Competitor fills in. Expert fills in

Similar documents
Installing and Configuring vcenter Support Assistant

Active Directory - User, group, and computer account management in active directory on a domain controller. - User and group access and permissions.

Rally Installation Guide

VMware Identity Manager Connector Installation and Configuration

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

Virtual Appliance Setup Guide

Thinspace deskcloud. Quick Start Guide

Getting Started Guide

WorldSkills Competition 2011 Austrian Championship. IT Network Systems Administrator Day 1

WorldSkills Hong Kong Competition Test Project IT Network Systems Administration (Linux Module) English Version only 只 提 供 英 文 版 本

Getting Started with ESXi Embedded

F-Secure Messaging Security Gateway. Deployment Guide

How to Configure an Initial Installation of the VMware ESXi Hypervisor

VMware vcenter Log Insight Getting Started Guide

Installing and Using the vnios Trial

Setup Cisco Call Manager on VMware

EMC Data Domain Management Center

Virtual Appliance Setup Guide

Quick Note 052. Connecting to Digi Remote Manager SM Through Web Proxy

Installing the Operating System or Hypervisor

RingStor User Manual. Version 2.1 Last Update on September 17th, RingStor, Inc. 197 Route 18 South, Ste 3000 East Brunswick, NJ

OnCommand Performance Manager 1.1

Quick Start Guide for VMware and Windows 7

Quick Setup Guide. 2 System requirements and licensing Kerio Technologies s.r.o. All rights reserved.

Lab Configuring Access Policies and DMZ Settings

vshield Quick Start Guide vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0

VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager

NOC PS manual. Copyright Maxnet All rights reserved. Page 1/45 NOC-PS Manuel EN version 1.3

VMware vcenter Support Assistant 5.1.1

Extreme Control Center, NAC, and Purview Virtual Appliance Installation Guide

Building a Penetration Testing Virtual Computer Laboratory

First Installation Guide

RealPresence Platform Director

Table of Contents. Online backup Manager User s Guide

Virtual Appliance for VMware Server. Getting Started Guide. Revision Warning and Disclaimer

CDH installation & Application Test Report

How to Backup and Restore a VM using Veeam

Virtual Appliances. Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V. Virtual Appliance Setup Guide for Umbrella Page 1

Advanced Diploma In Hardware, Networking & Server Configuration

Install Guide for JunosV Wireless LAN Controller

Cookbook Backup, Recovery, Archival (BURA)

EZblue BusinessServer The All - In - One Server For Your Home And Business

Testing New Applications In The DMZ Using VMware ESX. Ivan Dell Era Software Engineer IBM

Quick Start Guide. Sendio System Protection Appliance. Sendio 5.0

How To Set Up Egnyte For Netapp Sync For Netapp

Option nv, Gaston Geenslaan 14, B-3001 Leuven Tel Fax Page 1 of 14

ESX System Analyzer Version 1.0 Installation Guide

Secure Web Appliance. Reverse Proxy

VMware vsphere: Install, Configure, Manage [V5.0]

Virtual Server Installation Manual April 8, 2014 Version 1.8

SOA Software API Gateway Appliance 7.1.x Administration Guide

Required Virtual Interface Maps to... mgmt0. virtual network = mgmt0 wan0. virtual network = wan0 mgmt1. network adapter not connected lan0

How To Use 1Bay 1Bay From Awn.Net On A Pc Or Mac Or Ipad (For Pc Or Ipa) With A Network Box (For Mac) With An Ipad Or Ipod (For Ipad) With The

VMware vsphere 5.0 Evaluation Guide

Penetration Testing LAB Setup Guide

CommandCenter Secure Gateway

F-Secure Internet Gatekeeper Virtual Appliance

Quick Start Guide for Parallels Virtuozzo

Virtual Managment Appliance Setup Guide

POD INSTALLATION AND CONFIGURATION GUIDE. EMC CIS Series 1

GregSowell.com. Mikrotik Basics

SmartFiler Backup Appliance User Guide 2.0

ISERink Installation Guide

LOCKSS on LINUX. CentOS6 Installation Manual 08/22/2013

EZblue BusinessServer The All - In - One Server For Your Home And Business

Storage Sync for Hyper-V. Installation Guide for Microsoft Hyper-V

OnCommand Performance Manager 2.0

vshield Quick Start Guide

StorSimple Appliance Quick Start Guide

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

Dramatically simplifying voice and data networking HOW-TO GUIDE. Bundle Quick Start Guide

Configure thin client settings locally

Kwickserver Firewall. Overwiew. Features. Two distinct internal networks. Portfilter. Documentation Version 1.1. Peter Buzanits

Uila SaaS Installation Guide

VMware for Bosch VMS. en Software Manual

Virtual Web Appliance Setup Guide

Enterprise. Insights. Active Directory Integration: Installation and Setup Guide. v1.0.5

How To Set Up A Firewall Enterprise, Multi Firewall Edition And Virtual Firewall

NEFSIS DEDICATED SERVER

Interworks. Interworks Cloud Platform Installation Guide

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

Remote PC Guide for Standalone PC Implementation

MN-700 Base Station Configuration Guide

PowerPanel Business Edition Installation Guide

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

VMware vsphere: Fast Track [V5.0]

Lab Configuring Access Policies and DMZ Settings

Tips for getting started! with! Virtual Data Center!

VMware Quick Start Guide

Acano solution. Virtualized Deployment R1.1 Installation Guide. Acano. February B

Core Protection for Virtual Machines 1

AlienVault. Unified Security Management (USM) x Initial Setup Guide

VMware vsphere 5.5: Install, Configure, Manage Lab Addendum. Lab 4: Working with Virtual Machines

Virtual Appliance Setup Guide

Network Setup Guide. 1 Glossary. 2 Operation. 1.1 Static IP. 1.2 Point-to-Point Protocol over Ethernet (PPPoE)

Basic System Administration ESX Server and Virtual Center 2.0.1

NexentaConnect for VMware Virtual SAN

SuperLumin Nemesis. Administration Guide. February 2011

Transcription:

1/16 Time: 6:45h Trade: 39 - IT Network Systems Administration Experts: Danny Meier, Florian Meier, Pascal Meier, Tobias Meier, Lukas Hubschmid Competitor fills in Name Date Signature Expert fills in Points

2/16 Overview 1 EXAM... 3 1.1 CONTENTS... 3 1.2 INTRODUCTION... 3 1.3 DESCRIPTION OF PROJECT AND TASKS... 3 1.3.1 Client... 3 1.3.2 Server... 3 1.3.3 Network... 3 1.4 Important hints und tips... 3 1.5 PART 1 CLIENT... 4 1.5.1 Windows 8.1 on PC3... 4 1.6 PART 2 SERVERS... 5 1.6.1 ESXi server (esx01)... 5 1.6.2 ESXi server (esx02)... 5 1.6.3 vcenter Server (vcs01)... 5 1.6.4 Windows Server 2012 R2... 6 1.6.5 First Debian Linux... 8 1.6.6 Second Debian Linux... 9 1.7 PART 3 NETWORKING... 10 1.7.1 rt01... 10 1.7.2 rt02... 10 1.7.3 sw01... 10 1.7.4 AP01... 11 1.7.5 Sophos Firewall... 11 1.7.6 Routing... 13 2 APPENDIX... 14 2.1.1 PHYSICAL NETWORK DIAGRAM... 14 2.1.2 LOGICAL NETWORK DIAGRAM... 15 2.2 INSTRUCTIONS... 16 2.2.1 INSTRUCTIONS TO THE COMPENTITOR... 16 2.2.2 EQUIPMENT, MACHINERY, INSTALLATIONS AND MATERIALS REQUIRED... 16

3/16 1 EXAM 1.1 CONTENTS This Exam Project proposal consists of the following document/file: 1. network administration (trade 39) task sheet (this document) 1.2 INTRODUCTION The competition has a fixed start and finish time. You must decide how to best divide your time. You have to confirm each task of your doings on a separate sheet. This means if you have processed the task check the appropriate checkbox. Otherwise this task will not be corrected and you won t get points. If you mark any task as done but you haven t done anything you will lose points! READ THROUGH THE ENTIRE SCRIPT BEFORE STARTING. AFTERWARDS YOU MAY WORK IN ANY ORDER. PLAN CAREFULLY! 1.3 DESCRIPTION OF PROJECT AND TASKS You are the IT responsible to implement some changes to the CloudHosting company. A brief overview of the upcoming changes is available in the network diagrams. Please consider the logical as well as the physical diagram. 1.3.1 Client The client (PC3) is located on a remote site and is the designated workplace for employees. You don t have to setup this computer. Just configure the settings which are described in the tasks. 1.3.2 Server To reduce hardware and maintaining costs the servers are mostly virtualized. 1.3.3 Network Cloudhosting uses a super-fast, reliable cisco network infrastructure. 1.4 Important hints und tips On some difficult tasks there are hints which gives you some advice how to configure. A hint is written in italic and begins with: Hint: If you re not familiar If you are not familiar with the configuration of network devices Cisco/ESXi and routing try to use a flat network design. You will only lose points for the network tasks. The tasks will be judged by functionality. Maybe there are other paths to achieve the solution requested by the script. Your solutions must be reproducible by the experts by using an appropriate level of documentation. If the administrator or root password isn t set to the given defaults and it isn t documented somewhere, the judges will not be able to mark your work and you will lose points.

4/16 1.5 PART 1 CLIENT Work Task Client Note: Please use the default configuration if you are not given the details. The default password for the administrator is Trade39 1.5.1 Windows 8.1 on PC3 Please configure Windows 8.1 on PC3. Hostname is cl01 Local Administrator password is Cloud2014. (Use Administrator user!) Configure network settings as specified in appendix Install the ciscorollovercable.exe (Driver) for using the cisco configuration cable Install filezilla FTP client located on the USB Stick Install VMWare vsphere Client located on the USB Stick Install Chrome located on the USB Stick Turn off the Windows firewall Join the computer into the domain Hint: Some other tools are also useful on the usb stick. For example, maybe you want to use putty for router configuration, or winscp to transfer files.

5/16 1.6 PART 2 SERVERS Work Task Server Note: Please use the default configuration if you are not given the details. Install and configure the servers related to the following concept. In case of undefined subtasks make a reasonable assumption. Note: Before you can install ESXi you have to change settings in BIOS (F10). Set system time to current time Activate Data Execution Prevention (Security -> System Security) Enable VTx (Security -> System Security) Enable VTd (Security -> System Security) Disable secure boot (Security -> Secure Boot Configuration) 1.6.1 ESXi server (esx01) Use PC1 as the ESXi machine. Set-up the ESXi server Important: Make sure the time/date is correctly set! keyboard layout: swiss german Root password: Cloud2014. Configure the network as specified in the appendix (VLAN, IP, hostname) Configure 192.168.50.1 as default gateway (vsphere Client) On the host configure VLAN 40 as Intern and VLAN 20 as DMZ virtual machine network Rename datastore1 to esx01.vms Hint: ESXi server are configured by vsphere Client. You will find it on the USB stick. 1.6.2 ESXi server (esx02) Use PC2 as the ESXi machine. Set-up the ESXi server Important: Make sure the time/date is correctly set! keyboard layout: swiss german Root password: Cloud2014. Configure the network as specified in the appendix (VLAN, IP, hostname) Configure 192.168.50.1 as default gateway (vsphere Client) On the host configure VLAN 40 as Intern, VLAN 30 as WLAN, VLAN 20 as DMZ, and VLAN 10 as Internet virtual machine network Rename datastore1 to esx02.vms Hint: ESXi server are configured by vsphere Client. You will find it on the USB stick. 1.6.3 vcenter Server (vcs01) Hint: Use vsphere Client to import virtual machines on the ESXi host. Import vcenter ova template from Tools USB Stick (Tools) to the ESXi server (esx01) import vcenter ova template into ESXi server using vsphere Client the vcenter server should be homed in Intern network

6/16 login to vcenter installation wizard username: root and password: vmware Set the password for root: Cloud2014. Use admin@cloudhosting.com as e-mail address Configure the network as specified in the appendix Configure 192.168.50.1 as default gateway Enable Certificate regeneration Connect with vsphere web client and add the ESXi servers Create datacenter with name Swiss ICT Import ESXi into the datacenter 1.6.4 Windows Server 2012 R2 Hint: Use vsphere Client to install virtual machines on the ESXi host. Install Windows Server 2012 R2 as virtual machine on ESXi host esx02. Don t create a hardware version 10 VM, please use an older hardware version! Important: Make sure the time/date on the ESXi server is correctly set before install the VM! Use ad01 as virtual machine name OS: Windows Server 2012 R2 Use VMXNet3 as network adapter an choose the Intern network (!Important) Disk space: 100GB, thin provisioning Set-up the Windows Server 2012 R2 (with GUI) o Hostname: ad01 o Administrator password: Cloud2014. o Install VMWare Tools o Deactivate IE-ESC for Users and Admins (Internet Explorer Enhanced Security) o Use network settings given in the appendix o Configure 192.168.50.1 as default gateway 1.6.4.1 Install the following services Active Directory Services o Domain name (AD): cloudhosting.com o Netbios: cloudhosting o Use for active directory recovery password: Cloud2014. o Save Active Directory unattended installation script under C:\ad-install.ps1 DNS Server Configure reverse lookup zone for the Intern network Configure the forward zone cloudhosting.com o Configure the following A records: web01.cloudhosting.com 52.32.1.20 web02.cloudhosting.com 52.32.1.21 www.cloudhosting.com -> 34.67.120.1 o Configure the following CNAME records: customer01.cloudhosting.com www.cloudhosting.com customer02.cloudhosting.com www.cloudhosting.com Create a new forward zone. o Create the following A records: 34.67.120.1

7/16 DHCP Server Enable DHCP service for Intern network o range: 192.168.50.100-254 o default GW: 192.168.50.1 o DNS: 192.168.50.20 DFS sharing Install DFS Namespaces feature Create folder c:\shares\business and share folder with read/write rights for admin and all domain users Create Namespace shares o Use Domain-based namespace and enable 2008 Server mode o Create a folder business in Namespaces with target to the business share on ad01 1.6.4.2 Other tasks: Rename the Administrator to Admin Install Chrome located on the USB stick Install WinSCP located on the USB stick Copy putty on the desktop of the administrator (also located on the USB stick) 1.6.4.3 Organisation Unit and groups Create following organisation units: CEO MOBILE IT Create security group CEO in OU CEO and assign users from OU CEO Create security group MobileUsers in OU MOBILE and assign users from OU MOBILE 1.6.4.4 Domain User Create the following users in the active directory. (Hint: use a scripting language) Name Username Password Organisation Unit mobileuser1... mobileuser120 mobileuser{1..120} Cloud2014. MOBILE ceo1... ceo15 ceo{1..15} Cloud2014. CEO It1 It1 Cloud2014. IT 1.6.4.5 Group Policies Default Domain Controller Policy Allow logon locally for domain users (hint: this is very important!) Create a policy called user_defaults on top of domain hierarchy. Map the DFS drive \\cloudhosting.com\shares\business to X:\ Disable first sign-in animation for Microsoft windows

8/16 Users of the organisation unit IT Should automatically be included in the local administrators group Users of the organisation unit CEO have the following restrictions: Are not allowed to access the display settings on the control panel Disable the use of any USB devices Users of the organisation unit MOBILE have the following restrictions: Set the default homepage (Internet Explorer) to www.cloudhosting.com The default homepage setting should not be changeable Hide all local drives for this OU Client computer cl01 (PC3) At logon on this computer, users should see this message before logging in: For authorized usage only. Unauthorized usage is strictly prohibited. 1.6.5 First Debian Linux Hint: Use vsphere Client to install virtual machines on the ESXi host. Don t create a hardware version 10 VM, please use an older hardware version! Use web01 as virtual machine name OS: Debian GNU/Linux 7 (64-bit) Use E1000 as network adapter an choose the DMZ network (!Important) Disk space: 32GB, thin provisioning Note: Don t use any graphical user interfaces! Otherwise you will be penalised! Set-up the Debian Server as a virtual machine on esx01 o Configure virtual machine using the DMZ network adapter o Hostname: web01 o Root password: Cloud2014. o Configure the network settings specified in the appendix o Configure 52.32.1.1 as default gateway

9/16 1.6.5.1 Install follow services Web server o Configure the web server for listening on port 80 o Configure Virtual Hosts customer01.cloudhosting.com Document Root /var/www/customer01 Copy the game files located on the USB stick (Net Rush 2) into the webservers root (hint: use the windows 8.1 client and WinSCP) customer02.cloudhosting.com Document Root /var/www/customer02 Create the file index.html, which shows Customer02 when opening customer02.cloudhosting.com Make sure that NetRush2 (customer01.cloudhosting.com) is the default site on the webserver o Install PHP5 FTP o Install FTP server o Configure FTP user www with password Cloud2014. for access to www directory of the webserver mysql o Install mysql Server & phpmyadmin o Use Cloud2014. for all passwords 1.6.6 Second Debian Linux Hint: With vcenter installed, you are able to clone machines this saves a lot of time Install the debian machine exactly with same configuration than the machine First Debian Linux Configure the cloned debian machine as specified in the appendix (hostname, IP)

10/16 1.7 PART 3 NETWORKING Work Task Network Note: Please use the default configuration if you are not given the details. Hint: If you not familiar with the configuration of Cisco devices make a flat network (for example: 192.168.50.0/24) and connect all devices to that network! Hint: All Cisco devices could be configured with the light blue rollover cable and putty (on Tools USB stick) Attention: For all Cisco devices use Cloud2014. as enable password 1.7.1 rt01 Hint: If you not familiar with configuring a trunk on a router use interface GE0/0 as Intern and interface GE0/1 as Internet. Connect GE0/0 to swi01 port 07 and GE0/1 to swi01 port 06 Configure the Router switch to fit these requirements: Configure the physical ports on rt01 as specified in the appendix Configure VLANs and IP addresses as specified in the network diagram Configure the hostname as specified in the appendix Enable SSH v2 remote management services o Create user cisco with password cisco for SSH login 1.7.2 rt02 Configure the router to fit these requirements: GE0/1 is used for the Internal network for the client and GE0/0 for the INTERNET (see details in the appendix) Configure the hostname as specified in the appendix Enable SSH v2 remote management services o Create user cisco with password cisco for SSH login Configure a DHCP server on the router o Scope: 172.16.0.100-254 o Default gateway: 172.16.0.1 o DNS: 192.168.50.20 1.7.3 sw01 Configure the switch to fit these requirements: Configure the physical ports on sw01 as specified in the table below Configure the hostname as specified in the appendix Configure VLANs and IP addresses as specified in the network diagram Configure default gateway: 192.168.50.1 Enable spanning-tree portfast by default Enable SSH v2 remote management services o Create user cisco with password cisco for SSH login

11/16 PORT CONNECT TO MODE 01 PC1 trunk 02 PC2 trunk 03 rt01 trunk 04 ap01 access (VLAN 30) 05 rt02 access (VLAN 10) 06 nothing access (VLAN 10) 07 nothing access (VLAN 40) 08-24 nothing Shutdown 1.7.4 AP01 AP01 was already pre configure by a colleague. Unfortunately there are some errors in the configuration. Important Note: The access point is only accessible over SSH with IP address specified in the appendix (use putty on the USB stick). Do not change IP or SSH configuration otherwise you will lose all points of this task. The username for SSH access is cisco with password cisco. Enable password: Cloud2014. Configure the details specified in the appendix Please let the network radio interfaces disabled! Otherwise you will be penalised (and you allow strangers to access your infrastructure) Configure the SSID hotspot with WPA2 pre shared key Configure both radio interfaces with the SSID hotspot (do not activate the radio interfaces!) Use as WPA2 Key securehotspot Remove all other SSIDs 1.7.5 Sophos Firewall Note: the Sophos Management web interface is reachable under https://[ipsophos]:4444/. Create new virtual machine on esx02 as specified in the network diagram. Don t create a hardware version 10 VM, please use an older hardware version! Use fw01 as virtual machine name OS: Other 2.6.x Linux (64-bit) Use E1000 as network adapter an choose the Intern network (!Important) Disk space: 30GB, thin provisioning Connect all VLANs to the virtual machine o First interface: Intern o Second interface: WLAN o Third interface: DMZ o Fourth interface: Internet

12/16 Configure the Sophos Firewall to fit these requirements: Set-up the Sophos Firewall o Hostname: fw01 o Keyboard: German o Company: Cloudhosting o City: Bern o Admin email account: admin@cloudhosting.com o Root/admin password: Cloud2014. Configure IP addresses as specified in the appendix NAT o ACLs o o o o o o Enable outbound NAT for all Intern clients (Masquerading) Allow access from network Intern to DMZ and WLAN Allow access from Intern to remote site network and vice versa Enable access to the internet for all devices in the network Intern, WLAN and DMZ Deny any other access Allow ICMP on and through firewall Allow ICMP ping and trace route on firewall Configure Hotspot feature for WLAN network o Enable hotspot feature on interface WLAN in voucher mode o Enable 1 Day voucher o After successful login redirect to page www.cloudhosting.com o Allow access to Intern network without authentication o Enable user portal from any network for every user o Login as admin and create 20 vouchers and export it as CSV on C:\users.csv on the client Configure Sophos web application firewall for web01 and web02 o Use www.cloudhosting.com as access URL o Make sure that Sophos firewall does load balance between web01 and web02 Enable Pass Host Header o Enable basic firewall protection o Test www.cloudhosting.com from the client or server (use chrome browser) DHCP o Configure a DHCP server for the VLAN WLAN o Use 10.0.0.100-254 as range o Default Gateway: 10.0.0.1 o DNS: 10.0.0.1 DNS Forwarding o Enable DNS on Sophos Firewall o Forward DNS request to ad01

13/16 1.7.6 Routing Note: These requirements are for rt01, rt02 and fw01 Do not set a default-gateway on any of the devices Use static routes for communication between main and remote network o Make sure that both routers have configured the appropriate routes that cl01 could reach all hosts in the network Intern Hint: connections from Intern to remote site pass the router and the Sophos Firewall. You have to configure an appropriate route on the Sophos firewall too.

14/16 2 APPENDIX 2.1.1 PHYSICAL NETWORK DIAGRAM

15/16 2.1.2 LOGICAL NETWORK DIAGRAM

16/16 2.2 INSTRUCTIONS 2.2.1 INSTRUCTIONS TO THE COMPENTITOR Do not bring any materials with you to the competition. Mobile phones are not to be used. Do not disclose any competition material / information to any person during each day s competition. Read the whole competition script prior you start working. 2.2.2 EQUIPMENT, MACHINERY, INSTALLATIONS AND MATERIALS REQUIRED Computers: PC (3x) Display (2x) Keyboard (2x) Mouse (1x) Network: Cisco Switch 2960s series (1x) Cisco Router 2911 series (2x) Cisco Wireless CAP2602 (1x) Additional software: Linux Debian engl. Version DVD (1-3) Additional equipment: Microsoft Windows Server 2012 R2 DVD VMWare ESXi 5.5 CD UTM Sophos Firewall DVD Tools USB Stick including: o vcenter Appliance, vsphere Client, Cisco Packet Tracer Version 6, Fillezilla, Wireshark, Putty, Java, Flash Player, WinSCP, VPN Client Power cables 7x Rollover cables 2x (Console cable for cisco devices) Miscellaneous patch cable 8x (2-4 m)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information