Orascom File Serving technical study

By:Naimi Intissar Zriba Mayssa Sidy Med Kutam hidri mejda Ayed Karim Ben Khemis Karem El jaziri Achraf 4 IRT

2

Outline:Introduction

Services

Network technology

Security technology

conclusion

3

Introduction

Network

ServersUsers and costomers

StorageOrascom

Files Serving

Access / Upload

/download file

4

Services

WebMailing

Directory

File transfer

Monitoring

Data Base

5

Web Server:

Apache: free and secure

Zeus:Propriety license

IIS:Operation system supported by Windows

6

Web Server:The exchange security between

customers and servers is been secured thanks to protocol HTTPS that requires the usage of a SSL certificate.

7

Mailing Mailing service have two functions

Sending(SMTP) Receiving(POP3, IMAP) Mailing Process

Mail server Mail Client

8

Mail server

Server

Qmail Postfix SendMail

Free servers usingSMTP

-Simple to set up-Secure-Is not designed for big needs

-Easy to install and configure

-Secured with anti Spam

-Difficult to configure-Powerful-Very complex with a difficult maintenance

We have chosen Postfix as a server for sending mail

9

Mail server

Server Dovecot Cyrus

Free servers using POP/IMAP

-Simple to set up-Secured with anti Spam

-Very secure-Difficult to configure because its architecture is old-Is not designed for big needs

We have chosen Dovecot as a server for receiving

10

Mail client

★ we have chosen Mozilla thunderbird

11

File transfer

➢ FTP is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet.

➢ FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.

12

Comparison between three FTP server

server FileZila Proftp pureFtpd Titan FTP Server

Os Multiplatform Linux Linux Windows

Free YES YES YES NO

FTPS YES YES YES YES

➢ We have chosen to use Filezila because itis multiplatform and moresecured than others.

13

Directory stores and organizes information about computer network's users and

network resources and allows network administrators to manage users' access to the resources.

14

Directory

Open source implementation of the Lightweight Directory Access Protocol.

Includes:tand-alone LDAP daemon (server)

User Authentication

User/System Groups

Address book

directory backups

User resource management

15

Monitoring:

ZabbixCentreonNagios

UDP port 161

UDP port 162

UDP port 161

Supervisor

Devices to superviseSNMP requests

SNMP responses

SNMP Traps

16

Monitoring: notification:

Zabbix : use mail and /or sms notification

Centreon : notifiying by email address

Nagios : use mail notification for exemple with installing a postfix mail server

17

Monitoring: notification (centreon)

SQL database solution

A database is an organized collection of data. The data are typically organized to model relevant aspects of reality in a way that supports processes requiring this information.

In our project we have to find a solution to organize data. So, we choose to compare between two solutions

SQL database solution

Criterion of comparison MYSQL Postgres

Processing speed MySQL query cache can speed up queries for reads the most common tables.

Don’t have this specificity

Security Replication function more advanced than PostgreSQ

Replication function has recently become available

Language support has more API with programming languages and is supported by a large number of programs

is not best suited for web application than MYSQL .

we chosen Mysql

20

ORASCOM file serving Consolidate user data

Deploy unified storage appliance

Enable heterogeneous file sharing

Benefits: Simplified management Improved server

utilization Faster more reliable

backup Enhanced availability

Centralize backup

Cluster for higher availability

Add disks as needed

21

Network

MPLSIPV6

IPV4

22

IPv4/IPv6

Services: all the services of our project have to be accessible using IPv6 technology.Backbone :Both of IPV4 and IPV6 should be supported

23

Network architecture

IPV6

IPV4

24

Backbone

X-25

packet-switching wide area network provides a reliable and safe data transfer makes Flow control and error recovery

Frame Relay

provides Higher Data Rate with Lower Cost. Eliminate the procedure of error recovery enables frame relay to operate at speeds 20 times greater than X.25.

ATM

based on transfering data in cells or packets of a fixed size.The delay or latency is significantly reduced.ATM is therefore suited for voice and video transmission.

It is slow

not enough speed compared to nowadays demand

it's expensive

MPLS

25

It's based on Label Switching which make it rapid

switching(no access to routing tables, no need to IP

address to route packets).

It integrates voice, video and data services: MPLS's

traffic management capabilities enable this.

The performance characteristics of layer 2 networks

The connectivity and network services of layer 3

networks

Improves the price/performance of network layer routing

Improves scalability

Improves the possibilities for traffic engineering

Supports the delivery of services with QoS guarantees

Avoids need for coordination of IP and ATM address

allocation and routing information

Advantages :MPLS

26

solution

VPN

To transfer data from site to site, the flow

pass through the IP/MPLS cloud and the

WAN .the security is only assured in

IP/MPLS cloud so we need to use a VPN

over the WAN to be able to secure the

transfer of data along the whole

distance .

Data Storage

27

Local network services

Dynamic IP allocations

•DHCP: provided by each site

Domaine Name

resolution

•DNS:provided by each site•Bind

28

Network access management

29

Security technology

FirewallsIDS

VPN

30

IDS : Means IDS Intrusion Detection System. It is a device to monitor the activity of a network or a single host to

detect intrusion attempts and possibly react to this attempt

SNORT: Network intrusion prevention system (NIPS)Network intrusion detection system (NIDS)

OSSEC : Host intrusion detection system (HIDS)

We choose Snort, as IDS engine because it is scalable, flexible in deployment and snort can monitor multiple machines from one physical and logical location.

31

Virtual private network : A virtual private network (VPN), using encryption and other secure methods , enables a computer to send

and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network.

PPTP : Point-to-point tunneling protocol:

L2TP/IPSec: Internet Protocol Security

OpenVPN

Due to this comparison we have chosen to use OpenVPN .

32

Firewall: To protect the network from unauthorized access and to allow legal communications between different sites we choose to work with firewalls technology because a good firewall will inspect internet traffic, following rules for what traffic is allowed and what is not.

Smoothwall: It’s not deployed as a VPN end point

Pfsense:It can be configured and upgraded through a web-based interface

We have chosen PfSense because it supports a large number of packages that expand its basic implementation, it contains real time graphing and it is easy adaptable to own services checks.

33

Intrusion detection System

34

Intrusion detection System

35

Intrusion detection System IDS SNORT OSSEC

Type Network intrusion prevention system (NIPS)Network intrusion detection system (NIDS)

Host intrusion detection system (HIDS)

Os Cross-platform Cross-platform

licence GNU general public licence GNU GPL v3

We choose Snort, as IDS engine because it is scalable, flexible in deployment

and snort can monitor multiple machines from one physical and logical location.

36

BackupWe could face different dangerous events that will probably cause

the loss of data, that’s why we need to provide our network with a backup.

37

Backup- We have differents softwares for making backup between them -Bacula - Amanda Both use backup to disk, DVD with SQL Catalog.

We have chosen Amanda because of it ‘s certified Security

38

Backup over frame-relay

MPLS

Frame Relay

-We can do the backup in different way using ISDN…-According to the technical paper we choose to make the backup over frame relay

39

Voice Communication

➢ VoIP is a technology that allows you to make voice calls using a broadband Internet connection instead of a regular phone line.

➢ Some VoIP services may only allow you to call other people using the same service, but others may allow you to call anyone who has a telephone number - including local, long distance, mobile, and international numbers

40

Comparison between three Platforms

VOCAL Asterisk Yateprotocols H.323 SIP MGCP H.323 SIP IAX

MGCP SCCPH.323 SIP IAX MGCP

scalability yes yes yesextensibility yes yes yesadministration through GUI through GUI and

LCthrough GUI

Qos yes yes novoice mail yes yes yesconference yes yes yesGateway VoIP/PSTN

no yes yes

➢ We have chosen to use Asterisk

41

Voice Communication➢ Data Networks must be robust enough to support the additional

Voice and possibly Video Traffic● Remember → if the Data Network is down, you can’t make phone calls

➢ Network Architecture needs to address● Quality of Service● Security● Redundancy● Availability

42

Voice Communication Security ➢ Firewalls should be deployed where Voice and Data Networks meet● Prevent Data Network Attacks from affecting Voice

➢ Users should be authenticated to gain access to the network● Authenticate Users● Assign Policies● Assign Users to VLANs based on Identity

43

conclusionIn this chapter we have studied all the technologies

needed, this will help us determine which technologies are most fitted to our IP and then choose the best one to deploy.

44

Thank you for your attention