Lomba Kompetensi Siswa Sekolah Menengah Kejuruan Tingkat Provinsi Jawa Barat TAHUN 2022
Lomba Kompetensi Siswa Sekolah Menengah Kejuruan Tingkat Provinsi Jawa Barat TAHUN 2022
Lomba Kompetensi Siswa Sekolah Menengah Kejuruan Tingkat Provinsi Jawa Barat TAHUN 2022
BIDANG LOMBA
TEKNOLOGI INFORMASI SISTEM ADMINISTRASI JARINGAN
IT NETWORK SYSTEMS ADMINISTRATION
DESCRIPTION OF PROJECT
DHCP
▪ Access FW and install any dhcp server. Configure to serve DHCP in majapahit.id.
o Network: 172.16.0.0/20
o Available Addresses: 172.16.0.1 - 172.16.14.253
o Gateway: 172.16.15.254
▪ Create static lease for srv1 and srv2. Configure those servers to use DHCP.
Load Balancer
▪ Access FW and install haproxy. Configure it to loadbalance web requests.
o Use /etc/haproxy/haproxy.cfg configuration file.
o Do not change default configuration values.
▪ Load Balance www.majapahit.id with round robin algorithm. Name the backend
sabang_www.
▪ Load Balance 100 user websites with source ip algorithm. Name the backend
sabang_user
o user001.public.majapahit.id
o user002.public.majapahit.id
o user003.public.majapahit.id
o …
o user099.public.majapahit.id
o user100.public.majapahit.id
Email Services
▪ Install any mail service and configure a sending-only mail server in
fw.majapahit.id
o Secure SMTP Port 465
o Enable PAM Authentication
▪ Make sure all local users are able to authenticate
o Use the self-signed certificate from CA for this task.
CA
▪ Configure as CA using
o Configure as CA using OpenSSL
▪ Private key should have minimal permission
o CA attributes should be set as follows:
▪ Country code is set to ID
▪ Organization is set to Jabar
▪ The common name is set to “Jabar CA”
o Create a root CA certificate.
o All certificates required in the test project should be published by CA.
INTERNAL ZONE
Basic Configuration
▪ Configure IP Address of all Linux devices according to the addressing table.
○ Create SSH user ‘patah’ with password specified in the appendix.
○ Enable SSH access from any devices.
○ Configure authentication using Active Directory users.
Sabang DNS
▪ Access srv1 and srv2 and install bind9. Configure it to serve domain majapahit.id
using the private addresses.
▪ Create A records of srv1.majapahit.id, srv2.majapahit.id, and fw.majapahit.id that
points to their respective addresses.
▪ Create NS records:
o ns1.majapahit.id that points to address of srv1.majapahit.id
o ns2.majapahit.id that points to address of srv2.majapahit.id
▪ On both name servers, create the following subdomains using address record:
o www.majapahit.id that points to all addresses of fw.majapahit.id
o 100 user subdomain that points to all addresses of fw.majapahit.id.:
▪ user001.public.majapahit.id
▪ user002.public.majapahit.id
▪ user003.public.majapahit.id
▪ …
▪ user099.public.majapahit.id
▪ user100.public.majapahit.id
Sabang Web Hosting
▪ Access srv1 and srv2 and install apache2. Configure it to serve all websites in
majapahit.id.
o Install curl to test the web service.
▪ Create /var/www/index.html default page with content specified in Appendix.
▪ Create /var/www/userXXX/index.html default page for 100 users with content
specified in Appendix. Example:
o /var/www/user001/index.html
o /var/www/user002/index.html
o /var/www/user003/index.html
o …
o /var/www/user099/index.html
o /var/www/user100/index.html
▪ Create virtual host www.majapahit.id serving /var/www/index.html
▪ Create 100 virtual hosts userXXX.public.majapahit.id serving
/var/www/userXXX/index.html . Example:
o user001.public.majapahit.id serving /var/www/user001/index.html
o user002.public.majapahit.id serving /var/www/user002/index.html
o user003.public.majapahit.id serving /var/www/user003/index.html
o …
o user099.public.majapahit.id serving /var/www/user099/index.html
o user100.public.majapahit.id serving /var/www/user100/index.html
HTTPS Access
▪ Use CA from FW to generate self-signed certificates required for this task.
▪ Enable HTTPS in the load balancer serving www.majapahit.id.
▪ Enable HTTPS in the web server serving user websites.
o Configure load balancer to forward traffic non-terminated HTTPS. Load
balancer will not handle HTTPS, HTTPS is handled by the backend web
server.
o Only enable to the first 5 and last 5 users :
▪ user001.public.majapahit.id
▪ user002.public.majapahit.id
▪ user003.public.majapahit.id
▪ user004.public.majapahit.id
▪ user005.public.majapahit.id
▪ user096.public.majapahit.id
▪ user097.public.majapahit.id
▪ user098.public.majapahit.id
▪ user099.public.majapahit.id
▪ user100.public.majapahit.id
Sabang Failover
▪ Access srv1 and srv2 and install keepalived. Configure it to serve as a failover
when one of the servers is down.
o Set srv2 as backup.
o Use virtual IP 172.16.1.205
o Use VRRP ID 205
o When the network interface of the active server is down, move the virtual
IP to the standby server.
Sabang iSCSI
▪ Access srv1 and srv2 and install tgt. Configure it to serve iSCSI target in
majapahit.id.
o Use device /dev/sdb, /dev/sdc, /dev/sdd, /dev/sde, /dev/sdf, /dev/sdg,
/dev/sdh, /dev/sdi, /dev/sdj, /dev/sdk
o A total of 20 disks will become iSCSI targets
▪ Access fw.majapahit.id and install open-iscsi. Configure it to connect to iSCSI
target in srv1 and srv2.
o Don’t create any filesystem on the disk.
o Make sure both disks from srv1 and srv2 are available on fw.majapahit.id.
Folder Backup
▪ Backup all users virtual host folder in srv1 and srv2
o Backup all 100 users folder.
▪ /var/www/user001/
▪ /var/www/user002/
▪ /var/www/user003/
▪ …
▪ /var/www/user099/
▪ /var/www/user100/
o Mount the remote backup folder locally at /backup.
▪ For server srv1, place backup content in directory /backup/srv1/
▪ For server srv2, place backup content in directory /backup/srv2/
o Schedule backup every 1 hour using cron as root user. It is okay to
overwrite previous backups.
APPENDIX
Users and Passwords
Username Password Remark
fw 172.16.15.254/20 majapahit.id
172.10.254.254/19 public.net
/var/www/index.html
<h1> Default Page </h1><br>
<br>
This page has not been modified by the owners.
/var/www/userXXX/index.html [Replace XXX in the folder name and file content with
user number, for example /var/www/user009/index.html]
<h1> Default Page for userXXX </h1><br>
<br>
This page has not been modified by the user.
TOPOLOGY