Server Build – INFAPPTST01.AUCKLAND.AC.NZ

Server build document

INFAPPTST01

InfoEd Test Application Server

Document History

Author / Group / Version / Date / Comments
Brad Inch / ESG / 0.1 / 26/03/2009 / Initial document.

Table of Contents

Server build document i

INFAPPTST01 i

InfoEd Test Application Server i

1 Introduction 1

2 System Hardware Specifications 2

3 System Software Specifications 3

4 Applications 6

5 Sign-off Sheet 8

1  Introduction

1.1  Purpose of this Document

This document outlines the steps taken to build a server. The document should be kept with any other relevant support documentation for this server.

1.2  Scope of this Document

·  The scope of this document is restricted to the server

INFAPPTST01.AUCKLAND.AC.NZ.

1.3  High level build tasks

Create VM / Configure VM

Install Operating System

Configure Operating System

Install VMware Tools

Network

Firewall

Domain

WSUS

Install Antivirus

Patch Operating System

Create user / group accounts

Install InfoEd required applications / services

Patch Operating System

Run Security Scan

2  System Hardware Specifications

2.1  Hardware

The University of Auckland use VMware ESX3 for physical server hardware virtualisation. Unless there is a stated need for a physical platform servers are virtualised.

2.1.1 VMware

VMware ESX is not a new concept to the University. It has been trialled in several high profile installations at the University, most notably in the Exchange and CMS projects. The University VMware host servers are reliable, scalable and fault tolerant.

2.1.2 VMware Guest Configuration

VMware virtual machines can be allocated specific amounts of resource from the host server – in fact, the sizing of these virtual machines can literally be changed at anytime (requires a reboot).

Infapptst01 – NDC VM Data centre – Prod_NDC3i Resource Pool

2x Virtual CPUs / 4GB RAM

1x Floppy Disk drive

1x CD/DVD drive

1x Network adapter (NDC 248 Subnet)

1x LSI Logic SCSI HD Controller utilising SAN connected storage

2x Hard Disk drives (VMDK files on separate SAN VDisks)

Disk Drive / Size / Format
C: (SYSTEM) – Operating System volume / 15GB / NTFS
D: (DATA) – Application binaries and data volume / 30GB / NTFS

3  System Software Specifications

3.1  Operating System

The server has been built with a Windows Server 2003, Standard Edition, Volume License media with SP2 integrated.

3.1.1 Configuration

The following manual configuration changes have been made to the file system, registry, system files or access control lists.

  • File and Print Service removed
  • Windows Updates configured for UoA WSUS
  • File ACL for D:\ORACLE\PRODUCT\10.2.0\CLIENT_1
  • Added Local user IUSR_INFAPPTST01 with R/W/E rights
  • DEP configured as “ON for all programs and services”
  • DEP exclusion configured for “Nagios Client”
  • RDP enabled for Administrators / Remote Desktop Users groups
  • RDP configured with “Negotiate” security layer
  • RDP configured with “FIPS Compliant” encryption level
  • RDP configured to disable
  • Windows printer mapping
  • LPT port mapping
  • COM port mapping
  • Audio mapping
  • Initial program launch

3.1.2 Windows Updates

The Windows automatic updates service has been configured to use the UoA WSUS Server.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate]
"WUServer"="http://wsus.auckland.ac.nz"
"WUStatusServer"="http://wsus.auckland.ac.nz"
"TargetGroup"="Servers"
"TargetGroupEnabled"=dword:00000001
"ElevateNonAdmins"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate\AU]
"UseWUServer"=dword:00000001
"AUOptions"=dword:00000003
"AutoInstallMinorUpdates"=dword:00000000
"DetectionFrequency"=dword:00000005
"DetectionFrequencyEnabled"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"RebootRelaunchTimeout"=dword:0000001e
"RebootRelaunchTimeoutEnabled"=dword:00000001
"RebootWarningTimeout"=dword:0000000f
"RebootWarningTimeoutEnabled"=dword:00000001
"RescheduleWaitTime"=dword:0000001e
"RescheduleWaitTimeEnabled"=dword:00000001

All available Windows Updates from the WSUS server have been applied as at 2009-03-26.

3.1.3 Local Services

The following local services have been changed from their defaults

  • Alerter – disabled
  • Windows Time – disabled

3.1.4 System Software

The following system level applications have been installed.

  • Eset NOD32 Antivirus Business Edition v4.0.314.0
  • IBM Tivoli Storage Manager client v5.5.1
  • UoA Nagios Monitoring Agent v1.13.1

3.2  Network Overview

The server is configured with 1 Network Interface Card on the 130.216.248.0/24 subnet and has the local Windows firewall enabled.

It has been joined to the UoA.auckland.ac.nz domain and its computer object is located in the following OU:

UoA.auckland.ac.nz/UoA-SRV/UoA_RIMS/Research+ Servers

3.2.1 Network settings

Subnet / Location / Description
248 / NDC / NDC Front-end addresses

Primary NIC – vLAN248

o  IP Address : 130.216.248.26

o  Subnet Mask : 255.255.255.0

o  Gateway : 130.216.248.254

o  Primary DNS Suffix : auckland.ac.nz

o  DNS Server 1 : 130.216.190.1

o  DNS Server 2 : 130.216.191.1

o  WINS Server 1 : 130.216.191.10

o  WINS Server 2 : 130.216.191.11

3.2.2 Firewall settings

The server is configured with the Windows firewall turned on for the primary NIC (vLAN248) and has the following exceptions configured:

o  Allow RDP (TCP 3389) from ANY source

4  Applications

4.1  InfoEd Application

The Research+ system utilizes InfoEd’s core Enterprise Platform application. This platform provides the web-based portal and the basis for other InfoEd modules.

Additional modules provided by InfoEd may be introduced to the system in the future. See Schedule A – Product Specifications for information on modules.
User content is serviced by InfoEd application servers, which in turn feed content to viewers via IIS6.

4.2  Required 3rd Party Software

In addition to the InfoEd application and modules the application servers will also require the following software to be installed.

  • Microsoft Office 2003 Standard
  • Active PDF Toolkit v4.0 Standard

·  AutoTask2000 (Production environment only)

  • PK-Zip for Windows Standard
  • PL/SQL Developer
  • Filezilla FTP Client / Server

·  Adobe Acrobat Reader

·  Oracle 10g Client v10.2.0.2 and Oracle Provider for OLE DB v10.2.0.1

·  7-Zip File archive tool

Source files are available in D:\SOURCE

4.3  IIS6

A core service of the Windows 2003 operating system, IIS6 is both tried and tested within the University, and is well supported by Microsoft courtesy of regular patches.

IIS is installed with the following components:

Application Server Console

ASP.NET

Network COM+ access

Network DTC access

Internet Information Services Manager

World Wide Web Service

4.4  Authentication

In addition to the standard Windows users the following users exist on the server:

Username / Description / Admin
InfoEd / InfoEd Administration account / Yes
umcmorris / InfoEd IIS Service account / No

In addition to the standard Windows groups the following groups exist on the server:

Group name / Description
NONE

4.5  Security Scan

Disable Windows Firewall

Run Nessus Security Scan

Enable Windows Firewall

Attach Security Scan with build document

Completed date : 2009-03-26

Completed by : binc002

5  Sign-off Sheet

Approval – Systems Team Leader, Mark Finlay

______

Signature Date

Approval – Windows Team Leader, Anne Jackson

______

Signature Date

ITS ESG Windows 8 of 20