Introduction

Unit Whole Sale (UWS) is a distribution company based in Scotland that specialises in sales of
household products. The company has grown and the owner has decided to acquire another
distribution company called Clyde Importers that specialises in electronics and household products,
and toys. The UWS now needs a new computer networked system to replace the old one that
cannot function at the right pace. As a network engineer, I have been given a task to build a new
network system that will be beneficial for the company.

Task 1: Implementation of name resolution services

1.1. Design and implement an automatic IP addressing
mechanism

1.1.1. The meaning of routed and flat network. What is the difference? Which one is
better? Why?
The routed network and flat network are two different types of networks.

The flat network is a basic network having all stations (e.g. computers) connected directly to each
other without passing through any intermediary devices, such as switch or router. It is a one
network segment, being less secure and with slow traffic within workgroups and departments.

The routed network is a type of network where switches or routers are used, and it improves
security and traffic flow by filtering out packets before reaching their destinations. Network
collisions and crashes are prevented.

The routed network is a reliable and better network type compared to the flat network and is
commonly in use nowadays.
1.1.2. Design and implement an automatic IP addressing mechanism

Static IP address and dynamic IP address are two types of IP addresses:

- Static IP addressing: It concerns the static routing. Static routes are inserted manually into a host or
router. The administrator must program each router in the internetwork with proper routes, he
must know all paths that exist between networks, helping get from one network to another one.

Static IP Addressing

Source: http://stponline.co.uk/course/view.php?id=626

- Dynamic IP addressing: Configured IP addresses are provided by these servers; DHCP server, DNS
server and Web server. The DHCP and DNS servers are network addressing servers.
 Source: http://stponline.co.uk/course/view.php?id=626

Static or dynamic IP addressing? Why?

The dynamic IP addressing is much better while being convenient and safe. It is assigned by a DHCP
server, and not configured by humans. It is a very cost effective method of providing IP addresses
and human’s error factor is erased.

~6~
 Network diagram for United Wholesale Scotland

1.1.3. The functions and benefits of using a DHCP server. How many DHCP servers
are needed?

Demonstrate the installation of DHCP server

Go to ‘Add Roles’ in server manager and select ‘DHCP Server’. Then ‘Enter’. This will open
the ‘Network Connection Bindings’ screen. Then click ‘Next’.
Enter the ‘Parent Domain’ name and IP address of the domain’s DNS server. Click ‘Next’.
Enable ‘WINS is not required for applications on the network’. Click ‘Next’.

Add or edit ‘DHCP Scopes’ in this page. Click ‘OK’ and later ‘Next’ to move on.

~ 11 ~
In the ‘DHCP Stateless Mode’, select ‘Disable DHCPv6 stateless mode for this server. Click ‘Next’.

~ 12 ~
Click ‘Install’ to confirm the installation selections.

The installation is completed.

Authorize the DHCP server

To authorize the DHCP server, go to ‘Start menu’, select ‘Administrator tools’ then click ‘DHCP’. The
screen will open. Right click on DHCP and select ‘Manage authorized servers’.

Now, enter the name and IP address of the server. Click ‘OK’ to confirm it.
1.2. Design and implement a domain naming strategy

A DNS (Domain Name System) is a protocol that allows TCP/IP-capable users from anywhere in the
planet to find resources, wherever there are, by using their domain name. DNS manages domain
names and Internet hosts by making it easier to find resources on networks.

Installation of DNS service

Go to server manager, select ‘Add Roles’, and click the ‘DNS Server’. Then click ‘Next’.

Click ‘Next’ to continue.

From here, confirm the installation by clicking ‘Install’.
The installation is completed.
Installation of Forward and Reverse Lookup Zones

Go to start menu, then admin tools and click on DNS. When the new screen opens, expand it.

Right click ‘Forward Lookup Zone’, and select ‘New Zone’. And click ‘Next’ on the next window.
Now, select ‘Primary zone’ and enable ‘Store the zone in AC’, click ‘Next’.
Select ‘To all DNS servers’ and click ‘Next’.

Provide the ‘Zone name’ and click ‘Next’.

Next, select ‘Allow only secure dynamic updates’, click ‘Next’.

Click ‘Finish’ to complete the process.

The configuration is completed.

● Do the same process for the ‘Reverse Lookup Zones’.

Select ‘IPv4 Reverse Lookup Zone’, click ‘Next’.
Select ‘Network ID’ and provide Network ID. Click ‘Next’.

Enable Dynamic Updates by allowing it.

Click ‘Finish’ to complete the process.
Add appropriate resource records

To do it, go to DNS manager, expand the ‘Forward Lookup Zones’ and right click it your domain
name. Add new host name and IP address, and click ‘Add Host’.

This screen shows that the new host has been successfully created.
Installation of WINS:

Go to server manager, select ‘Features’, and click ‘Add Features’.

Select ‘WINS Server’ and click it.

Now, click ‘Install’ to confirm installation.

The installation is completed, click ‘Close’.

Adding static WINS for non-WINS clients

To do it, go to start menu, then admin tools, and select ‘WINS’. Expand ‘SERVER2’ and right click
‘Active Registration’.
The ‘Static Mapping’ window opens, input computer name, type and IP address. Click ‘OK’.

Configuring push/pull replication partners

Go to start menu, admin tools, and select WINS. Right click ‘SERVER2’ and select ‘Push or Pull
Replication’.
Now, from this window, add or name the IP address of ‘WINS server’ and click ‘OK’.

Now, select the replication method. ‘Start for the partner only’ has been selected. Click ‘OK’.
1.2.6. The integration of DHCP and DNS in a network
Alternative strategies in a routed network for automatic IP
addressing

Many alternative ways exist to assign automatic IP addresses in a routed network. Below are some
explained ways to do it;

● Dynamic allocation: IP addresses are automatically assigned by DHCP server to clients for a period
of time. A specific scope is needed for the process. A lease is used to limit the time (of assignment).

● Client reservation: with this method, an IP address may be reserved for a client to use, and that
will be a permanent one.

● Alternative configuration: with this method, users can configure IP addresses manually for
computers to use. The technique is good for computers that used constantly in different
environments.

Alternative techniques of name resolution

DNS name is transformed into IP address in a conventional name resolution. A DNS server may use
other techniques for the name resolution. Below are some of techniques;

▪ Iterative resolution: clients will have to use a name server while searching for a name. An iterative
request is sent by a client to a name server, and the server will reply either by giving the address of
another server that could contain the name or with something really closer in case it cannot find the
name.

~ 52 ~
 Source: http://www.tcpipguide.com/TCPIPGuide_2-0_s6.pdf

▪ Recursive resolution: The method consists of a client sending a request to a server, and for the
server to find the answer. If the server is unable to find the answer, it will become a client itself and
will send requests to other servers for them to find the answer.
 Source: http://www.tcpipguide.com/TCPIPGuide_2-0_s6.pdf

Task 2: Configuring and supporting routing and remote access

2.1. Create a troubleshooting, back-up and fault tolerance
strategies

There are three parts to be considered while troubleshooting network problems:

- Research the symptoms of the problems

- Identify what causes the problems
- Find a solution to the problems

Network commands or tools are used for troubleshooting and diagnosing network OS problems. The
most used commands are: PING, TRACERT, IPCONFIG and LOOPBACK.

● PING: it allows to test the connectivity with other computers or servers on the same network. It
also shows the time packets take to reach hosts. Ex: ping 192.168.1.2
The figure above shows the number of packets sent and how long they took by pinging 192.168.1.2.

● IPCONFIG: it allows to get information about the IP configuration of the server or computer on
the network. The IPCONFIG command tool will show the IP address plus the subnet mask.

● LOOPBACK: is used for testing IP configuration (EX: 127.0.0.1). It test packets sent to a
network destination and that is returned as received to the originator.
● TRACERT: (Trace Route) almost similar to PING, but also allows to watch the route information
uses to get from one computer to another one.

2.1.1. Backing up strategies for DHCP, DNS and WINS servers

The DHCP and DNS are network addressing servers.

DHCP server

It plays a key role in both small scale and medium to large scale corporations. In small scale
corporations the DHCP server may be reinstalled many times and there is no negative impact
reflected from this practice on the network infrastructure because there are only few computers to
take care of.

DNS server

There are two ways for the DNS restoration:

▪ Create a primary zone with the use of the earlier created backup file.
▪ Convert the primary zone to AD Integrated Zone.
WINS server

Configuration of WINS: Open the WINS server properties, select ‘backup database during shutdown’
from the ‘general tab’, then create a folder where to save all data. The manual way is by right-
clicking the WINS server from roles and select the ‘backup database’ tab.
2.2. Capture and analyse network data with the use of
networking tools
Many different networking tools can be used for capturing the dataflow of a network. It is crucial for
organizations to have these kind of tools and for monitoring network traffic, capturing and analysing
data to track all data going through the network.

Wireshark is a network protocol analyser, widely used by many organizations today. With the use of
Wireshark, live data can be captured from Ethernet, IEEE 802.11 and local area connection networks.
Network data captured can be browsed in different manners.

- The image below displays Wireshark capture interfaces.

- Here, the platforms and processes of who are receiving and sending data to this machine.
- The image displays all packets being transmitted across the network. The principal point here is to
find patterns or identify anything that looks suspicious.
- This image displays the ‘TCP stream’ of an interesting packet.

- This image displays the packet’s details.

2.3. Provide connectivity solutions for a multi-vendor
networking environment

Managing different operating systems in the same network complicate the ability of setting up
automated management routines. Among problems making it difficult especially in large networks
are:

- Most large networks have multiple systems that are used for different purposes.
- The introduction of new OSs and technologies every few months or years increases complexity.
The figure below shows the Windows 2008 Server supporting clients from multi vendors:

Source: http://pluto.ksi.edu/~cyh/cis370/ebook/ch04f.htm

As mentioned earlier, it is confusing to get different OSs interoperating with one other. Especially
due to the uniqueness of design characteristics that has each OS, from system calls the Kernel
architectures. Ex; in a large organization, when a client or user brings in a Linux OS computer and
request to join the network based on Windows OS, he will be unable to join or be rejected because
both OSs are not compatible to communicate in the same network. The solution is make them
coexist. Systems management for end-to-end across all OSs just do not exist. Analysts and users
recognize that the basis for making different platforms share information and communicate are
standards.

Task 3: Configuration of network security

3.1. Create a networking design and implementation report
for remote access

3.1.1. Configure Inbound and Outbound VPN + benefits of VPN

Many methods and protocols are used to manage VPNs, with a purpose to prevent fraudulent
authentication and snooping. VPN comes has some advantages, like:
▪ VPN creates a trusted connection on a not trusted system.

▪ VPN cab be used in WLANs.

▪ VPN may be controlled remotely.
▪ VPN is more secure compared to traditional network.
▪ VPN is cost effective.

Configuration of VPN

From server manager, go to ‘Add Roles’, select ‘Network Policy and Access Services’, then ‘Next’.

The role services to be installed have been selected, click ‘Next’.

Press ‘install’ to confirm the installation, and click ‘Close’.

Next stage; got to start menu, admin tools, select ‘Routing and Remote Access’, and right click
‘SERVER2’. Then, click ‘Configure and Enable Routing and Remote Access’.
From here, click ‘Next’.
From this window, select ‘Custom configuration’, then click ‘Next’.

Select VPN access and click ‘Next’.

Now, click ‘Finish’ to complete the process. Then you can start the service.
Configuration of Inbound and Outbound

From start menu, go to admin tools, select Routing and Remote Access, then expand the IPv4 and
right click ‘General’ and right click ‘Local Area Connection’. Then go to ‘Properties’.
Select ‘Inbound Filters’ and click ‘OK’ to open the inbound window.

~ 70 ~
Add IP Filter by entering the IP address and Subnet mask, and click ‘OK’, then ‘Apply’ to make
changes on VPN. Later click ‘OK’ to complete the process.
The outbound configuration is the same as the inbound configuration, except the provided IP
addresses will be specified for the Outbound.

3.1.2. Remote Access

It allows a user to get access to the organization’s network fully, and being far from the network’s
location. The remote desktop is useful for services of remote access. With that system, users can
fully manage computers locating within the network. Both client’s desktop and computer to be
managed must be configured.
3.3. Certification Authority (CA) and IPSec

Microsoft Windows provides series of industry standards techniques and methods providing security
for communicate in network. The PKI (Public Key Infrastructure) and IPSec (IP Security Protocol) are
two main standards in use today. Under the code of PKI is the Certification Authority (CA).

- PKI: The cryptography of PKI is an essential part of technology for E-commerce, intranet, extranet
and web enabled applications.

- Public/Private Keys: Both keys are mathematically related. The public key may be widely
distributed and is used for the encryption of data. The private key can only decrypt the data and is kept
secret.

3.3.1. Role of Certification Authority

The CA is a process responsible for the security of the network containing valuable information. It
provides and assigns the keys for decryption, encryption and authentication. A CA allocates keys and
issues certificates containing a set of attributes and a public key.

3.3.2. Configure IPSec policies for data encryption

IPSec is a set of security protocols that can be used to protect the private data on a public
infrastructure environment, it provide a strong and cryptography-based defence against all network
attacks.

Go to Run; enter mmc (Microsoft Management Control) and click ‘OK’.

~ 80 ~
Select the appropriate file and click on the Remove or Add on snap in. Scroll down to ‘IP
Security Policy Management’, click ‘Add’ and ‘OK’.

Now, select which computer or domain the snap-in will manage, and click ‘Finish’.

Here, select ‘IP Security on Local Computer’ on Console ROOT, and click ‘OK’.

~ 81 ~
Right click ‘IP Security on Local Computer’ and click ‘Create IP Security Policy’.

Click ‘Next’ to continue.

~ 82 ~
Enter the IP Security Policy’s name, and click ‘Next’.

Click ‘Next’ and later ‘Finish’ to complete the process.

~ 83 ~
Conclusion
Within networked systems, several applications are used, with servers playing key roles. Servers are
installed and configured to provide many different services to users within small or large
organizations. This unit helped me to install and configure client’s computers and servers, especially
according to UWS requirements. Knowing how to implement and manage a secured networked
system are essential keys for my IT career.