Networking between Computing Systems:

Identities of Systems on Network:

> Hostname -> Unique Identity of OS

ctrls-dc-01
ctrls-dns-02
ctrls-mx-03
ctrls-dhcp-04
ctrls-pc-01

> MAC Address: Media Access Controller; Unique identity of NIC assigned by manufacturer of NIC

Ex:
d0-23-bc-8c-f8-6a
d0:23:bc:8c:f8:6a
d023bc8cf86a

Range of Characters: 0 to 9 (numerics)

a to f (alpha)

Bit-Wise length or size of MAC Address: 48 bits

MAC Address is not case-sensitive

> IP Address: Internet Protocol Address

Unique Logical Address assigned to the NIC either by DHCP Server or Admin

IPv4 (more than 4.2 billion unique IPv4 Addresses)

IPv6 (340 trillion trillion trillion unique IPv6 Addresses)

100.10.10.202
192.9.7.102
190.150.28.16
168.150.31.12
190.160.40.13
159.160.13.7
198.152.130.19
150.150.150.150
8.8.8.8
123.88.77.66
1.1.1.2
254.254.254.254 (invalid; but in range)

Basic rule for communication between systems:

Systems should be Physically in same network -> connected (wired or wireless)
Systems should be Logically in same network -> ip range is same
 IPv4: 32-bit dotted decimal address

0 0 0 0
to to to to -> Full Range of IPv4 = more than 4.2 billion
255 255 255 255 Full Range cannot be assigned
___.___.___.___
256x256x256x256 = 2^32 => 429,49,67,296
2^8x2^8x2^8x2^8

00000000 = 0
....
11111111 = 255

2^8 = 256 = 0 to 255

0.0.0.0
0.0.0.1
.....
0.0.0.255
0.0.1.0
0.0.1.1
......
0.0.1.255
0.0.2.0
...
...
...
0.0.255.255
0.1.0.0
....
....
....
0.2.255.255
...
...
...
0.255.255.255
1.0.0.0
....
....
2.0.0.0
....
....
255.255.255.255
Valid Range of IPv4 Addresses:

1 0 0 0
to to to to -> Valid Range of IPv4 = more than 3.7 billion
223 255 255 255
___.___.___.___
223x256x256x256 => 374,13,19,168

--------------------------------------------
0 not valid at all
1 to 255 => 5 Classes
1 to 223 => Class A, B, C => Valid & Assignable
224 to 255 => Class D, E
=> Class D & E are not valid to assign; Used in MultiCast Communications
--------------------------------------------

Class A: From 1.0.0.0

.....
126.255.255.255
127.0.0.0
..... -> Loopback Range of IPv4
To 127.255.255.255

Default Subnet Mask: NW ID: 8 Host ID: 24

255.0.0.0
/8

1.4.52.64
255.0.0.0

10.10.10.203/8

125.255.255.201/8

Class B: From 128.0.0.0

.....
To 191.255.255.255

Default Subnet Mask: NW ID: 16 Host ID: 16

255.255.0.0
/16

140.24.11.251
255.255.0.0

172.160.13.199/16

180.1.1.11/16
Class C: From 192.0.0.0
.....
To 223.255.255.255

Default Subnet Mask: NW ID: 24 Host ID: 8

255.255.255.0
/24

192.168.0.1
255.255.255.0

200.200.200.200/24

220.1.1.151/24

Class D: From 224.0.0.0

To 239.255.255.255

Class E: From 240.0.0.0

To 255.255.255.255

Classes D & E are used for Multi-Cast Communications

Cannot be assigned to PCs and Servers for Unicast identity

Subnet Mask is the division of 32-bits IPv4 Address into two sections:
NW ID bits and Host ID bits

OS internal identity hostname: localhost

OS internal identity IPv4 Addr: 127.0.0.1 (IPv4 Loopback)
OS internal identity IPv6 Addr: ::1 (IPv6 Loopback)

IPv4 Address with subnet mask that matches its class default is called "Classful IP Address"
Ex:
16.21.11.141/8

IPv4 Address with subnet mask that does not match its class default is called "Classless IP Address"
Ex:
200.10.10.24/14

Note: Classful and Classless IP Address are valid

Finding Range of IPv4 Addresses using a sample IP Address:

Network Address: Very first IP Address in a given range of IP Addresses

Network Address cannot be assigned to any host

Broadcast Address: Very last IP Address in a given range of IP Addresses

Broadcast Address cannot be assigned to any host

Shrink Network Size -> by increasing NW ID Bits -> Subnetting

Expand Network Size -> by decreasing NW ID Bits -> Supernetting

DHCP Server: Dynamic Host-Configuration Protocol

DHCP Server is used for assigning IP Settings to requesting client NIC
that have setting of 'Obtain IP Address automatically'

DHCP Server assigns IP Address and related information to the requesting client NIC.

DHCP Service may be available in below mentioned sources:

> DHCP Server (configured in WinSrv or LinuxServer)
> Router (Wired or WiFi)
> Virtualization HyperVisor Software (VMWare, MS HyperV, Oracle VirtualBox, OVM, MS VMM, KVM...)
> Mobile HotSpot

Procedure by which Client System NIC requests & obtains IP Address from DHCP Server:
D -> Discover Packet broadcasted by NIC of Client System
O -> Offer Packet returned by DHCP Server to Client System
R -> Request Packet sent by Client System NIC to DHCP Server
A -> Acknowledgement Packet sent by DHCP Server to confirm assigned IP Address

DHCP Server Role Installation:

DHCP Scope:
* > Scope Name
* > Range of IP Addresses to be distributed
* > Subnet Mask
* > Lease Duration
> Exclusions & Delay
> Default Gateway (Router's IP Address)
> Domain Name for Network
> DNS Server IP
> WINS Server IP (Windows Information Name Server: Used for Name Resolution, with manual
creation of records)

* -> Mandatory Settings in the DHCP Scope

 IP Settings offered by DHCP Server to a Client NIC:
> Unique IP Address
> Subnet Mask
> Lease Duration (Obtained & Expires)
> Default Gateway (Router's IP Address)
> DNS Server IP
> Domain Name for Network
> WINS Server IP

APIPA (Automatic Private IP Address)

Assigned by the NIC to itself when it doesn't receive a valid IP Address from DHCP Service
169.254.x.y/16
Limited Connectivity

APIPA:
169.254.0.0
... -> APIPA (Automatic Private IP Address)
169.254.255.255 assigned to a NIC when it is setup for obtaining
IP Address automatically from a DHCP Service,
but no DHCP Service responded before 'timeout' period

DNS Service: Domain Name System: DNS Server is used for "Name Resolution"
DNS Server replies with the corresponding IP Address of a
Hostname/URL/FQDN/DomainName sent to it (Forward Lookup)
DNS Server replies with the corresponding Hostname/URL/FQDN/DomainName
of an IP Address sent to it (Reverse Lookup)

Forward Lookup: Hostname/URL/FQDN/DomainName to IP Address

Reverse Lookup: IP Address to
Hostname/URL/FQDN/DomainName

Different ways how DNS Records are updated:

> Client System notifies DNS Server if IP assigned manually
> DHCP Server notifies DNS Server if IP assigned to any Client System
> DNS Server updates DNS Records using its 'Dynamic Updates' feature

DNS Records:
A (Host) Hostname-IPv4
AAAA (Host) Hostname-IPv6
NS (Name Server -> DNS Servers)
SOA (Start Of Authority -> DC Servers)
MX (Mail Exchange Server)
CNAME (Alias -> Short name to identify long FQDN)
PTR (Pointer Records for "Reverse Lookup")
 Suppose 'xyz' Company has below list of IT Infra Computing Systems in the Network:
105 Servers (2 DC; 1 DNS; 2 Mail Servers; 100 Member Servers)
50 NW Printers
5,000 PCs

Number of DNS Records:

A (Host) 5,155
AAAA (Host) 5,155 (If IPv6 Addresses are used)
NS 3
SOA 2
MX 2
PTR 5,155 (If Reverse Lookup Zone is configured)

Data Protection using BitLocker Drive Encryption in Win10 PC:

BitLocker can be used to encrypt a Hard Disk Volume to protect data in case of
lost/stolen Disks from PCs or Servers

==============================================
Practice of the day:

** Practice:
> Numeric to Binary Conversion
> Binary to Numeric Conversion
> Slash Value to Subnet Mask Calculation
> Find IP Range & Total Count for an example IP Address
> Find IP Range & Total Count for an example IP Address with Slash Value other than 8, 16 or 24
> Find Network Address & Broadcast Address of a Range of IP Address

** Login to Win10 PC as 'localadmin':

> Run Tool -> "ncpa.cpl" -> Modify IP Settings of the NIC or Add Multiple IP Addresses to NIC
-> Assign different range of IPv4 Addresses from Class A, B or C
-> Try assigning invalid range of IPv4 Address and note down error displayed
-> Try assigning NW Address and Broadcast Address of an example and note down error displayed

** Create Service Account for administering DHCP Server:

> Login to DC Server as Domain Administrator: ctrls\administrator Ctrl@123
> Open Active Directory Users & Computers -> Any OU
> Create New User 'dhcpadmin' with Password: dhcp@123
-> Select 'dhcpadmin' User -> Properties
-> 'Member Of' tab -> 'Add' Button -> 'Domain Admins' -> Check Names -> OK -> OK
Note: 'dhcpadmin' user is now with elevated privileges
Similar Users can be created for other Member Servers in the Domain (dnsadmin, mailadmin...)
** Install and Configure DHCP Server:

** VMWare Workstation -> New VM:

-> New (for Windows Server 2016 for DHCP Server)
Name: WinSrv16-DHCP-02
Version: Windows Server 2016 Standard (Desktop Experience)
Memory: 2048 MB
Hard Disk File Size: 200 GB
-> Settings
Remove Floppy of 'autoinst.flp'
Choose a disk file -> WinSrv16.iso (from C:\ISOs)
Network Adapter: Attached to: 'Custom' -> VMNet8 (NAT)

-> Start (to boot the Virtual Machine)

> Install Windows Server 2016 -> Standard Edition (Desktop Experience with GUI)
> Partition Size -> 40960 MB

(After first restart)

> Assign Administrator Password: Admin@123

> Login as Administrator
> Initial Configuration
>> Server Manager -> Manage Menu -> Server Manager Properties
-> Tick "Do not start Server Manager automatically"

Dashboard -> Local Server

-> Enable 'Remote Desktop'
-> Modify Time Zone as per Region of Server
-> Modify Date and Time
-> Assign IP Address to the NW Adapter (ncpa.cpl)
-> Turn On Network Discovery (NW & Sharing -> Adv Sharing)
-> Change Hostname
-> Join to Domain: ctrls.com
Authenticate by Domain Administrator to Join Domain
[email protected] Ctrl@123

*** DHCP Server: IPv4: 40.40.40.16/8 (in range of your DC Server)

Hostname: ctrls-dhcp-02
Domain: ctrls.com (your new domain name)

** Login as 'dhcpadmin' in DHCP Server:

This User will have higher privileges to perform admin tasks in DHCP Server
** Configure DHCP Scope in DHCP Server:

-> Login to DHCP Server as 'dhcpadmin'

-> Server Manager -> Tools -> DHCP Tool
-> Expand Server Name -> Expand 'IPv4' -> Confirm 'IPv4' is showing 'Green'
-> Right-Click 'IPv4' -> 'New Scope' -> Give Scope Name 'CTRLS-LAN' -> Next
-> Give Start & End IP Address for DHCP Clients and Subnet Mask -> Next
-> Give any 'Exclusion Ranges' (not mandatory) -> Next
-> Give Lease Duration -> Next -> Configure DHCP Options -> Next
-> Give Router IP (Default Gateway) -> Next
-> Give Domain Name and DNS Server IPs -> Next
-> Keep WINS Servers empty -> Next
-> 'Activate DHCP Scope Now' -> Next -> Finish

-> Right-Click 'FQDN of DHCP Server' in DHCP Tool -> All Tasks -> Restart

-> Check & Explore 'Address Pool', 'Address Leases', 'Scope Options'

-> Right-Click 'IPv4' -> Refresh

** Go To Windows 10 PC -> Login as any Local Admin or Domain User with Admin Rights
-> ncpa.cpl -> Right-Click NW Adapter -> Disable
-> Right-Click NW Adapter -> Properties -> IPv4 Properties
-> 'Obtain an IP Address automatically' & 'Obtain DNS Server Address automatically'
-> OK -> Close
-> Right-Click NW Adapter -> Enable
-> Right-Click NW Adapter -> Status -> Details

-> Check if PC has received a dynamic IP Address from the new DHCP Server

** DHCP Reservations:

-> Go To Windows 10 PC -> Login as any Local Admin or Domain User with Admin Rights
-> ncpa.cpl -> Right-Click NW Adapter -> Status -> Details
-> Make a note of MAC Address from Details "Physical Address"

-> Go To DHCP Server -> Login as 'dhcpadmin' -> Server Manager -> Tools -> DHCP Tool
-> Expand Server Name -> Expand 'IPv4' -> Expand Scope
-> Right-Click 'Reservations' -> 'New Reservation'
-> Give Reservation Name, Reservation IPv4 Address from same range
-> Mention the MAC Address of the NIC Card of Win 10 PC -> OK

-> Go To Windows 10 PC -> Login as any Local Admin or Domain User with Admin Rights
-> ncpa.cpl -> Right-Click NW Adapter -> Disable -> Refresh -> Enable
-> Right-Click NW Adapter -> Status -> Details
-> Check if PC has received Reserved IP Address from the DHCP Server
** DHCP Scope Exclusions:

-> Go To DHCP Server -> Login as 'dhcpadmin' -> Server Manager -> Tools -> DHCP Tool
-> Expand Server Name -> Expand 'IPv4' -> Expand 'Scope'
-> Right-Click 'Address Pool' -> 'New Exclusion Range'
-> Give 'Start' and 'End' of an Exclusion Range of IP Addresses
that should not be distributed to client NICs

-> Go To Windows 10 PC -> Login as any Local Admin or Domain User with Admin Rights
-> ncpa.cpl -> Right-Click NW Adapter -> Disable -> Refresh -> Enable
-> Right-Click NW Adapter -> Status -> Details
-> Check if PC has received next available IP Address from the DHCP Server
and not from Exclusion Range

** DNS Server:
> Open Server Manager in DC Server -> Tools -> DNS
-> Expand DNS Server Hostname -> Forward Lookup Zones -> 'ctrls.com' Domain
-> Check 'DNS Records' created by DNS Server in the Domain
Host (A)
Start of Authority (SOA)
Name Server (NS)

** Login to Win10 PC as 'localadmin':

> Run Tool -> "ncpa.cpl" -> Modify IP Settings of the NIC or Add Multiple IP Addresses to NIC

> Refresh 'DNS' Tool page in DC Server

-> Check Host (A) Records updated for PC with modified IP Settings

*** Revise Topics of Networking:

> IP Address Settings
> DHCP
> DNS

** Data Protection using BitLocker Drive Encryption:

Encrypt Data in Disk Partitions in Windows OS:
> Login to Windows 10 PC as Domain User with Admin privileges
-> Control Panel -> System & Security -> BitLocker Drive Encryption
Note: For Windows Server 2016, Install 'BitLocker Drive Encryption' Feature

** To 'Turn On BitLocker' on any Drive of a Domain Joined PC:

> Login to Windows 10 PC as Domain User with Admin privileges
-> Control Panel -> System & Security -> BitLocker Drive Encryption
-> 'Turn On BitLocker' for any Drive

==============================================