Lomba Kompetensi Siswa Sekolah Menengah Kejuruan Tingkat Provinsi Jawa Barat TAHUN 2022

Download as pdf or txt
Download as pdf or txt
You are on page 1of 8

LOMBA KOMPETENSI SISWA

SEKOLAH MENENGAH KEJURUAN


TINGKAT PROVINSI JAWA BARAT
TAHUN 2022

BIDANG LOMBA
TEKNOLOGI INFORMASI SISTEM ADMINISTRASI JARINGAN
IT NETWORK SYSTEMS ADMINISTRATION
DESCRIPTION OF PROJECT

A small startup company’s production environment contains numerous services within


multiple Operating Systems. We will ask you to install, configure, and integrate the
different services. You will have two work days to complete two different sets of tasks.
Each set of tasks is to be completed within one work day. For the second work day, you
will continue the work of another engineer, who should have fully configured systems
according to the day one set of tasks. You may check, change, or update the existing
systems, but we will only score the tasks you’re supposed to do on the second work day.
EDGE ZONE

NAT and Routing


▪ Enable port NAT to all private addresses in majapahit.id so that every device
can connect to public subnets.

DHCP
▪ Access FW and install any dhcp server. Configure to serve DHCP in majapahit.id.
o Network: 172.16.0.0/20
o Available Addresses: 172.16.0.1 - 172.16.14.253
o Gateway: 172.16.15.254
▪ Create static lease for srv1 and srv2. Configure those servers to use DHCP.

Load Balancer
▪ Access FW and install haproxy. Configure it to loadbalance web requests.
o Use /etc/haproxy/haproxy.cfg configuration file.
o Do not change default configuration values.
▪ Load Balance www.majapahit.id with round robin algorithm. Name the backend
sabang_www.
▪ Load Balance 100 user websites with source ip algorithm. Name the backend
sabang_user
o user001.public.majapahit.id
o user002.public.majapahit.id
o user003.public.majapahit.id
o …
o user099.public.majapahit.id
o user100.public.majapahit.id

Email Services
▪ Install any mail service and configure a sending-only mail server in
fw.majapahit.id
o Secure SMTP Port 465
o Enable PAM Authentication
▪ Make sure all local users are able to authenticate
o Use the self-signed certificate from CA for this task.

CA
▪ Configure as CA using
o Configure as CA using OpenSSL
▪ Private key should have minimal permission
o CA attributes should be set as follows:
▪ Country code is set to ID
▪ Organization is set to Jabar
▪ The common name is set to “Jabar CA”
o Create a root CA certificate.
o All certificates required in the test project should be published by CA.
INTERNAL ZONE

Basic Configuration
▪ Configure IP Address of all Linux devices according to the addressing table.
○ Create SSH user ‘patah’ with password specified in the appendix.
○ Enable SSH access from any devices.
○ Configure authentication using Active Directory users.

Sabang DNS
▪ Access srv1 and srv2 and install bind9. Configure it to serve domain majapahit.id
using the private addresses.
▪ Create A records of srv1.majapahit.id, srv2.majapahit.id, and fw.majapahit.id that
points to their respective addresses.
▪ Create NS records:
o ns1.majapahit.id that points to address of srv1.majapahit.id
o ns2.majapahit.id that points to address of srv2.majapahit.id
▪ On both name servers, create the following subdomains using address record:
o www.majapahit.id that points to all addresses of fw.majapahit.id
o 100 user subdomain that points to all addresses of fw.majapahit.id.:
▪ user001.public.majapahit.id
▪ user002.public.majapahit.id
▪ user003.public.majapahit.id
▪ …
▪ user099.public.majapahit.id
▪ user100.public.majapahit.id
Sabang Web Hosting
▪ Access srv1 and srv2 and install apache2. Configure it to serve all websites in
majapahit.id.
o Install curl to test the web service.
▪ Create /var/www/index.html default page with content specified in Appendix.
▪ Create /var/www/userXXX/index.html default page for 100 users with content
specified in Appendix. Example:
o /var/www/user001/index.html
o /var/www/user002/index.html
o /var/www/user003/index.html
o …
o /var/www/user099/index.html
o /var/www/user100/index.html
▪ Create virtual host www.majapahit.id serving /var/www/index.html
▪ Create 100 virtual hosts userXXX.public.majapahit.id serving
/var/www/userXXX/index.html . Example:
o user001.public.majapahit.id serving /var/www/user001/index.html
o user002.public.majapahit.id serving /var/www/user002/index.html
o user003.public.majapahit.id serving /var/www/user003/index.html
o …
o user099.public.majapahit.id serving /var/www/user099/index.html
o user100.public.majapahit.id serving /var/www/user100/index.html

HTTPS Access
▪ Use CA from FW to generate self-signed certificates required for this task.
▪ Enable HTTPS in the load balancer serving www.majapahit.id.
▪ Enable HTTPS in the web server serving user websites.
o Configure load balancer to forward traffic non-terminated HTTPS. Load
balancer will not handle HTTPS, HTTPS is handled by the backend web
server.
o Only enable to the first 5 and last 5 users :
▪ user001.public.majapahit.id
▪ user002.public.majapahit.id
▪ user003.public.majapahit.id
▪ user004.public.majapahit.id
▪ user005.public.majapahit.id
▪ user096.public.majapahit.id
▪ user097.public.majapahit.id
▪ user098.public.majapahit.id
▪ user099.public.majapahit.id
▪ user100.public.majapahit.id
Sabang Failover
▪ Access srv1 and srv2 and install keepalived. Configure it to serve as a failover
when one of the servers is down.
o Set srv2 as backup.
o Use virtual IP 172.16.1.205
o Use VRRP ID 205
o When the network interface of the active server is down, move the virtual
IP to the standby server.

Sabang iSCSI
▪ Access srv1 and srv2 and install tgt. Configure it to serve iSCSI target in
majapahit.id.
o Use device /dev/sdb, /dev/sdc, /dev/sdd, /dev/sde, /dev/sdf, /dev/sdg,
/dev/sdh, /dev/sdi, /dev/sdj, /dev/sdk
o A total of 20 disks will become iSCSI targets
▪ Access fw.majapahit.id and install open-iscsi. Configure it to connect to iSCSI
target in srv1 and srv2.
o Don’t create any filesystem on the disk.
o Make sure both disks from srv1 and srv2 are available on fw.majapahit.id.

Folder Backup
▪ Backup all users virtual host folder in srv1 and srv2
o Backup all 100 users folder.
▪ /var/www/user001/
▪ /var/www/user002/
▪ /var/www/user003/
▪ …
▪ /var/www/user099/
▪ /var/www/user100/
o Mount the remote backup folder locally at /backup.
▪ For server srv1, place backup content in directory /backup/srv1/
▪ For server srv2, place backup content in directory /backup/srv2/
o Schedule backup every 1 hour using cron as root user. It is okay to
overwrite previous backups.
APPENDIX
Users and Passwords
Username Password Remark

patah KesultananDemak2021 New User

user Skills39 Debian only

root Skills39 Debian only

competitor Skills39 Windows 10 only

End Devices Addressing Table


Device Name IP Address CIDR Network

srv1 172.16.1.201/20 majapahit.id

srv2 172.16.1.202/20 majapahit.id

fw 172.16.15.254/20 majapahit.id

172.10.254.254/19 public.net

client 172.10.245.245/19 public.net

/var/www/index.html
<h1> Default Page </h1><br>
<br>
This page has not been modified by the owners.

/var/www/userXXX/index.html [Replace XXX in the folder name and file content with
user number, for example /var/www/user009/index.html]
<h1> Default Page for userXXX </h1><br>
<br>
This page has not been modified by the user.
TOPOLOGY

You might also like