Coursework 02 - Storage and Backup

Coursework Type Group work / open-book with Internet access

Duration 24 - 36 hours

Deadline 3:00 PM, 6-Oct-2024

Marking Criteria Group demonstration (15 min) - 40 marks

Individual written test (30 min) - 60 marks

Maximum Group Size 6

The New Consultant

Hi! I am whoever you want to call me, but I am your new IT infrastructure and support project
consultant, your small company with a huge ego and adequate financial resources recently hired. I do
know what I am doing but sometimes I might be pretending. However, I want to get this
infrastructure going, so I can build up a career here.

I heard that your team is already capable of managing and securing access to our IT infrastructure.
Next in business would be to get the storage setup and ready. Now remember, when I say storage,
we also need to figure out backup and restore services as well, so we can come up with a solid
disaster recovery plan.

As employees I think everybody needs to have access to a common folder when they come to work
and log in to their computers. Also, I think we need to have a common FTP server to get quick access
to resources such as various software and company policy documents etc. through the network. This
should be enough for a good start. We also need to backup the content in the FTP files and common
folder. At the same time we need to make sure that the common folder, FTP files, and their backups
are secure at all times. I also figured that we have access to Windows Server and Linux environments.
So I figured the following points will be helpful to go forward.

● Centralised User Management: Use Active Directory (AD) for seamless login and file access
across multiple desktops.
● Common Shared Folder: A shared folder accessible via File Explorer on Windows and file
manager on Linux.
● FTP Server: For administrators to upload software and users to download.
● Backup Solution: Daily encrypted backups of the shared folder and FTP server.
● Storage Encryption: Secure both storage and backup using encryption (for data at rest and
data in transit).
● Redundancy: Use RAID for redundancy in the storage architecture to ensure data availability.
● Management: Auditing who accessed what and a disaster recovery plan covering all the
aspects above.

1
I also sketched down the following steps.

1. Active Directory for Centralised User Management

a. Set up a Windows Server as the Domain Controller (DC).
b. Create user accounts for all employees in Active Directory Users and Computers
(ADUC).
c. Join all desktops (Windows and Linux) to the AD domain.
d. Set up Group Policies to map network drives for each user on login to access the
common shared folder.
2. Common Shared Folder Accessible via File Explorer
a. Create a shared folder on the server (e.g. C:\Shared on Windows).
b. Configure Samba (on Linux) or SMB file sharing (on Windows) to allow users to
access the folder through File Explorer or other file managers.
c. Use Active Directory to manage permissions. Grant read/write permissions to users
or groups as needed.
d. Set up audit logging on the shared folder to monitor file access.
3. FTP Server for Software/resource Distribution
a. Install vsftpd on Linux or IIS FTP Server on Windows.
b. Create two FTP user groups: Admins with full read/write access to upload software.
Users with read-only access to download files.
c. Use SSL/TLS for FTP encryption (FTPS or SFTP) to secure file transfers.
d. Enable logging to monitor file uploads and downloads.
4. Backup Solution for Shared Folder and FTP Server
a. Set up a dedicated backup server or use an external NAS/iSCSI with encrypted
storage.
b. Schedule daily/weekly/monthly backups of the common shared folder and the FTP
directory.
c. Use encrypted backup solutions on Windows Server Backup with BitLocker to
encrypt backup volumes and rsync with Duplicity or BorgBackup for Linux to encrypt
backup data.
d. Store backups on an offsite or secondary location to ensure disaster recovery
capability.
5. Storage and Backup Encryption
a. Data at Rest Encryption:
i. For Windows, use BitLocker to encrypt the storage drives.
ii. For Linux, use LUKS (Linux Unified Key Setup) to encrypt storage.
b. Data in Transit Encryption:
i. For file sharing, use SMB encryption (for Windows) or Samba with SMB 3.0
(Linux).
ii. For FTP, use FTPS (FTP Secure) or SFTP (SSH FTP) to ensure data is encrypted
during transfers.
6. RAID for Redundancy and High Availability
a. Use a hardware RAID controller or software RAID (via mdadm on Linux or Windows
Storage Spaces).
b. Configure the shared folder and FTP directories to be stored on the RAID array.

2
 c. Monitor RAID health and set up alerts for drive failures.
7. Securing the System
a. Firewall: Use firewalls on both Linux and Windows to restrict access to the shared
folder and FTP server.
b. Access Controls: Use Active Directory to manage user permissions and ensure only
authorized personnel have access to specific directories.
c. Monitoring and Auditing: Enable file access auditing to track file changes, uploads,
and downloads.
d. Security awareness training: train employees on how to use storage services
provided.

I prefer if we can come up with a POC, but I do understand we might have knowledge, time, and
resource constraints. However, I expect the team to have at least the necessary know-how in such
cases, so that we can confidently invest our time and resources if we are going to implement this.

Now this is between you and I - I used chatGPT to furnish this document in english. So even I might
not know what certain words or sentences mean. Please discuss with me if anything is not clear.
Remember, what is important is to get this done. Cheers.

The Group Activity

Task Description
Your team represents the IT team in this company. You are supposed to study the situation, come up
with a design and a plan, implement a model solution as proof of concept along with necessary
documentation.

Requirement
1. Come up with a comprehensive set of requirements to assess the progress.
2. Develop a POC to demonstrate the design and plan.
3. Provide necessary documentation which includes (but not limited to) the system
specifications, DR plan, and user training plan.

Evaluation Criteria
Category Source Marks

Configuration and implementation Group demonstration 20

Problem solving and teamwork Group demonstration 10

Professionalism Documentation 10

Individual assessment and contribution Individual written test 60

3
Configuration and Implementation
Marks are awarded to the group considering the extent of the requirements fulfilled, the accuracy of
the configuration, and consistency of the knowledge in the group.

Problem Solving and Teamwork

Marks are awarded to the group considering the knowledge learnt and the accuracy of the decisions
made.

Professionalism
You are supposed to complete the activity as System Administrators. Marks are awarded to the
best-practices followed, as reflected in the documentation.

Individual Assessment and Contribution

You will be tested for the individual knowledge gained and the contribution you have made to your
team.

- The End -