Hardware, Network and Security Requirements

This section will discuss the hardware, network and security requirements of the Online Tech-support Information Service.

OTIS Server

Mainboard (motherboard) is build by Asus Corp. The model is PR-DLS Dual Intel® Xeon Processor Server using two 2.4 GHz Intel® Xeon™ processors.

These processors are the first to feature the new, innovative technology known as Hyper-Threading.

Mainboard supportes a 400MHz FSB (Front Side Bus) and has the following features:




• 1 GB of PC 1600 SDRAM



• Thermal CPU sensor with Throttling Mode Support to automatically speed down the system when a CPU overheats



• Onboard LAN card by Intel® model 82544 that supports 10/100/1000 Mbps transfer rates



• Onboard ATI® RAGE-XL VGA controller with 8MB graphics memory

Reliability with RAID 5 (Redundant Array of Independent Disks)
SCSI (Small Computer System Interface) Enterprise-class 5400S RAID controller by Adaptec.


• Powerful 233MHz Intel StrongARM SA-110 RISC microprocessor.



• Four-channel Ultra160 SCSI RAID card with 64-bit/33MHz performance with hot-swap disk drive support.



• Enterprise-class RAID solution for highest performance and scalability to satisfy customer needs.

Gigabit Server NIC (network interface card) with fiber optics support for the 1000BASE-T media.

Hard Disk Drives (HDD): two Ultra160 SCSI 73 GB IBM Ultrastar 73LZX drives

• Rotational Speed - 10,000 RPM.



• Average seek time - 4.9 ms (milliseconds).
Scheduled system backups on DLT (Digital Linear Tape)
• 8mm Tape Drive provides up to 150 GB of data storage capacity per cartridge with 2.5:1 compression.



• Data transfer rate Up to 30.0 MB/sec with SCSI Interface Ultra2 LVD (68-pin) to achieve complete backup of data on the server within a couple of hours.



• Backing up is done at 1 AM 4 AM each day. IT dept delegates this task to two or three staff members.

Analog modem to allow the System Administrator to dial into the server to perform administrative tasks.

Floppy disk drive.

40X Plextor SCSI internal CD-ROM Drive.

ATX 400W Redundant Switching Power Supply. This is similar to having two engines in your car, if one fails, the other automatically takes over.

A Steel Server Case to house all components.

Uninterrupted Power Supply (UPS) unit is an APC Smart-UPS 2200VA/1600W with a modem to the power supply to reset power to server.

Optical Wheel PS/2-type mouse.

15" VGA Monitor.

101-key Keyboard.

Server Operating System (OS) and Services

• Red Hat Linux version 7.3 will be installed on the OTIS server.
• Apache Web Server installed with the Linux OS will provide the Web Services.

System Administrator for the OTIS Server: The administrator for the OTIS server attends to OS-related tasks such as

• System backups.
• Analyze usage and security logs.
• Inspect disk space utilization.
• Analyze disk integrity logs generated by RAID controller.
• Monitor overall system performance and network connectivity.

The Network

The network is the computer.

The OTIS project is heavily dependant on the network to provide services to clients located within the corporate network and outside of corporate network.

Cisco Catalyst 3500 Series Switch

Each switch has 48 autosensing 10/100 Ethernet ports that use the standard RJ-45 connectors
Two 1000BaseX ports that accept 1000BaseX GBIC (GigaBit Interface Converter) modules.
The GBIC module slots can support the following Cisco modules to provide flexibility in media and distance options:

• 1000BaseSX GBIC module for fiber connections of up to 550 meters.
• 1000BaseLX/LH GBIC module for fiber connections of up to 10 kilometers.
• 1000BaseZX GBIC module for fiber connections of up to 100 kilometers.

All Catalyst switches are assigned IP addresses. This provides the ability to telnet into a particular switch or connect through the console and monitor network usage and troubleshoot connectivity issues and is supported by the Cisco IOS command-line interface (CLI) management feature.

All 10/100 Ethernet data connections are handled by Category 5 (CAT 5) Ethernet cables.

User Access to OTIS

OTIS server is accessible as a URL from all client computers.
The user request is first forwarded to the authentication server which issues a security token for that session.
Then the request is sent back to the OTIS server which attends to the cleint's request.

This project considers access from two types of clients based on their location: internal clients and external clients.

Internal clients use machines that are connected directly to the corporate Ethenet.

External client machines are located outside the corporate network and are aloowed access through a firewall.

This setup allows users to connect to OTIS from home or field office.

Therefore this project takes into account a common situation where more and more users are
now working outside the corporate officeses, at a diffrent location or at home and need
to access services provided by the corporate network and most importantly, OTIS.

Security

The Authentication Server

• The authentication server uses Kerberos authentication and maintains its own database of accounts for all users, their permissions or access rights.
  
  
• Kerberos is the "single sign-on" authentication protocol that acts as a third party in maintaining a security database.
  
  
• The user authenticates once and obtains a security token which is on short-term lease.
  
  
• Authentication is respected by other network applications and services - including operating systems such as Windows 2000 Server in a mixed platform environment.
  
  
• Within a large network, it is provided by a common server.
  
  
• The OTIS project employs its services to validate users. OTIS server fowards the user login information to the authentication server which issues a security token based on the information and forwards the request back to the OTIS server. This security token when processed by the OTIS server determines if the user will be allowed access to its services and data.

The access control list (ACL) on the authentication server determines access rights on OTIS.

There are three main types of security tokens used to access services on OTIS server:

1. User account: this is the account issued to the general staff with minimum access rights.



2. Management account: administrators and department heads with intermediate access rights. Enables access all TTs of a particular dept. and report generation and printing capabilities.



3. IT account: with full access rights and access to ALL TTs, including the above.

Services provided by other Servers: LDAP (Light-weight Directory Access Protocol) Server

• This is a stand-alone server also widely accessed within the corporate network providing directory services to any client.



• The OTIS server, acting as a client, accesses employee information from the LDAP server to set up user accounts in its database.



• The LDAP server is the institution-wide repository of employee information, such as name, title, department, phone, cell phone and fax number, email address, etc.



• Individual users can also access the LDAP server directly to search its database for email addresses or phone numbers.