Ubuntu For Intranet Services

9,205 views
8,953 views

Published on

A presentation to introduce students to the server capabilities of Ubuntu in an intranet setting.

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
9,205
On SlideShare
0
From Embeds
0
Number of Embeds
159
Actions
Shares
0
Downloads
230
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Ubuntu For Intranet Services

  1. 1. Ubuntu for Intranet Services This work is licensed under the Creative Commons Attribution-Share Alike 3.0 Philippines License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/ph/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. By Dominique Gerald Cimafranca [email_address]
  2. 2. Definition <ul><li>An intranet is a private computer network that uses Internet technologies to securely share any part of an organization's information or operational systems with its employees </li></ul>
  3. 3. Objectives <ul><li>Evaluate possible intranet/Internet setups </li></ul><ul><li>Identify essential intranet services </li></ul><ul><li>Set up Ubuntu as an Intranet server </li></ul><ul><li>Automated remote installation of Linux clients </li></ul><ul><li>Discuss alternative options </li></ul>
  4. 4. Ubuntu Guide http://doc.ubuntu.com/ubuntu/serverguide/C/index.html
  5. 5. Why Intranets? <ul><li>Security </li></ul><ul><li>Administrative control </li></ul><ul><li>Application flexibility </li></ul><ul><li>Bandwidth savings </li></ul><ul><li>Offline operations </li></ul>
  6. 6. Intranet Configurations Single Site Multi-Site
  7. 7. Intranet / Internet Setup A Internet Router / Switch
  8. 8. Intranet / Internet Setup B Internet Router Switch
  9. 9. Parameters <ul><li>Organization connected through SOHO broadband </li></ul><ul><li>Internal IP addresses are RFC1918 private IP addresses </li></ul><ul><li>External IP address is dynamic and randomly allocated </li></ul><ul><li>May make use of external hosting services with permanent IP addresses </li></ul><ul><li>Small internal LAN (<100 users) </li></ul>
  10. 10. Key Intranet server functions <ul><li>DNS server </li></ul><ul><li>DHCP server </li></ul><ul><li>Mail server </li></ul><ul><li>File server </li></ul><ul><li>Print server </li></ul><ul><li>Authentication server </li></ul><ul><li>Firewall </li></ul><ul><li>Web / FTP server </li></ul><ul><li>CMS server </li></ul>
  11. 11. DNS <ul><li>Domain Name Service (DNS) is an Internet service that maps IP addresses and fully qualified domain names (FQDN) to one another </li></ul><ul><li>DNS alleviates the need to remember IP addresses </li></ul><ul><li>Ubuntu ships with BIND (Berkley Internet Naming Daemon), the most common program used for maintaining a name server on Linux </li></ul>
  12. 12. Internal DNS vs. External DNS <ul><li>Internal DNS is designed only to serve client's DNS queries ( primary nameserver ) </li></ul><ul><li>Limited to the internal domain </li></ul><ul><li>Needs to forward queries for other domains ( caching nameserver ) </li></ul><ul><li>Required for accessing public servers </li></ul><ul><li>Required for mail services </li></ul><ul><li>Use external DNS hosting services </li></ul>
  13. 13. DNS queries Who is www.internal.com? Who is www.external.com? Who is www.external.com? It's 54.189.12.11. It's 192.168.11.1. It's 54.189.12.11.
  14. 14. Example DNS zone file ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA ns.example.com. root.example.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.example.com. @ IN A 127.0.0.1 ns IN A 192.168.1.10 www IN A 192.168.1.11
  15. 15. Key Intranet server functions <ul><li>DNS server </li></ul><ul><li>DHCP server </li></ul><ul><li>Mail server </li></ul><ul><li>File server </li></ul><ul><li>Print server </li></ul><ul><li>Authentication server </li></ul><ul><li>Firewall </li></ul><ul><li>Web / FTP server </li></ul><ul><li>CMS server </li></ul>
  16. 16. DHCP <ul><li>The Dynamic Host Configuration Protocol (DHCP) is a network service that enables host computers to be automatically assigned settings from a server as opposed to manually configuring each network host </li></ul><ul><li>Computers configured to be DHCP clients have no control over the settings they receive from the DHCP server, and the configuration is transparent to the computer's user </li></ul>
  17. 17. DHCP interaction D'oh! My MAC address is 48:24:AC:33:03:21. Who am I supposed to be? You are 192.168.11.15. Your DNS server is 192.168.11.1. Your default gateway is 192.168.11.254.
  18. 18. DHCP via router vs. DHCP via server <ul><li>SOHO router / switches offer a basic DHCP server </li></ul><ul><li>Simple to configure, but very limited options </li></ul><ul><li>DNS and gateway services usually point back to the router </li></ul><ul><li>Slightly more complex to configure, server must be up before network </li></ul><ul><li>More flexible setup </li></ul><ul><li>Needed for remote automated installations </li></ul>
  19. 19. Sample DHCP configuration file # Sample /etc/dhcpd.conf # (add your comments here) default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.254; option domain-name-servers 192.168.1.1, 192.168.1.2; option domain-name &quot;mydomain.example&quot;; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.100; range 192.168.1.150 192.168.1.200; }
  20. 20. Key Intranet server functions <ul><li>DNS server </li></ul><ul><li>DHCP server </li></ul><ul><li>Mail server </li></ul><ul><li>File server </li></ul><ul><li>Print server </li></ul><ul><li>Authentication server </li></ul><ul><li>Firewall </li></ul><ul><li>Web / FTP server </li></ul><ul><li>CMS server </li></ul>
  21. 21. MTA <ul><li>A Mail Transfer Agent , also known as Simple Mail Transfer Protocol (SMTP) daemon , is a program that transfers mail from one system to another </li></ul><ul><li>Postfix is the default Mail Transfer Agent (MTA) in Ubuntu </li></ul><ul><li>Other MTA programs: Exim4, Sendmail, and Qmail </li></ul>
  22. 22. MTA operation This message is meant for buboy@internal.com. Cool. I'll keep it in his mailbox here. This message is meant for gaga@external.com. Okay. I'll send it to the mail server of external.com.
  23. 23. How about email from outside? External Mail Server Internal Mail Server Okay. I'll keep it here. This message is meant for buboy@internal.com. Fetchmail It's 9:00. I'm collecting all the email you got.
  24. 24. IMAP <ul><li>An Internet Message Access Protocol server allows a local client to access e-mail on a remote server. </li></ul><ul><li>IMAP supports both connected (online) and disconnected (offline) modes of operation </li></ul><ul><li>Alternative older protocol is Post Office Protocol (POP) </li></ul><ul><li>Ubuntu can use either Dovecot or Courier IMAP </li></ul>
  25. 25. Other considerations <ul><li>Email clients: client-based applications or web-based front end? </li></ul><ul><li>Spam filtering </li></ul><ul><li>Digital certificates for encryption and authentication </li></ul><ul><li>Mailbox quotas </li></ul><ul><li>Shared address books </li></ul>
  26. 26. Evolution
  27. 27. SquirrelMail
  28. 28. Key Intranet server functions <ul><li>DNS server </li></ul><ul><li>DHCP server </li></ul><ul><li>Mail server </li></ul><ul><li>File server </li></ul><ul><li>Print server </li></ul><ul><li>Authentication server </li></ul><ul><li>Firewall </li></ul><ul><li>Web / FTP server </li></ul><ul><li>CMS server </li></ul>
  29. 29. Samba <ul><li>File and Print Services for Unix/Linux </li></ul><ul><li>Samba is a free software re-implementation of SMB/CIFS networking protocol </li></ul><ul><li>Samba provides file and print services for various Microsoft Windows clients </li></ul><ul><li>Can integrate with a Windows Server domain as Primary Domain Controller or domain member </li></ul><ul><li>Can also integrate with Active Directory domain </li></ul>
  30. 30. File-and-Print Services Samba
  31. 31. Do away with traditional file sharing! <ul><li>Insecure </li></ul><ul><li>No accountability </li></ul><ul><li>No version management </li></ul><ul><li>No organization </li></ul><ul><li>Ineffecient use of disk space </li></ul>
  32. 32. CUPS <ul><li>The Common Unix Printing System (CUPS) , a modular printing system for Unix-like computer operating systems, allows a computer to act as a print server. </li></ul><ul><li>A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer. </li></ul><ul><li>Primarily for Unix clients and Unix servers </li></ul>
  33. 33. Printing considerations <ul><li>Who's allowed to print? </li></ul><ul><li>What time can they print? </li></ul><ul><li>Printing quotas </li></ul><ul><li>Physical security </li></ul><ul><li>Printer compatibility with Linux (see http://www.linuxprinting.org) </li></ul>
  34. 34. Key Intranet server functions <ul><li>DNS server </li></ul><ul><li>DHCP server </li></ul><ul><li>Mail server </li></ul><ul><li>File server </li></ul><ul><li>Print server </li></ul><ul><li>Authentication server </li></ul><ul><li>Firewall </li></ul><ul><li>Web / FTP server </li></ul><ul><li>CMS server </li></ul>
  35. 35. Centralized authentication <ul><li>Manage users from one single location </li></ul><ul><li>Define access to services within the intranet </li></ul><ul><li>Single sign-on for applications </li></ul><ul><li>Security restrictions </li></ul><ul><li>Backup authentication servers </li></ul>
  36. 36. OpenLDAP <ul><li>LDAP is an acronym for Lightweight Directory Access Protocol , it is a simplified version of the X.500 protocol </li></ul><ul><li>LDAP can be used in numerous ways: authentication, shared directory (for mail clients), address book, etc. </li></ul><ul><li>Interoperates with Active Directory (via Samba) </li></ul><ul><li>Pluggable authentication for Linux clients </li></ul>
  37. 37. Kerberos <ul><li>Kerberos is a network authentication system based on the principal of a trusted third party </li></ul><ul><li>The other two parties being the user and the service the user wishes to authenticate to </li></ul><ul><li>Not all services and applications can use Kerberos, but for those that can, it brings the network environment one step closer to being Single Sign On (SSO) </li></ul><ul><ul><li>Applications need to be kerberized (e.g., Apache's modauthkerb and PHP's kadm5) </li></ul></ul>
  38. 38. Key Intranet server functions <ul><li>DNS server </li></ul><ul><li>DHCP server </li></ul><ul><li>Mail server </li></ul><ul><li>File server </li></ul><ul><li>Print server </li></ul><ul><li>Authentication server </li></ul><ul><li>Firewall </li></ul><ul><li>Web / FTP server </li></ul><ul><li>CMS server </li></ul>
  39. 39. Firewall <ul><li>The Linux kernel includes the Netfilter subsystem, which is used to manipulate or decide the fate of network traffic headed into or through your server </li></ul><ul><li>The default firewall configuration tool for Ubuntu is ufw </li></ul><ul><li>IP Masquerading is allows machines with private, non-routable IP addresses on your network to access the Internet through the machine doing the masquerading </li></ul>
  40. 40. Server-based vs. router-based <ul><li>Server-based firewalls are more complex to install </li></ul><ul><li>More flexibility in configuration </li></ul><ul><li>Logging capabilities </li></ul><ul><li>Pre-installed, simple to configure </li></ul><ul><li>Limited configuration options </li></ul><ul><li>No logging capabilities </li></ul>
  41. 41. Firestarter
  42. 42. Key Intranet server functions <ul><li>DNS server </li></ul><ul><li>DHCP server </li></ul><ul><li>Mail server </li></ul><ul><li>File server </li></ul><ul><li>Print server </li></ul><ul><li>Authentication server </li></ul><ul><li>Firewall </li></ul><ul><li>Web / FTP server </li></ul><ul><li>CMS server </li></ul>
  43. 43. Web / FTP / CMS ...you know about this already...
  44. 44. Webmin <ul><li>Webmin is a web-based interface for system administration for Unix </li></ul><ul><li>Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more </li></ul><ul><li>Webmin removes the need to manually edit Unix configuration </li></ul><ul><li>Lets you manage a system from the console or remotely </li></ul><ul><li>http://webmin.com </li></ul>
  45. 45. Webmin
  46. 46. ISPConfig <ul><li>ISPConfig is an open source hosting control panel for Linux </li></ul><ul><li>ISPConfig simplifies the complicated details of setting up DNS, multiple unique domain name websites on one physical server box, and e-mail accounts for multiple users on those websites. </li></ul><ul><li>http://www.ispconfig.org </li></ul>
  47. 47. Google Apps <ul><li>Google Apps is a service from Google for using custom domain names with several Google products </li></ul><ul><li>It features several Web applications with similar functionality to traditional office suites, including: Gmail , Google Calendar , Talk , Docs and Sites. </li></ul>
  48. 48. Google Apps
  49. 49. Google Apps vs. Roll-your-own <ul><li>Easy to set up </li></ul><ul><li>Minimal internal infrastructure to manage </li></ul><ul><li>Accessible anywhere </li></ul><ul><li>Accountability and uptime </li></ul><ul><li>Privacy issues </li></ul><ul><li>Ads </li></ul><ul><li>Complicated to set up </li></ul><ul><li>Need to maintain servers and apps </li></ul><ul><li>Remote access issues </li></ul><ul><li>Greater administrative control </li></ul><ul><li>Greater security </li></ul><ul><li>Offline access </li></ul>
  50. 50. Other general considerations <ul><li>Hosting services </li></ul><ul><li>Digital certificates </li></ul><ul><li>Virtual Private Networks </li></ul><ul><li>Remote access </li></ul><ul><li>Remote automated installation </li></ul><ul><li>System management </li></ul>
  51. 51. Questions?
  52. 52. Ubuntu for Intranet Services This work is licensed under the Creative Commons Attribution-Share Alike 3.0 Philippines License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/ph/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. By Dominique Gerald Cimafranca [email_address]

×