LOMBA KOMPETENSI SISWA SMK TINGKAT PROVINSI LAMPUNG KE-30 TAHUN 2022 7 = Se TEST PROJECT MODUL A - INTEGRATION SYSTEMS DAY1 BIDANG LOMBA TEKNOLOGI INFORMASI SISTEM ADMINISTRASI JARINGAN IT NETWORK SYSTEMS ADMINISTRATIONDESCRIPTION OF PROJECT ‘A small startup company’s production environment contains numerous services within multiple Operating Systems, We will ask you to install, configure, and integrate the different services, You will have two work days to complete two different sets of tasks. Bach set of tasks is to be completed within one work day. For the second work day, you will continue the work of another engineer, who should have fully configured systems according to the day one set of tasks. You may check, change, or update the existing systems, but we will only score the tasks you're supposed to do on the second work day. Is 2 IT Network Systems Administration ~LKS PROVINS! LAMPUNG 2022DAY 1 - NETWORK INFRASTRUCTURE Basic Configuration * Configure IP Address of all network devices according to the addressing table. * Create SSH user ‘patah’ with password specified in the appendix. ~ ©. Make sure the userare able to enter configuration commands in the router. * Allow server admins to SSH to all network devices. * Ifyou need to set additional password on the Routers, use Skills39 ~ NAT and Routing —_ * Configure Dynamic Routing for public addresses using Border Gateway Protocol * Enable port NAT to all private addresses in sabang.net, indonesia.com, and merauke.net so that every device can connect to public subnets. = Allow sabang.net to access merauke.net via encrypted VPN tunnel. * On RTB, Create static NAT with Public IP 30.9.65.10 for STORAGE (172.17.11.102) securevieatrimaenerworr OF * Configure VPN on the routers to enable tunneling between sabang.net and + merauke.net. + Secure the VPN with any IPsec protocol. + Allow devices in sabang.net and merauke.net to communicate via encrypted VPN tunnel. RTX Layer 2 Segmentation * Configure one interface in RTX using VLAN segmentation according to the VLAN Table in Appendix. © The interface name and ordering is sometimes assigned randomly due to an unknown bug in Cisco 10S, so please check connectivity carefully. + VLAN Tagging already handled by virtual switch. There is no additional configuration on the server-side interface. IT Network Systems Administration -LKS PROVINS! LAMPUNG 2022DAY 1 ~ LINUX SERVICES ashe Configuration —_ * Configure IP Address of all Linux devices according to the addressing tabte © Croate SSH user ‘patah' with password specified in the appendix. © Bnable SSH access from any devices. * Configure port NAT in fw.sabang.net to enable access to other networks. Sshangons ‘Access stvi and stv2 and install bind9. Configure it to serve domain sabang net ‘and indonesia.com using the private addresses. = Create A records of srvi.sabang.net, srv2.sabangnet, and CA.indonesia.com that points to their respective addresses. * Create NS records: © ns1.sabang.net that points to address of srvi.sabang net © ns2.sabang.net that points to address of srv2.sabang net On both name servers, create the following subdomains using address record: © -www.sabang.net that points to all addresses of fw.sabang.net ‘© cert.indonesia.com that points to the address of CA.indonesia.com. © 100 user subdomain that points to all addresses of fw.sabang net: user001.public.sabang.net user002.publicsabang.net user003.public.sabangnet user099.public.sabang-net uuser100.public.sabang.net IT Network Systems Administration - LKS PROVINS! LAMPUNG 2022Sabang Web Hosting = Access stv1 and stv2 and install apache2. Configure It to serve all websites in sabangnet. © Install qurl to test the web service. * Create /var/wwi/index,huml default page with content specified in Appendix. Create /var/www/userXXX/index.html default page for 100 users with content specified in Appendix. Example: yvar/www/user001/index htm! jxar/www/user002/index.htm! /var/www/user003/index.html /var/www/user099/index htm! /var/www/user100/index.html * Create virtual host www,sabang.net serving /var/www index.html * Create 100 virtual ~—hosts.-—userXXX.publicsabangnet —_serving (var/www /userXXX/index.html . Example: (© user001.publicsabang.net serving /var/www/user001 /index html ‘user002 public sabang net serving /var/www//user002/index.html uuser003.publicsabang.net serving /var/www /user003/index.html 000000 ‘user099.public-sabangnet serving /var/www/user099/index-html user100.publicsabang.net serving /var/www/user100/index.html Sabang Load Balancer vd = Access fw.sabangnet and install haproxy. Configure it to loadbalance web requests. © Use /etc/haproxy /haproxy.cfg configuration file. © Donot change default configuration values. + Load Balance www-sabang.net with round robin algorithm. Name the backend sabang www * Load Balance 100 user websites with source ip algorithm, Name the backend sabang user ‘user001.publicsabangnet user002.publicsabang.net user003.publicsabang net 00000 user099.publicsabang.net user100.publicsabang.net 000000 IT Network Systems Administration ~ LKS PROVINS! LAMPUNG 2022Sabang Failover = Access srvi and srv2 and install keepalived. Configure it to serve as a failover when one of the servers is down. o Setsrv2 as backup. Use virtual IP 172.16.1.205 ° © Use VRRP ID 205 ©. Use script to check DNS service. When DNS service is down, move virtual IP to another server. Sabang iSCSI = Access srv1 and srv2 and install tgt. Configure it to serve iSCSI target in sabang.net. © Use device /dev/sdb, /dev/sde, /dev/sdd, /dev/sde, /dev/sdf, /dev/sdg, Jdev/sdh, /dev/sdi, /dev/sdj, /dew/sdk © Atotal of 20 disks will become iSCSI targets = Access fw.sabangnet and install open-iscsi. Configure it to connect to iSCSI target in srv1 and srv2. © Don’t create any filesystem on the disk. ©. Make sure both disks from stv and srv2 are available on fw.sabang.net. SabangDHCP @- + Access fwsabangnet and install any dhcp server. Configure to serve DHCP in sabang.net. a o Network: 172.16.0.0/20 > 0 Available Addresses: 172.16.0.1- 172.16.14.253 ~ ©. Gateway: 172.16.15.254 = Greate static lease forsrv1 and srv2. Configure those servers to use DHCP. é ym? ie Sil IT Network Systems Administration — LKS PROVINS! LAMPUNG 2022APPENDIX Users and Passwords Username Password Remark patah KesultananDemak2021 New User user Skills39 - [ Administrator Skills39 Windows Server only root Skills39 Debian only Network Devices Addressing Table Device Name IP Address CIDR Network Fc RIX 172.17.1.2/30 296° ee ‘edge.sabang.net 192,168.199.1/21 2A® J, | indonesia.com eee 172,10.1.1/16 client 30.9.65.9/29 9 v Public {___. RTB 30.9.65.11/29 Public 172.17.9.1/22 merauke.net End Devices Addressing Table Device Name IP Address CIDR Network srvL.sabangnet 172.16.1.201/20 180 sabang.net a srv2.sabangnet 172.16.1.202/20 sabangnet fw-sabang.net 172.16.15.254/20 sabang.net 172.17.1.1/30 22 edge.sabang.net cA 192.168,192,168/21 #¢ »»,PMdonesia.com Dc 172,17,10.100/22 2446") merauke.net STORAGE 172,17,11.102/22 merauke.net budi-pe 172.10,19,45/16 49% vs client IT Network Systems Administration - LKS PROVINS! LAMPUNG 2022VLAN Table Network Address 10 172.17.1.0/30 192.168.192.0/21 /var/www/index html

Default Page

This page has not been modified by the owners. var/www /userXXX/index.html [Replace XXX in the folder name and file content with user number, for example /var/www/user009/index html] Default Page for userxxx

This page has not been modified by the user. Uw IT Notwork Systems Administration ~ LKS PROVINSI LAMPUNG 2022TOPOLOGY Mikrotik / Quagga Zebra Debian IT Network Systems Administration - LKS PROVINS! LAMPUNG 2022TOPOLOGI FISIK PC MERAH _ es JT Network Systems Administration ~ LAS PROVINS! LAMPUNG 2022LOMBA KOMPETENSI SISWA SMK TINGKAT PROVINSI LAMPUNG KE-30 TAHUN 2022 TEST PROJECT MODUL A - INTEGRATION SYSTEMS DAY2 BIDANG LOMBA TEKNOLOGI INFORMASI SISTEM ADMINISTRASI JARINGAN IT NETWORK SYSTEMS ADMINISTRATIONDESCRIPTION OF PROJECT A small startup company’s production environment contains numerous services within multiple Operating Systems. We will ask you to install, configure, and integrate the different services. You will have two work days to complete two different sets of tasks. Each set of tasks is to be completed within one work day. For the second work day, you will continue the work of another engineer, who should have fully configured systems according to the day one set of tasks. You may check, change, or update the existing systems, but we will only score the tasks you're supposed to do on thwe second work day.DAY 2 - LINUX SERVICES Folder Backup ‘© Backup all users virtual host folder in srvi and srv2 to C:\publlc In STORAGE, © Backup all 100 users folder, ‘= /var/wvew/uiser001/ = /var/\wwew/user002/ /var/wwew/user003/ ww = /var/wwew/user099/ = /var/www/user100/ ‘© Mount the remote backup folder locally at /backup. = For server svi, place backup content in directory /backup/srvi/ = Forserver srv2, place backup content in directory /backup/srv2/ © Schedule backup every 1 hour using cron as root user, Its okay to overwrite previous backups. Email Services ‘® Install any mail service and configure a sending-only mall server In fw.sabang.net © Secure SMTP Port 465 © Enable PAM Authentication = Make sure all local users are able to authenticate © Use the self-signed certificate from Windows CA for this task. Securing HTTP Access © Use CA from Windows to generate self-signed certificates required for this task. ‘© Enable HTTPS in the load balancer serving www.sabang.net. Enable HTTPS in the web server serving user websites. © Configure load balancer to forward traffic non-terminated HTTPS. Load balancer will not handle HTTPS, HTTPS Is handled by the backend web server. ‘© Only enable to the first 5 and last 5 users : user001.public.sabang.net user002.public.sabang.net user003,public.sabang.net user004.public,sabang.net z é 2 2 user100,public.sabang.netDAY 2 - WINDOWS SERVICES Basic Configuration * Configure IP Address of all windows servers according to the addressing table. *® Determine and set gateway IP address to all windows servers. * Configure hostname of all windows servers, * Make all windows servers pingable from any devices, File Sharing ‘© Create and Share Folder C:\backup\ in host STORAGE © Enable AD Authentication, permit user ‘Administrator’ only * Create and Share Folder C:\public\ in host STORAGE ‘©. Disable Authentication, anonymous user can read and write to this folder. Cross Platform iSCSI ‘© Configure ISCSI Initiator on STORAGE ‘© Connect to all 20 disks in Sabang iSCSI. . Create an NTFS filesystem and mount all 20 disks to E:/, F:/, and so on in any order, ‘© Make sure 20 extra disks Is accessible via File Explorer Configure Web Service HTTPS ‘© Access STORAGE and Install IIS web service. © Serve web https://www.merauke.net ‘©. Serve file index.htm as specified in the appendix © Use a Self-Signed Certificate from LKSN2021-CA to enable HTTPS. © Serve 25 user websites: © Make sure it is accessible using following URL https://user01.merauke.net, hetps://user02.merauke.net, https: //user03.merauke.net, and so on until https://user25.merauke.net. © Use a Self-Signed Certificate from LKSN2021-CA to enable HTTPS. © Servefile users.htm! in the following directory: C:\www\users\01 \users, htm! C:\www\users\02\users.htm! C:\www\users\03\users. html C:\www\users\25\users. htm! H aun: wan? pores ror’ 94d Setup VPN ‘e Access STORAGE and Install RRAS and NPS. © Configure VPN Server for Windows Client © Authenticate using username and password In Active Directory. © Permit any users in the domain to authenticate. 'e Make sure budi-pc can connect to the VPN using previously configured Public IP from NAT.© Create the VPN in budi-pc with the name ‘Public’ so that the user can connect immediately. © Access the network device and open the ports needed. © Make the VPN also accessible via local IP of STORAGE from budi-pe. ° Create the VPN in budi-pc with the name ‘Direct’ so that the user can connect Immediately. © Configure routing as needed. Active Directory and DNS ‘© Access DC and Configure AD for domain merauke.net ‘© Create a normal AD user ‘patah’ with password specified in the appendix. ‘© Create DNS Address Record for servers in merauke.net according to their hostnames, for example DC. merauke.net Vv «Create DNS Record www.merauke.net pointing to IP Address of STORAGE ‘© Create 25 DNS Records for users website pointing to IP Address of STORAGE: ser01.merauke.net user02.merauke.net user03.merauke.net co 0000 ser25.merauke.net pew" of Certificate Authority > ‘e Access CA and Configure CA to issue required Certificates by Linux Services © Common Name ; LKSN2021-CA © Do not join this server to any domain. © Generate certificates required by other services with the following ONS name: www.sabang.net + public-sabang.net wewew.merauke.net *.merauke.net Save these certificates and their private keys as one pf file in C:\cert\ Use Skills39 as export password Use the DNS name as filename : www.sabang.net. pfx public.sabang.net. pfx wwrw.merauke.net.pfx wildcard.merauke.net. pfx 0000000 Backup Configuration ‘Access CA and Schedule Backup using Windows Backup. Backup folder C:\cert and all its contents to \\STORAGE\backup right away. ‘© Create at least one empty .brt file to the backup folder Schedule the backup every day at 1 AM.