : Ci t 1 Dial-up hay mt kt ni VPN t ni lm vic ca bn. + Set a dial-up connection : Kt ni n Internet thng qua vic s dng kt ni Dial-up.
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 233 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
+ Set up a wireless ad hoc (computer to computer) network : Gip bn ci t mt mng tm thi cho vic chia s tp tin hoc kt ni n Internet.
Hnh 30. Ty chn 1 kt ni y, ta chn Connect to a workplace truy sut n VPN Server | nhn Next.
Hnh 31. To mt kt ni mi
Hp thoi xut hin s hi bn c mun dng kt ni c sn hay khng? Bn check vo : No, creat a new connection to ra mt kt ni mi | Nhn Next Hp thoi How do you want to connect ? xut hin. y bn c 2 ty chn:
1. Use my Internet connection (VPN) : Dng kt ni VPN thng qua Internet. 2. Dial directly : Kt ni trc tip t s in thoi kt ni n m khng cn
Chn Use my Internet connection (VPN) | ta chuyn n hp thoi Type the Internet address to connect to | Ti y bn phi nhp thng tin tng ng c cung cp bi Admin, c th l a ch IP, tn Domain, hoc l mt thit b Mart Card.| Nhn Next tip tc.
Bc cui cng ca qu trnh thit lp ny yu cu bn nhp Username v password m ngi qun tr cp cho bn.
Sau , nhn Connect bt u thc hin qu trnh kt ni ti VPN. Khi hon tt, cc bn c th kim tra chi tit v a ch IP t Network and Sharing Center hoc g lnh ipconfig trong Command Prompt.
III. Kt Lun
- Vi cng ngh thng tin pht trin nh hin nay p dng cc gip php cng ngh VPN s gp phn ng k vo s pht trin ca doanh nghip, gip qun l cc vn phng mt cch c hiu qa. - Cng ngh VPN gip cc nh qun tr c mt ci nhn tng quan hn v mng Intranet (M rng mng v phm vi khai thc thng tin) nh mng Internet ang ngy cng pht trin mnh nc ta nh hin nay. - Vi cng ngh mng VPN s lm tng kh nng p ng khai thc thng tin mi lc, mi ni v m bo kh nng an ton bo mt trong qu trnh khai thc , n s lm thay i cch suy ngh, lm vic v khai thc thng tin nhanh chng trong thi i CNTT bng n v h tng CNTT ti Vit nam ngy cng mnh. N s l nn
Nhm Thc Tp : + Hunh Ch Hiu TH10 + L Quang c TH10 236 + Nguyn Phm Quc Hi TH10 + L Tin Thnh Nhn TH06A
tng cho cc dch v lp trn khai thc trit khng gii hn v khng gian a l, thi gian v tng cc cng c cho nh qun l iu hnh sn xut kinh doanh trong doanh nghip mnh. Vi mt s c tnh k thut nh trn, chng ta c th thy rng Virtual Private Network l 1 trong nhng gii php ti u nht bo mt d liu c nhn hoc cng ty, t chc khi phi truyn ti qua nhiu v tr khc nhau, d dng p ng c nhu cu an ninh v bo mt trong m hnh cho php. Nu so snh vi cc h thng tr ph c chc nng tng t khc, cng ngh VPN xng ng l 1 trong nhng i th kh nh bi nht trong vic to v qun l cc trung tm x l d liu. Trong bi ny, chng em gii thiu cc gii php cng ngh cho vic xy dng mt mng ring o. Trin khai t l thuyt n thc tin trong cc vn gii quyt mng ring o ni chung, cc m hnh truy cp, cc phng php xc thc v ng dng trin khai ci t trn cc h thng mng. Sau , chng em gii thiu tng quan v cc giao thc VPN ch yu c h tr trong Windows Server v client. V cui cng chng em gii thiu n mt tnh nng ca VPN thng qua Internet bng vic truy cp mt website v thng qua website chng ta truy cp n VPN Server. Bi bo co ca chng em hon thnh, nhng cng khng trnh khi nhng thiu st. Knh mong thng cm cho nhng thiu st , v gip chng em hon thin hn trong bi bo co ny. Chng em chn thnh cm n.