Section 1 Overview
Section 2 Network Architecture and System Configuration
I. Architecture
Star Ethernet structure and tcp/ip protocol are adopted.
Two. Topology Diagram (Attached)
Three. Network system configuration description
1.www server configuration
(1) hardware configuration: HP network server LC 3/p Ⅱ 400/4.2g * 3/125mram/14 "color display screen.
(2) Software configuration:
Choose to install a separate server when installing windows nt.
Install iis(internet Information Server) as an external www service provider.
Install emwac(ims mail service gateway) to make Internet mail service gateway.
Install dns service as a domain name server.
(3) Network configuration
Nt server: ip address: 202.96. 19. 178.
Subnet mask: 255.255.255.240
Gateway: 202.96. 19.5438+090
Host name: www
Domain: confucius.cn.net
Dns server search order: 202.96. 19. 178.
Domain suffix search order: confucius.cn.net
2. Database server configuration
(1) hardware configuration: HP web server e 45/p Ⅱ 266/3.2g/128m/14 "color display screen.
(2) Software configuration:
Choose to install a separate server when installing windows nt.
Install microsoft sqlserver as the database server.
(3) Network configuration:
Nt server: ip address: 202.96. 19. 188.
Subnet mask: 255.255.255.240
Gateway: 202.96. 19.5438+090
Host name: sqlserver
Domain: confucius.cn.net
Dns server search order: 202.96. 19. 178.
Domain suffix search order: confucius.cn.net
3. Configuration of 3.PDC main domain control channel
(1) Hardware configuration: IBM/Intel166m/4.2g/128m/14 "color display.
(2) Software configuration:
Select to install the primary domain controller when installing windows nt.
After installing iis (Internet Information Server),
Install microsoft proxy as a proxy server.
Install microsoft mail as an internal post office server.
Internal post office location: c:\mailgrp\wgpo0000
(3) Network configuration:
Nt main domain controller: ip address: 202.96. 19.438+080.
Subnet mask: 255.255.255.240
Proxy server: ip address: 192.5438+068.438+0.2.
Subnet mask: 255.255.255.0
Gateway: 202.96. 19.5438+090
`Hostname: pdc
Domain: confucius.cn.net
Dns server search order: 202.96. 19. 178.
Domain suffix search order: confucius.cn.net
4. Configuration of 4.BDC backup domain controller
(1) hardware configuration: Star/ Celeron 266/3.2g/32m/ 14 "color display.
(2) Software configuration:
Select to install the backup domain controller when installing windows nt.
Install the wins service as a wins server.
(3) Network configuration:
Nt backup domain controller: ip address: 202.96. 19.5438+05438+0.
Subnet mask: 255.255.255.240
Gateway: 202.96. 19.5438+090
Host name: bdc
Domain: confucius.cn.net
Dns server search order: 202.96. 19. 178.
Domain suffix search order: confucius.cn.net
5.TRS server
(1) Hardware configuration: HP network server LH plus Intel 166/256m RAM.
(2) Software configuration:
Choose to install a separate server when installing windows nt.
Install trs server.
(3) Network configuration:
Ip address: 202.96. 19. 179.
Subnet mask: 255.255.255.240
Gateway: 202.96. 19.5438+090
Host name: pro
Domain: confucius.cn.net
Dns server search order: 202.96. 19. 178.
Domain suffix search order: confucius.cn.net
6. Cisco 250 1 Router Configuration
Internal ip address: 202.96. 19. 190. Subnet mask: 255.255.255.240
External ip address: 202.99.35.46. Subnet mask: 255.255.255.252
7. Client configuration
The ip address of intranet client adopts private address.
Address range:192.168.1.3-192.168.1.254,
Subnet mask: 255.255.255.0
Gateway: 192. 168.438+0.2.
Host name: the name of each department, such as: Electronic Department 0 1.
Section 3 Network System Integration
I. dns system configuration
Configuration description:
1) first, make sure that the dns service is installed in hp netserver lc 3. If it is not installed, click the network icon in the control panel, and then select the service page to install it.
2) Select Management Tools under Programs in the Start menu, select dns Manager, and enter dns Domain Name Service Manager.
Click dns and select a new server. The Add dns Server dialog box appears; Type the dns server ip address:
202.96. 19. 178, click ok, and 202.96. 19. 178 will appear in the server list. As shown in figure 1.
Figure 1
3) Create the reverse area: double-click the left mouse button on 202.96. 19. 178 to display the cache. Right-click 202.96. 19. 178, and select New Area in the pop-up menu, and 202.96. 19. 178 New will appear.
In the area window, select the main type in the area type, click Next to open the area information box, and then click the area file name.
Add 19.96.202.in-addr.arpa in the box, and click on the automatic generation of regional file box 19.96.202.in-
Addr.arpa.dns zone file name. Click Next to finish creating the new zone. As shown in figures 2 and 3.
Figure 2
Figure 3
4) As in the third step, create a forward area confucius.cn.net.
5) Create a host record: right-click confucius.cn.net and select New Host in the pop-up menu, and a new host dialog box will appear, prompting you to enter a new host name for confucius.cn.net, enter www in the host name box, enter 202.96. 19. 178 in the host ip address box, and select to create an associated ptr record. Click OK to finish creating the host record. As shown in figure 4.
Figure 4
6) Create an alias record ftp: right-click confucius.cn.net and select New Record in the pop-up menu to open the New Resource Record window. Select the record type cname record, enter ftp in the alias box, enter www.confucius.cn.net in the dns name box of the host, and the ttl value is the default value. Click OK to complete the creation of the alias record. As shown in fig. 5.
Figure 5
7) Create the alias record gopher as in step 7.
8) Create mx record: right-click confucius.cn.net and a new record will appear in the pop-up menu. Select the record type mx record, enter www in the host name box, enter 202.96. 19. 178 in the dns name of the mail exchange server, and enter 1 in the preferred number box. Click OK to complete the creation of mx records. As shown in fig. 6
Figure 6
9) dns domain name system configuration is completed.
Second, the www system configuration
Install iis (Internet Information Server) on the hp netserver lc 3 machine.
After the installation is completed, set the root directory for storing external web pages and map the virtual directory.
Third, the proxy server system configuration
1. Installation:
1) is installed on the server with the host name pdc.
Add the ip address192.168.1.2 and the sub-mask 255.255.0 to the ip of the pdc server.
In the address list.
2) Start the installation by running setup.exe on the CD from the Start menu. The installation wizard prompts you to set the buffer space of the proxy server, enter 230, and then click Settings. Click OK. As shown in fig. 7.
Figure 7
2) The installation wizard prompts you to enter the ip address range of the internal subnet:192.168.1.3–192.1.254. By default, click Next to finish. As shown in fig. 8.
Figure 8
deploy
1) After the installation is completed, select internet service under microsoft proxy server from the program menu.
Manager, add winsock and web proxy services in the internet Service Manager window.
2) Double-click the web proxy to open the web proxy service properties window of the proxy, and select.
Permission page, select Enable Access Control, and select ftp read, gopher and www respectively.
Protocol, add a guest group in the authorized access box. Click ok to return to the internet service.
Manager window, complete the configuration. As shown in fig. 9.
Figure 9
Fourth, the configuration of the router.
1. Configuration
Router login password:
Router privilege enable password:
Router LAN port (Ethernet 0): 202.96. 19. 190 subnet mask 255.255.240.
Router WAN port (serial 0):202.99.35.46 subnet mask 255.255.255.252.
The protocol currently used by the router: rip protocol (that is, dynamic protocol).
Current route: static route (0.0.0.0 202.99.35.46)+dynamic route.
2. Access rule 1: access list 1.
Access rule 1 content:
202.96.19.177 0.0.0 allowed.
202.96.19.178 0.0.0 allowed.
202.96.19.179 0.0.0 allowed.
Allow 202.96.19.1800.0.0.
Allow 202.96.19.1810.0.0.
Allow 202.96.19.182 0.0.0.
202.96.19.183 0.0.0 allowed.
Allow 202.96.19.184 0.0.0.
main body
R> allows 202.96.19.1850.0.0.
Allow 202.96.19.186 0.0.0.
202.96.19.187 0.0.0 allowed.
202.96.19.187 0.0.0 allowed.
Allow 202.96.19.189 0.0.0.
Access rule 1 for port: Ethernet 0; ; Direction: in
Five, internal and external post office system configuration
1. Internal post office system configuration
Establish a working group post office:
1) Double-click microsoft mail Post Office in Control Panel to display microsoft Workgroup Post Office.
The administrator installs the wizard, selects the option to create a new workgroup post office, and then clicks Next.
2)windows nt prompts you to enter the post office location, enter a name or select Browse to enter a folder (required).
You must select an existing folder). As shown in figure 10. Click Next.
Figure 10
3) The wizard prompts to verify that the path you entered is correct. Click Next.
4) The wizard will prompt you to enter the Administrator Account Details dialog box. You must fill in your name and email address. such as
As shown in figure 1 1.
Figure 1 1
5) Click Finish to complete the post office of the working group.
Manage the post office:
After creating an administrator account, you can start adding, deleting and modifying users' email accounts.
1) In the Control Panel, double-click microsoft mail Post Office, select Manage Existing Workgroup Post Office, and then select Next.
2) Enter your workgroup post office path, and then select Next.
3) windows nt prompts you to enter the account name and password of the administrator account. Enter the e-mail name and password, and then select Next.
4) The system displays the postmaster dialog box. You can now add, delete, modify and view the user's.
Mail account.
2. Configuration of external post office system
Installation:
Install emwac(ims mail service) on ibm as a mail service to send and receive.
E-mail on the Internet.
You need to be a system administrator or a system administrator before starting to install this mail server.
Log on to your windows nt system as a member of a member group.
Emwac mail server publishing file consists of the following files:
Smtpds.exe SMTP sending agent
Smtprs.exe SMTP receiving service
Pop3s.exe POP3 server service
Ims.cpl is used to configure the control panel applet of Ims.
Imscmn.dll contains a dll of common code suitable for various ims services.
Copyright information about ims software
Introduction of new functions of read.me, how to get support, etc.
Copy these files to the %systemroot%\system32 directory, and type the following name in the directory.
Order:
Smtprs-–installing
Smtpds- installing
Pop3s- install
After installing the above three programs, you can see the following three emails in the service application of the control panel.
Services:
Emwac pop3 server
Emwac smtp delivery proxy
Emwac smtp receiver
Set these three services to start immediately after the machine starts, and start these three services.
Configuration:
1) Double-click the mail server configurator in the control panel to configure it. Select a directory page.
This page includes all kinds of directories used by ims. The mailbox directory is the directory where users receive and store e-mail. Please fill in c:\users\mail\%username% here, so that all users' emails will be stored in the c:\users\mail directory. Default settings for other options. such as
As shown in figure 12.
Figure 12
2) Select the Miscellaneous page and add the domain name "confucius.cn.net" in the "Accept Mail" box. As shown in figure 13.
Figure 13
3) Create the mailusers group in the domain user manager.
4) Click menu item rules, and then click User Permissions. When the User Privileges dialog box appears, click the Show Advanced User Privileges check box to display the Log on as a batch job advanced user privilege in the drop-down list. Add the mailusers group to the Authorized Users box, and then click OK to complete the authorization. As shown in figure 14.
Figure 14
5) Log in to the local machine and set up a local account.
6) Add user accounts that can send and receive emails to the email user group.
In this way, users in the mailusers group will be able to send and receive e-mail using emwac ims.
Six, the installation and setting of the post office inside and outside the client
1. Installation and configuration
1) Double-click Add/Remove Programs in Control Panel to open the Add/Remove Program Properties window.
2) Select the windows nt installer page, and after selecting windows messaging in the component list,
Click the details button, make sure that internet mail and microsoft mail are selected, click OK,
Return to the Add/Remove Program Properties window and click OK to start the installation. As shown in figure 15.
Figure 15
3) After the installation is completed, double-click the inbox on the desktop, and the installation configuration wizard will appear, prompting you to choose microsoft mail and internet mail services. Select two services, and then click Next.
4) The wizard prompts you to enter the workgroup post office folder. After browsing for selection or input, click Next.
5) The wizard prompts you to select a user name in the post office of this workgroup, and then click Next. As shown in figure 16.
Figure 16
6) The wizard prompts for password verification. After the password is verified, click Next to complete the work of the internal working group.
Settings about the currently logged-in user. As shown in figure 17.
Figure 17
Next, set the external post office settings of the currently logged-in user.
7) In this step, the wizard prompts you to choose the method of connecting to the internet server, and choose through the local area network.
Connect and click Next.
8) The wizard prompts you to specify the ip address of the Internet mail server and enter the Internet mail.
The ip address of the server is 202.96. 19. 178. Click Next. As shown in figure 18.
Figure 18
9) The wizard prompts you to choose the mode of mail transmission, including offline and automatic. Select Automatic and click.
One step away.
10) The wizard prompts you to type your email address in the form of user@domain, enter your email address, and then click Next. As shown in figure 19.
Figure 19
1 1) The wizard prompts you to type the e-mail account and password of the internet mail server, enter the e-mail account and password, and then click Next. As shown in figure 20.
Figure 20
12) The wizard prompts you to enter the path of your personal address book, default or enter, and then click Next.
13) The wizard prompts you to enter the path of the personal folder, default or enter, and then click Next. As shown in figure 2 1
As shown in the figure.
Figure 2 1
14) The wizard prompts that the installation is successful. You can use the following information services of windows messaging.
Internet mail
Microsoft mail
Personal address book (personal address book)
Personal folder
At this point, the client Internet mail (external post office) and Microsoft mail (internal post office) are
Installation and setup completed.
Section 4 Specification for Description and Naming of ip Address Resources in LAN
1. Static ip address range and subnet mask of books and newspapers data center.
Static ip address range: 202.96.19.176-202.96.19.6438+0.
Submask: 255.255.255.240
Second, the private ip address range and subnet mask of the existing intranet.
Private ip address range:192.168.1.2-192.168.6438+0.254.
Submask: 255.255.255.0
Third, the local area network naming specification
The Nt network adopts single main domain mode, and the nt domain name is Electronic Department.
Nt domain user account: each center leader opens a user account.
The head of each department opens a user account.
Each department opens a user account. Such as the electronics department.
Www local user account: that is, inernet e-mail account, and the establishment rules are the same as nt domain user account.
Nt domain global user group: public public user group: leaders of centers, department heads and departments.
User accounts join this user group.
Www local user group: mailusers external post office user group: add www local user group to this group.
Internal post office account: the establishment rules are the same as those of external post office account.
Microsoft email address: such as electronic department.
Internet email address: such as xxx@confucius.cn.net.
Fourthly, the client logs on to the network interface, as shown in Figure 22.
Figure 22
Section 5 Security Policy
A, the local office management system security settings
1. Server side:
1), and establish a public group on the control center domain.
Add logged-in users from all departments to this group.
2) On the host whose host name is sqlserver, use the resource manager to set the access rights to the rdsbdata directory.
Request special access permission. As shown in fig. 23.
Figure 23
2. Customer:
1), and verify the login password when booting the domain electronic department.
2) When the client logs into each system, it will prompt for the password to ensure the safe operation of each subsystem. This is forbidden.
Illegal user login.
Step 3: Firewall
(1) special firewall software
The purpose of firewall is to isolate the internal network environment of the unit from the external network communication, and set a firewall in the middle.
Tao is a "city wall" to resist foreign invasion. Information sent and retrieved on the Internet must pass through this firewall.
Server.
(2) Proxy server
Install microsoft proxy service on pdc. Proxy intranet privacy
Have an ip address. The proxy acts as a firewall. Separate the internal subnet from the external network.
Section VI Conclusion