WEB375 Course Project: Web Architecture Plan for the DeVry Daily Tribune Newspaper Company
www.ddt.edu (domain name for the DeVry Daily Tribune)
Course Project: Web Architecture Plan for the DeVry Daily Tribune Newspaper Company
Design and plan the implementation of a web architecture to support the online presence of a newspaper company. The design must include diagram(s) of the network and web architecture and have installation and configuration instructions for each of the servers and features identified in the instructions below.
Because of the explosion in digital news sources, the DeVry Daily News and the DeVry Tribune have decided to merge their newspaper businesses in order to better defend against this online assault. They plan to co-locate their business and news offices in a single building where they also plan to establish a strong digital news presence. The new business is called the DeVry Daily Tribune (DDT) and has the domain www.ddt.edu.
The business has hired us—WEB375 Consulting—to design a secure and robust web architecture for its new facility. Our contract requires us to deliver a diagram of the web architecture plan and instructions that their system administrator can use to set up each of the servers they need. Luckily for us, DDT has chosen to go with Linux, which is our specialty, as the core operating system for its servers.
The following are the core requirements for the web architecture.
- Electronic mail for DDT‘s 100 employees. Employees in the building (on the LAN) can access their e-mail with any e-mail client, but employees off-site must use a web-based e-mail client.
- Secure FTP for the company and freelance photographers to upload digital images wherever they happen to be photographing the story. All photographers should upload digital images to their own individual directories and not have access to other user photos.
- Anonymous FTP for the public to download selected royalty-free or creative commons photos that the newspaper decides to make available. This may be hosted on a different machine from the secure FTP server.
- A dynamic new website supported by a LAMP architecture. Reporters will be able to write and submit their news stories through the web interface, which will save the stories in the database. The web application will present these stories to users when they visit the website.
- The newspaper already has the PHP web application developed; we just need to design and develop instructions for the installation of the web server and database server to support the application.
- A DHCP server on the local network to distribute IP addresses. DDT leaders do not want to use a router-based solution, but instead want the ability to configure their own computer-based DHCP server.
- A local DNS service to speed name resolution for web access.
The DeVry Daily Tribune plans to try several innovative web-based digital initiatives in the next year in order to reassert itself in the news marketplace. The company is very security conscious because it wants to keep these initiatives secret until they are ready. Once its web technologies are deployed, its does not want the website or its data breached.
The company wants as few services exposed to the Internet as possible, and each server should have a local firewall installed that only permits access to services installed on the server and SSH for remote access.
You only need to provide a design and instructions that explain the steps required to install and configure the web architecture you are recommending. You do not need to install and configure these servers on a VM, though it may help you in testing and refining your instructions.
Task Details and Recommended Milestone Dates
Download the Course Project Template document in Doc Sharing and complete each deliverable section using the information below. You should write the instructions and create diagrams that a system administrator with your level of knowledge and experience could follow. When describing installation and configuration steps, describe the process in a manner a classmate could follow to perform the work.
The Course Project is due Week 8 of the course, but you should work on it each week. To help plan your time, the task details for each section include a recommended week to complete that section’s instructions.
Recommended Completion: Week 1
Give background on the project and explain the design approach you are taking to the web architecture. This section should be expanded after completing the design diagrams in Week 2.
Linux Administrator Account Set-Up
Recommended Completion: Week 1
Take steps to create the primary Linux system admin account: email@example.com. Even though this activity will be performed on each of the servers in the web architecture, you only need to describe the steps once.
Network and Web Architecture Design
Recommended Completion: Week 2
Create a diagram of the network and web architecture you are proposing. The diagram should be similar to those in the lectures. You should document your design by explaining why you decided on the proposed web architecture. For example, make decisions on whether or not to use Bastion hosts, single servers, DMZs, and so on.
Mail Server Installation and Configuration
Recommended Completion: Week 3
Take steps to install and configure the mail server. The mail server should not relay mail from other servers. Mail user accounts correspond to Linux user accounts. Therefore, on this machine, you need to establish a user account for every employee. Your directions should explain how to set up one sample account and describe items to keep in mind as the administrator sets up the other accounts. The only virtual user account for mail is mapping firstname.lastname@example.org to the admin user account defined above.
Anonymous FTP Server Installation and Configuration
Recommended Completion: Week 4
Take steps to install and configure an anonymous FTP server. The anonymous FTP server resides at ftp.ddt.edu and is available to anyone in the world. As is common practice, the top-level folder is at /var/pub on the server workstation. Because it is an anonymous server, users do not need to log in, but anonymous users can only download files. The admin account (admin), should have full rights to the server to upload photos and manage file and directory organization.
Secured FTP Server Installation and Configuration
Recommended Completion: Week 4
Take steps to install and configure the secure FTP server. You may decide to make this server the same workstation and the anonymous FTP server, or it may be a different machine. In either case, the secure FTP server must limit users to one directory hierarchy (chroot jail). Each FTP user will also have a Linux user account on the server workstation. The admin account (admin), should have full rights to the server to organize all photos and manage the file and directories.
Web Server Installation and Configuration
Recommended Completion: Week 5
Take steps to install and configure the web server (Apache). The ServerAdmin should be email@example.com, and for security purposes, the directory for the DocumentRoot should be at /var/www/ddt. Because the newspaper will have reporters connecting from all over the world—often with intermittent Internet connections—we want the connection parameters set to the following.
- Timeout 120
- KeepAlive On
- MaxKeepAliveRequests 500
- KeepAliveTimeout 120
They also want to set up virtual hosting for the previous websites of the two companies.
www.devrydaily.com and www.devrytribune.com
Database Server Installation and Configuration
Recommended Completion: Week 6
Take steps to install and configure the MySQL server. The firewall on the MySQL server workstation should only the root user to log in from the localhost. The root account must have a password. Explain how to create a database, ddttest, to test the server with a single table,ddtusers. The table should have columns for username, firstname, lastname, and e-mail. Add five records to the table for testing purposes.
Firewall Installation and Configuration
Recommended Completion: Week 7
Take steps to install and configure the firewall (iptables) on the web server. The workstation that hosts the web server may host other services; that is your decision. The firewall on the web server should only allow incoming traffic for the services hosted on the workstation and should deny all other traffic.
DHCP Server Installation and Configuration
Recommended Completion: Week 7
Steps to configure the DHCP server. The DHCP server should
- distribute IP addresses to anonymous clients in the range 10.3.75.0 through 10.3.75.255 with a 6 hours lease time;
- ensure the primary DNS is 203.0.113.1 and the secondary DNS is 203.0.113.2;
- ensure the subnet mask is 255.255.255.0; and
- give each server workstation a host name and set up the DHCP server to give a fixed IP address to that workstation. For example, the web server workstation could be named “ddt_web” and assigned the IP address 203.0.113.15 and the FTP server. If it is on a different workstation, it may be “ddt_ftp” and assigned 203.0.113.10.
Before submitting your final Course Project report, you should do the following.
- Work on it every week!
- Make sure that there are no syntax or spelling errors
- Though you do not need to implement the servers you are designing, it is recommend that you test your instructions on a local virtual machine. See Setting up a Test Environment for addition information.
- Write the steps and explanations, keeping in mind that these will be given to the DeVry Daily Tribune system admin to implement—in other words, you need to write them in a manner someone can follow and troubleshoot.
Setting Up a Test Environment
Note: The actions in this section are not required, but can help you to better test your Course Project instructions and learn about the servers described in the course.
In the Skillsoft environment, you are using virtual machines to install and test servers. You can also perform these actions on your own local computer with a virtualization application, such as VMWare or the free VirtualBox (Oracle) software. It is beyond the scope of this course to explain how to set up this environment, but you are encouraged to experiment with these tools.
You can download VirtualBox for free from https://www.virtualbox.org/.
You can download the most recent version of Fedora Linux from http://fedoraproject.org/.