Orascom-tehnical study final
-
Upload
sidy-mohamed-koutam -
Category
Documents
-
view
86 -
download
0
Transcript of Orascom-tehnical study final
Orascom File Serving technical study
By:Naimi Intissar Zriba Mayssa Sidy Med Kutam hidri mejda Ayed Karim Ben Khemis Karem El jaziri Achraf 4 IRT
2
Outline:Introduction
Services
Network technology
Security technology
conclusion
3
Introduction
Network
ServersUsers and costomers
StorageOrascom
Files Serving
Access / Upload
/download file
4
Services
WebMailing
Directory
File transfer
Monitoring
Data Base
5
Web Server:
Apache: free and secure
Zeus:Propriety license
IIS:Operation system supported by Windows
6
Web Server:The exchange security between
customers and servers is been secured thanks to protocol HTTPS that requires the usage of a SSL certificate.
7
Mailing Mailing service have two functions
Sending(SMTP) Receiving(POP3, IMAP) Mailing Process
Mail server Mail Client
8
Mail server
Server
Qmail Postfix SendMail
Free servers usingSMTP
-Simple to set up-Secure-Is not designed for big needs
-Easy to install and configure
-Secured with anti Spam
-Difficult to configure-Powerful-Very complex with a difficult maintenance
We have chosen Postfix as a server for sending mail
9
Mail server
Server Dovecot Cyrus
Free servers using POP/IMAP
-Simple to set up-Secured with anti Spam
-Very secure-Difficult to configure because its architecture is old-Is not designed for big needs
We have chosen Dovecot as a server for receiving
10
Mail client
★ we have chosen Mozilla thunderbird
11
File transfer
➢ FTP is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet.
➢ FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.
12
Comparison between three FTP server
server FileZila Proftp pureFtpd Titan FTP Server
Os Multiplatform Linux Linux Windows
Free YES YES YES NO
FTPS YES YES YES YES
➢ We have chosen to use Filezila because itis multiplatform and moresecured than others.
13
Directory stores and organizes information about computer network's users and
network resources and allows network administrators to manage users' access to the resources.
14
Directory
Open source implementation of the Lightweight Directory Access Protocol.
Includes:tand-alone LDAP daemon (server)
User Authentication
User/System Groups
Address book
directory backups
User resource management
15
Monitoring:
ZabbixCentreonNagios
UDP port 161
UDP port 162
UDP port 161
Supervisor
Devices to superviseSNMP requests
SNMP responses
SNMP Traps
16
Monitoring: notification:
Zabbix : use mail and /or sms notification
Centreon : notifiying by email address
Nagios : use mail notification for exemple with installing a postfix mail server
17
Monitoring: notification (centreon)
SQL database solution
A database is an organized collection of data. The data are typically organized to model relevant aspects of reality in a way that supports processes requiring this information.
In our project we have to find a solution to organize data. So, we choose to compare between two solutions
SQL database solution
Criterion of comparison MYSQL Postgres
Processing speed MySQL query cache can speed up queries for reads the most common tables.
Don’t have this specificity
Security Replication function more advanced than PostgreSQ
Replication function has recently become available
Language support has more API with programming languages and is supported by a large number of programs
is not best suited for web application than MYSQL .
we chosen Mysql
20
ORASCOM file serving Consolidate user data
Deploy unified storage appliance
Enable heterogeneous file sharing
Benefits: Simplified management Improved server
utilization Faster more reliable
backup Enhanced availability
Centralize backup
Cluster for higher availability
Add disks as needed
21
Network
MPLSIPV6
IPV4
22
IPv4/IPv6
Services: all the services of our project have to be accessible using IPv6 technology.Backbone :Both of IPV4 and IPV6 should be supported
23
Network architecture
IPV6
IPV4
24
Backbone
X-25
packet-switching wide area network provides a reliable and safe data transfer makes Flow control and error recovery
Frame Relay
provides Higher Data Rate with Lower Cost. Eliminate the procedure of error recovery enables frame relay to operate at speeds 20 times greater than X.25.
ATM
based on transfering data in cells or packets of a fixed size.The delay or latency is significantly reduced.ATM is therefore suited for voice and video transmission.
It is slow
not enough speed compared to nowadays demand
it's expensive
MPLS
25
It's based on Label Switching which make it rapid
switching(no access to routing tables, no need to IP
address to route packets).
It integrates voice, video and data services: MPLS's
traffic management capabilities enable this.
The performance characteristics of layer 2 networks
The connectivity and network services of layer 3
networks
Improves the price/performance of network layer routing
Improves scalability
Improves the possibilities for traffic engineering
Supports the delivery of services with QoS guarantees
Avoids need for coordination of IP and ATM address
allocation and routing information
Advantages :MPLS
26
solution
VPN
To transfer data from site to site, the flow
pass through the IP/MPLS cloud and the
WAN .the security is only assured in
IP/MPLS cloud so we need to use a VPN
over the WAN to be able to secure the
transfer of data along the whole
distance .
Data Storage
27
Local network services
Dynamic IP allocations
•DHCP: provided by each site
Domaine Name
resolution
•DNS:provided by each site•Bind
28
Network access management
29
Security technology
FirewallsIDS
VPN
30
IDS : Means IDS Intrusion Detection System. It is a device to monitor the activity of a network or a single host to
detect intrusion attempts and possibly react to this attempt
SNORT: Network intrusion prevention system (NIPS)Network intrusion detection system (NIDS)
OSSEC : Host intrusion detection system (HIDS)
We choose Snort, as IDS engine because it is scalable, flexible in deployment and snort can monitor multiple machines from one physical and logical location.
31
Virtual private network : A virtual private network (VPN), using encryption and other secure methods , enables a computer to send
and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network.
PPTP : Point-to-point tunneling protocol:
L2TP/IPSec: Internet Protocol Security
OpenVPN
Due to this comparison we have chosen to use OpenVPN .
32
Firewall: To protect the network from unauthorized access and to allow legal communications between different sites we choose to work with firewalls technology because a good firewall will inspect internet traffic, following rules for what traffic is allowed and what is not.
Smoothwall: It’s not deployed as a VPN end point
Pfsense:It can be configured and upgraded through a web-based interface
We have chosen PfSense because it supports a large number of packages that expand its basic implementation, it contains real time graphing and it is easy adaptable to own services checks.
33
Intrusion detection System
34
Intrusion detection System
35
Intrusion detection System IDS SNORT OSSEC
Type Network intrusion prevention system (NIPS)Network intrusion detection system (NIDS)
Host intrusion detection system (HIDS)
Os Cross-platform Cross-platform
licence GNU general public licence GNU GPL v3
We choose Snort, as IDS engine because it is scalable, flexible in deployment
and snort can monitor multiple machines from one physical and logical location.
36
BackupWe could face different dangerous events that will probably cause
the loss of data, that’s why we need to provide our network with a backup.
37
Backup- We have differents softwares for making backup between them -Bacula - Amanda Both use backup to disk, DVD with SQL Catalog.
We have chosen Amanda because of it ‘s certified Security
38
Backup over frame-relay
MPLS
Frame Relay
-We can do the backup in different way using ISDN…-According to the technical paper we choose to make the backup over frame relay
39
Voice Communication
➢ VoIP is a technology that allows you to make voice calls using a broadband Internet connection instead of a regular phone line.
➢ Some VoIP services may only allow you to call other people using the same service, but others may allow you to call anyone who has a telephone number - including local, long distance, mobile, and international numbers
40
Comparison between three Platforms
VOCAL Asterisk Yateprotocols H.323 SIP MGCP H.323 SIP IAX
MGCP SCCPH.323 SIP IAX MGCP
scalability yes yes yesextensibility yes yes yesadministration through GUI through GUI and
LCthrough GUI
Qos yes yes novoice mail yes yes yesconference yes yes yesGateway VoIP/PSTN
no yes yes
➢ We have chosen to use Asterisk
41
Voice Communication➢ Data Networks must be robust enough to support the additional
Voice and possibly Video Traffic● Remember → if the Data Network is down, you can’t make phone calls
➢ Network Architecture needs to address● Quality of Service● Security● Redundancy● Availability
42
Voice Communication Security ➢ Firewalls should be deployed where Voice and Data Networks meet● Prevent Data Network Attacks from affecting Voice
➢ Users should be authenticated to gain access to the network● Authenticate Users● Assign Policies● Assign Users to VLANs based on Identity
43
conclusionIn this chapter we have studied all the technologies
needed, this will help us determine which technologies are most fitted to our IP and then choose the best one to deploy.
44
Thank you for your attention