COMPETENCY BASED LEARNING MATERIAL

Sector : ELECTRONICS SECTOR

Qualification Title : COMPUTER SYSTEM SERVICING NCII

Unit of
: SET-UP COMPUTER SERVERS
Competency

Module Title : SETTING-UP COMPUTER SERVERS

CORE INSTITUTE OF TECHNOLOGY INC.,

3 RD
FLR., JCMM REALTY BLDG., SAN PEDRO ST., DAVAO CITY

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 0 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 HOW TO USE THIS COMPETENCY-BASED LEARNING
MATERIAL

The unit of competency, “SET-UP COMPUTER SERVERS”, is one

of the competencies of COMPUTER SYSTEM SERVICING NCII, a course
which comprises the knowledge, skills, and attitudes required for a TVET
trainee to posses.
The module, SETTING-UP COMPUTER SERVERS, contains
training materials and activities related to receiving reservation request,
recording details of reservation, updating reservations and advising
others on reservation details.
In this module, you are required to go through a series of learning
activities in order to complete each learning outcome. In each learning
outcome are Information Sheets, Self-checks, Operation Sheets, Task
Sheets, and Job Sheets. Follow and perform the activities on your own. If
you have questions, do not hesitate to ask for assistance from your
facilitator.
Remember to:
 Read information sheet and complete the self-check.
 Perform the Task Sheets, Operation Sheets, and Job Sheets until
you are confident that your outputs conform to the Performance
Criteria Checklists that follow the said work sheets.
 Submit outputs of the Task Sheets, Operation Sheets, and Job
Sheets to your facilitator for evaluation and recording in the
Achievement Chart. Outputs shall serve as your portfolio during
the Institutional Competency Evaluation. When you feel confident
that you have had sufficient practice, ask your trainer to evaluate
you. The results of your assessment will be recorded in your
Achievement Chart and Progress Chart.
You must pass the Institutional Competency Evaluation for this
competency before moving to another competency. A Certificate of
Achievement will be awarded to you after passing the evaluation.

You need to complete this module before you can perform the
module on maintaining Computer Systems and Networks.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 1 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 COMPUTER SYSTEM SERVICING NCII
COMPETENCY BASED LEARNING MATERIALS

LIST OF COMPETENCIES
No. Unit of Competency Module Title Code

1. Install and configure Installing and ELC724331

computer systems configuring computer
systems

2 Set-up Computer Setting-up Computer ELC724332

Networks Networks

3 Set-up Computer Setting-up ELC724333

Servers Computer Servers

4 Maintain and Repair Maintaining and ELC724334

Computer Systems Repairing Computer
and Networks Systems and
Networks

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 2 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 MODULE CONTENT

Qualification Title : Computer System Servicing NCII

Unit of Competency : Set-up Computer Servers

Module Title : Setting-up Computer Servers

Introduction

This unit of competency deals with the skills, knowledge and

attitude in setting-up computer servers computer servers for LANs and
SOHO systems. It consists of competencies to set-up user access and
configures network services as well as to perform testing, documentation
and pre-deployment procedures.

Learning Outcomes:

Upon completion of this module, you MUST be able to:

1. Set-up user access

2. Configure network services

3. Perform testing, documentation and pre-deployment procedures

ASSESSMENT CRITERIA

1. User folder is created in accordance with network operating system

(NOS) features

2. User access level is configured based on NOS features and

established network access policies/end-user requirements.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 3 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
3. Security check is performed in accordance with established

network access policies/end-user requirements.

4. Normal functions of server are checked in accordance with

manufacturer’s instructions

5. Required modules /add-ons are installed/updated based on NOS

installation procedures

6. Network services to be configured are confirmed based on

user/system requirements

7. Operation of network services are checked based on user/system

requirements

8. Unplanned events or conditions are responded to in accordance

with established procedures

9. Pre-deployment procedures is undertaken based on enterprise

policies and procedures

10. Operation and security check are undertaken based on end-user

requirements

11. Reports are prepared/completed according to enterprise policies

and procedures.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 4 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
LEARNING OUTCOME #1: Set-up user access

CONTENTS:
This module will teach you how to set-up user access

Upon completion of this module, you will be able to:

 Normal functions of server.

 Network services.
 pre-deployment procedures

ASSESSMENT CRITERIA:

1. User folder is created in accordance with network operating

system (NOS) features

2. User access level is configured based on NOS features and

established network access policies/end-user requirements.

3. Security check is performed in accordance with established

network access policies/end-user requirements.

CONDITIONS:

The student/trainee must be provided with the following:

 Set-up user access
 Configured network services
 Performed testing, documentation and pre-deployment procedures

ASSESSMENT METHODS:
 Practical Demonstration w/ oral questioning
 Interview
 Third Party
 Portfolio

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 5 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 Learning Experiences

Learning Outcome 1

Set-up user access

Learning Activities Special Instructions

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 6 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Read Information Sheet 3.1-1: This Learning Outcome deals with the
on the “Create a user folder development of the Institutional
using your network operating Competency Evaluation Tool which
system in your computer trainers use in evaluating their trainees
network.” after finishing a competency of the
qualification.

Go through the learning activities

Answer Self-check 3.1-1 on
outlined for you on the left column to
the “Create a user folder using
gain the necessary information or
your network operating system
knowledge before doing the tasks to
in your computer network.”
practice on performing the requirements
of the evaluation tool.

The output of this LO is a complete

Read Information Sheet 3.1-2: Institutional Competency Evaluation
on the
Package for one Competency of
“Establish/Configure/Perform
Computer Hardware Servicing NC II.
security check at the network
access policies/end-user.” Your output shall serve as one of your
portfolio for your Institutional
Competency Evaluation for Set-up user
access.
Answer Self-check3.1-2 on
Established, configured and Feel free to show your outputs to your
performed security check at the trainer as you accomplish them for
network access policies/end- guidance and evaluation.
user.”
After doing all the activities for this LO,
you are ready to proceed to the next LO:
Configure network services.

Information Sheet 3.1-1

Create a user folder using your Network Operating

System (NOS) in your computer network.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 7 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Learning Objectives:
After reading this information sheet, you must be able to:
1. Explain how a network operating system works.
2. Differentiate the server and a client.

WHAT IS A NETWORK OPERATING SYSTEM?

Unlike operating systems, such as Windows, that are designed for

single users to control one computer, network operating systems (NOS)
coordinate the activities of multiple computers across a network. The
network operating system acts as a director to keep the network running
smoothly.

ACCESS AND MANAGEMENT SETTINGS

The user module allows users to register, log in, and log out. Users
benefit from being able to sign on because this associates content they
create with their account and allows various permissions to be set for
their roles.

The user module supports user roles, which can be set up with
fine-grained permissions allowing each role to do only what the
administrator permits. Each user is assigned one or more roles. By
default there are three roles: anonymous (a user who has not logged in)
and authenticated (a user who has signed up and been authorized), and
in Drupal 7 only, administrator (a signed in user who will be assigned site
administrator permissions).

Users can use their own name or handle and can fine tune some
personal configuration settings through their individual my account page.
Registered users need to authenticate by supplying their username and
password, or alternately an login.
A visitor accessing your website is assigned a unique ID, the so-
called session ID, which is stored in a cookie. For security's sake, the
cookie does not contain personal information but acts as a key to
retrieving the information stored on your server.

You can

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 8 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
  view your user page at http://example.com/user when you're
logged in
 administer users at People (Administer > People) in Drupal 7,
and (Administer > User) in previous versions.
 create new users on the People page through the add user link
in Drupal 7, and (Administer > User > Add user) in previous
versions.
 configure user registration, user email, and user picture
settings on the Account settings page (Administer >
Configuration > People > Account settings) in Drupal 7, and
(Administer > Settings > User) in previous versions.
 allow users to select themes in versions prior to Drupal 7 from
their user account by enabling themes in (Administer > Themes).
 read user profile help at (Administer > Help > User).
 configure access permissions at (Administer > People >
Permissions) in Drupal 7, and (Administer > Access control) in
previous versions.

Network operating system refers to software that implements

an operating system of some kind that is oriented to computer
networking. For example, one that runs on a server and enables the
server to manage data, users, groups, security, applications, and other
networking functions. The network operating system is designed to
allow shared file and printer access among multiple computers in a
network, typically a local area network (LAN), a private network or to
other networks.

Peer-to-Peer
In a peer-to-peer network operating system users are allowed to share
resources and files located on their computers and access shared
resources from others. This system is not based with having a file server
or centralized management source. A peer-to-peer network sets all
connected computers equal; they all share the same abilities to use
resources available on the network.

Examples:

 AppleShare used for networking connecting Apple products.

 Windows for Workgroups used for networking peer-to-peer
windows computers.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 9 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Advantages

 Ease of setup
 Less hardware needed, no server needs to be purchased.

Disadvantages

 No central location for storage.

 Lack of security that a client/server type offers.

Client/Server

Network operating systems can be based on

a client/server architecture in which a server enables multiple clients
to share resources. Client/server network operating systems allow the
network to centralize functions and applications in one or more
dedicated file servers. The server is the center of the system, allowing
access to resources and instituting security. The network operating
system provides the mechanism to integrate all the components on a
network to allow multiple users to simultaneously share the same
resources regardless of physical location.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 10 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Examples: 1.Windows Server

Advantages

 Centralized servers are more stable.

 Security is provided through the server.
 New technology and hardware can be easily integrated into the
system.
 Servers are able to be accessed remotely from different locations and
types of systems.

Disadvantages

 Cost of buying and running a server are high.

 Dependence on a central location for operation.
 Requires regular maintenance and updates.

Security Issues Involved in using a Client/Server Network

In a client/server network security issues may evolve at three different

locations: the client, the network, and the server. All three points need to
be monitored for unauthorized activity and need to be secured against
hackers or eavesdroppers.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 11 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
The Client
The client is the end user of the network and needs to be secured
the most. The client end usually exposes data through the screen of the
computer. Client connections to server should be secured through
passwords and upon leaving their workstations clients should make sure
that their connection to the server is securely cut off in order to make
sure that no hackers or intruders are able to reach the server data. Not
only securing the workstations connection to the server is important but
also securing the files on the workstation (client) is important as it
ensures that no hackers are able to reach the system. Another possibility
is that of introducing a virus or running unauthorized software on the
client workstation thus threatening the entire information bank at the
server (Exforsys Inc., 2007).
The users themselves could also be a security threat if they
purposely leave their IDs logged in or use easy IDs and passwords to
enable hacking. Users may also be sharing their passwords in order to
give the hackers access to confidential data (Wilson, Lin, & Craske,
1999). This can be overcome by giving passwords to each client and
regularly asking clients to change their passwords. Also passwords
should be checked for their strength and uniqueness.

The Network
The network allows transmission of data from the clients to the
server. There are several points on the network where a hacker could
eavesdrop or steal important packets of information. These packets may
contain important confidential data such as passwords or company
details. It is important that these networks are secured properly to keep
unauthorized professionals away from all the data stored on the server.
This can be done by encrypting important data being sent on the
network. However, encryption may not be the only possible way of
protecting networks as hackers can work their way around encryption.
Another method could be conducting security audits regularly and
ensuring identification and authorization of individuals at all points
along the network. This should discourage potential hackers (Wilson
et.al., 1999). Making the entire environment difficult to impersonate also
makes sure that the clients are reaching the true files and applications
on the server and that the server is providing information to authorized
personnel only.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 12 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
The Server
The server can be secured by placing all the data in a secure,
centralized location that is protected through permitting access to
authorized personnel only. Virus protection should also be available on
server computers as neal vast amounts of data can be infected. Regular
upgrades should be provided to the servers as the software and the
applications need to be updated. Even the entire body of data on a server
could be encrypted in order to make sure that reaching the data would
require excessive time and effort (Wilson, Neal, & Craske, 1999).

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 13 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 Network Operating Systems (NOS)

Network operating systems typically are used to run computers that act
as servers. They provide the capabilities required for network operation.
Network operating systems are also designed for client computers and
provide functions so the distinction between network operating systems
and stand alone operating systems is not always obvious. Network
operating systems provide the following functions:

 File and print sharing.

 Account administration for users.
 Security.

Installed Components

 Client functionality
 Server functionality

Functions provided:

 Account Administration for users

 Security
 File and print sharing

Network services

 File Sharing
 Print sharing
 User administration
 Backing up data

Universal Naming Convention (UNC)

A universal naming convention (UNC) is used to allow the use of shared

resources without mapping a drive to them. The UNC specifies a path
name and has the form:

\\servername\pathname

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 14 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Network Operating System Examples

 Windows NT server and workstation - Can use multiple processors

and run on Intel or RISC computers. Performs preemptive
multitasking.
 Windows 95 - Cannot use multiple processors or run on RISC
computers. It cannot use NT drivers, but it can use older drivers.
 OS/2 - supports preemptive multitasking and multithreading and
protects applications from each other. It runs on Intel or RISC
computers. Supports 1 processor. Requires a minimum of a 386
and 8M of RAM. Some DOS drivers will work for OS/2. Won't run
on DEC Alpha systems.
 MacIntosh - supports cooperative and preemptive multitasking and
uses a windows, icons, mouse environment for system control.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 15 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Self-Check 3.1-1: TRUE OR FALSE

1. In access and management settings the user module do not

allows users to register, log in, and log out.
2. Network operating system refers to hardware that implements
an operating system.
3. Peer-to-peer network operating system users are allowed to
share resources and files located on their computers and access
shared resources from others.
4. Resources are shared among are not equals in a peer-to-peer
network.
5. The client is the end user of the network and needs to be
secured the most.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 16 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Answers to Self-Check 3.1-1

1. False---Allows
2. False---Software
3. True
4. False---Equals
5. True

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 17 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 Information Sheet 3.1-2

Establish/Configure/Perform security check at the

network access policies/end-user

Learning Objectives:
After reading this information sheet, you must be able to:
1. differentiate applications of network security, password and
policies.

Security Policies

The idea of security policies includes many dimensions. Broad

considerations include requiring backups to be done regularly and stored
off-site. Narrow table or data considerations include ensuring that
unauthorized access to sensitive data, such as employee salaries, is
precluded by built-in restrictions on every type of access to the table that
contains them.

This chapter discusses security policies in the following sections:

 System Security Policy

 Data Security Policy
 User Security Policy
 Password Management Policy
 Auditing Policy
 A Security Checklist

I. System Security Policy

This section describes aspects of system security policy, and

contains the following topics:

 Database User Management

 User Authentication
 Operating System Security

Each database has one or more administrators who are

responsible for maintaining all aspects of the security policy: the
security administrators. If the database system is small, the
Date Prepared: Document No. CIT-CSS-0115
COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 18 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
database administrator may have the responsibilities of the
security administrator. However, if the database system is large, a
special person or group of people may have responsibilities limited
to those of a security administrator.
After deciding who will manage the security of the system, a
security policy must be developed for every database. A database's
security policy should include several sub-policies, as explained in
the following sections.

A. Database User Management

Depending on the size of a database system and the amount

of work required to manage database users, the security
administrator may be the only user with the privileges required to
create, alter, or drop database users. On the other hand, there may
be a number of administrators with privileges to manage database
users. Regardless, only trusted individuals should have the
powerful privileges to administer database users.

B. User Authentication

Database users can be authenticated (verified as the correct

person) using database passwords, the host operating system,
network services, or by Secure Sockets Layer (SSL).

C. Operating System Security

The following security issues must also be considered for the

operating system environment executing Oracle and any database
applications:
 Database administrators must have the operating system
privileges to create and delete files.
 Typical database users should not have the operating system
privileges to create or delete files related to the database.
 If the operating system identifies database roles for users,
the security administrators must have the operating system
privileges to modify the security domain of operating system
accounts.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 19 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
II. Data Security Policy

Data security includes the mechanisms that control the

access to and use of the database at the object level. Your data
security policy determines which users have access to a specific
schema object, and the specific types of actions allowed for each
user on the object. For example, the policy could establish that a
certain user can issue SELECT and INSERT statements but
not DELETE statements using a database. Your data security
policy should also define the actions, if any, that are audited for
each schema object.
Your data security policy is determined primarily by the level
of security you want to establish for the data in your database. For
example, it may be acceptable to have little data security in a
database when you want to allow any user to create any schema
object, or grant access privileges for their objects to any other user
of the system. Alternatively, it might be necessary for data security
to be very controlled when you want to make a database or security
administrator the only person with the privileges to create objects
and grant access privileges for objects to roles and users.
Overall data security should be based on the sensitivity of
data. If information is not sensitive, then the data security policy
can be more lax. However, if data is sensitive, a security policy
should be developed to maintain tight control over access to
objects.
This section describes aspects of user security policy, and
contains the following topics:

 General User Security

 End-User Security
 Administrator Security
 Application Developer Security
 Application Administrator Security

A. General User Security

For all types of database users, consider the following
general user security issues:
 Password Security
 Privilege Management

1. Password Security

If user authentication is managed by the database,

security administrators should develop a password security
policy to maintain database access security. For example,
Date Prepared: Document No. CIT-CSS-0115
COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 20 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 database users should be required to change their passwords
at regular intervals, and of course, when their passwords are
revealed to others. By forcing a user to modify passwords in
such situations, unauthorized database access can be
reduced.
Passwords are always automatically and transparently
encrypted during network (client/server and server/server)
connections, using a modified DES (Data Encryption
Standard) algorithm, before sending them across the
network.

2. Privilege Management

Security administrators should consider issues related

to privilege management for all types of users. For example,
in a database with many usernames, it may be beneficial to
use roles (which are named groups of related privileges that
you grant to users or other roles) to manage the privileges
available to users. Alternatively, in a database with a handful
of usernames, it may be easier to grant privileges explicitly to
users and avoid the use of roles.
Security administrators managing a database with
many users, applications, or objects should take advantage
of the benefits offered by roles. Roles greatly simplify the task
of privilege management in complicated environments.

B. End-User Security

Security administrators must define a policy for end-user

security. If a database has many users, the security administrator
can decide which groups of users can be categorized into user
groups, and then create user roles for these groups. The security
administrator can grant the necessary privileges or application
roles to each user role, and assign the user roles to the users. To
account for exceptions, the security administrator must also decide
what privileges must be explicitly granted to individual users.

Using Roles for End-User Privilege Management

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 21 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 Roles are the easiest way to grant and manage the
common privileges needed by different groups of database
users.
Consider a situation where every user in the accounting
department of a company needs the privileges to run the accounts
receivable and accounts payable database applications
(ACCTS_REC and ACCTS_PAY). Roles are associated with both
applications, and they contain the object privileges necessary to
execute those applications.

The following actions, performed by the database or security

administrator, address this simple security situation:
1. Create a role named accountant.
2. Grant the roles for the ACCTS_REC and ACCTS_PAY database
applications to the accountant role.
3. Grant each user of the accounting department
the accountant role.

This security model is illustrated in 

User Role

This plan addresses the following potential situations:

 If accountants subsequently need a role for a new database

application, that application's role can be granted to
the accountant role, and all users in the accounting department
will automatically receive the privileges associated with the new
database application. The application's role does not need to be
granted to individual users requiring use of the application.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 22 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 Similarly, if the accounting department no longer requires the
need for a specific application, the application's role can be
dropped from the accountant role.
 If the privileges required by
the ACCTS_REC and ACCTS_PAY applications change, the new
privileges can be granted to, or revoked from, the application's
role. The security domain of the accountant role, and all users
granted the accountant role, automatically reflect the privilege
modification.

Use roles in all possible situations to make end-user privilege

management efficient and simple.

C. Administrator Security

Security administrators should have a policy addressing

database administrator security. For example, when the database
is large and there are several types of database administrators, the
security administrator may decide to group related administrative
privileges into several administrative roles. The administrative roles
can then be granted to appropriate administrator users.
Alternatively, when the database is small and has only a few
administrators, it may be more convenient to create one
administrative role and grant it to all administrators.

Protection for Connections as SYS and SYSTEM

After database creation, and if you used the default

passwords for SYS and SYSTEM, immediately change the
passwords for the SYS and SYSTEM administrative usernames.
Connecting as SYS or SYSTEM gives a user powerful privileges to
modify a database. For example, connecting as SYS allows a user
to alter data dictionary tables. The privileges associated with these
usernames are extremely sensitive, and should only be available to
select database administrators.

If you have installed options that have caused other

administrative usernames to be created, such username accounts
are initially created locked. To unlock these accounts, use
the ALTER USER statement. The ALTER USER statement should
also be used to change the associated passwords for these
accounts.

The passwords for these accounts can be modified using the

procedures described in "Altering Users".
Date Prepared: Document No. CIT-CSS-0115
COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 23 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
D. Application Developer Security

Security administrators must define a special security policy

for the application developers using a database. A security
administrator could grant the privileges to create necessary objects
to application developers. Or, alternatively, the privileges to create
objects could be granted only to a database administrator, who
then receives requests for object creation from developers.

Free Versus Controlled Application Development

The database administrator can define the following options

when determining which privileges should be granted to
application developers:

 Free development

An application developer is allowed to create new schema

objects, including tables, indexes, procedures, packages, and so
on. This option allows the application developer to develop an
application independent of other objects.

 Controlled Development

An application developer is not allowed to create new

schema objects. All required tables, indexes, procedures, and so
on are created by a database administrator, as requested by an
application developer. This option allows the database
administrator to completely control a database's space usage
and the access paths to information in the database.

Space Restrictions Imposed on Application Developers

While application developers are typically given the privileges

to create objects as part of the development process, security
administrators must maintain limits on what and how much
database space can be used by each application developer. For
example, as the security administrator, you should specifically set
or restrict the following limits for each application developer:

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 24 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 E. Application Administrator Security

In large database systems with many database applications,

you might consider assigning application administrators. An
application administrator is responsible for the following types of
tasks:

 Creating roles for an application and managing the privileges of

each application role
 Creating and managing the objects used by a database
application
 Maintaining and updating the application code often, an
application administrator is also the application developer who
designed an application. However, an application administrator
could be any individual familiar with the database application.

PRACTICE PRINCIPLE OF LEAST PRIVILEGE.

1. Grant necessary privileges only.

Do not provide database users more privileges than are

necessary. In other words, principle of least privilege is that a
user be given only those privileges that are actually required
to efficiently and succinctly perform his or her job.

To implement least privilege, restrict: 1) the number

of SYSTEM and OBJECT privileges granted to database
users, and 2) the number of people who are allowed to
make SYS-privileged connections to the database as much as
possible. For example, there is generally no need to
grant CREATE ANY TABLE to any non DBA-privileged user.

2. Grant users roles only if they need all of the role's

privileges.

Roles (groups of privileges) are useful for quickly and easily

granting permissions to users. If your application users do
not need all the privileges encompassed by an existing role,
then create your own roles containing only the appropriate
privileges for your requirements. Similarly, ensure that roles
contain only the privileges that reflect job responsibility.

For example, grant users the CREATE SESSION privilege to

authorize them to log in to the database, rather than

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 25 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 granting them the CONNECT role, which has many
additional privileges. Unless users require all the extra
privileges contained in the CONNECT role (or any other role),
assign them individually only the minimum set of individual
privileges truly needed. Alternatively, create your own.

ENFORCE ACCESS CONTROLS EFFECTIVELY.

Authenticate clients properly.

By default, operating-system-authenticated logins only over secure

connections, which precludes using a shared server configuration.
This default restriction prevents a remote user from impersonating
another operating system user over a network connection.

RESTRICT NETWORK ACCESS.

1. Use a firewall.

Keep the database server behind a firewall. Network

infrastructure, offers support for a variety of firewalls from
various vendors. Supported proxy-enabled firewalls include
Network Associates' Gauntlet and Axent's Raptor. Supported
packet-filtered firewalls include Cisco's PIX Firewall and
supported stateful inspection firewalls (more sophisticated
packet-filtered firewalls) include CheckPoint's Firewall-1.

2. Never poke a hole through a firewall.

Doing so will introduce a number of significant security

vulnerabilities including more port openings through the
firewall, multi-threaded operating system server issues and
revelation of crucial information on database(s) behind the
firewall. Banner information and database descriptors and
service names.

3. Be sure of who is accessing your systems.

Authenticating client computers over the Internet is

problematic. Do user authentication instead, which avoids
client system issues that include falsified IP addresses,
hacked operating systems or applications, and falsified or
stolen client system identities. The following steps improve
client computer security:

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 26 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
  Configure the connection to use SSL. Using SSL
(Secure Sockets Layer) communication makes
eavesdropping unfruitful and enables the use of
certificates for user and server authentication.
 Set up certificate authentication for clients and servers
such that:

i. The organization is identified by unit and certificate

issuer and the user is identified by distinguished name
and certificate issuer.

ii. Applications test for expired certificates.

iii. Certificate revocation lists are audited.

4. Harden the operating system.

Harden the host operating system by disabling all

unnecessary operating system services. Windows platforms
provide a variety of operating system services, most of which
are not necessary for most deployments. Such services
include FTP, TFTP, TELNET, and so forth. Be sure to close
both the UDP and TCP ports for each service that is being
disabled. Disabling one type of port and not the other does
not make the operating system more secure.

APPLY ALL SECURITY PATCHES AND WORKAROUNDS

Always apply all relevant and current security patches for both the
operating system, and components thereof.

PERIODICALLY CHECK THE SECURITY SITE TECHNOLOGY

NETWORK

In summary, consider all paths the data travels and assess

the threats that impinge on each path and node. Then take steps to
lessen or eliminate both those threats and the consequences of a
successful breach of security. Also monitor and audit to detect
either increased threat levels or successful penetration.

CONTACT SECURITY PRODUCTS

If you believe that you have found a security vulnerability using e-

mail a complete description of the problem, including product
version and platform, together with any exploit scripts.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 27 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Self-Check 3.1-2: TRUE OR FALSE

1. Users can be authenticated thru verified as the correct

person using database passwords, the host operating
system, network services, or by Secure Sockets Layer (SSL).
3. If user authentication is not managed by the database,
security administrators should develop a password security
policy to maintain database access security.
4. Restrict network access by the Use of a firewall to Keep from
a from various vendors
5. Harden the host operating system by disabling all
unnecessary operating system services. Most of which are
not necessary for most deployments. Such services include
FTP, TFTP, TELNET, and so forth.
6. Data security includes the mechanisms that don’t control the
access to and use of the database at the object level.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 28 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Answers to Self-Check 3.1-2

1. True
2. False--managed
3. True
4. True
5. False---control

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 29 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
LEARNING OUTCOME #2 Configure Network Services

CONTENTS:

Upon completion of this module, you will be able to:

1. Checked the entire computer server must be normally

functional.

ASSESSMENT CRITERIA:

1. Normal functions of server are checked in accordance with

manufacturer’s instructions
2. Required modules /add-ons are installed /updated based on
NOS installation procedures
3. Network services to be configured are confirmed based on
user/system requirements
4. Operation of network services are checked based on
user/system requirements
5. Unplanned events or conditions are responded to in
accordance with established procedures

CONDITIONS: The student/trainee must be provided with the following:

 Personal Protective equipment ( ex. protective eyewear, anti
static wrist wrap)
 Electronic laboratory hand tools (assorted pliers, assorted screw
drivers, soldering iron & desoldering tool)
 LAN tester
 Crimping tools
 RS 232 pin exertion/ extraction tool
 Hand-outs

ASSESSMENT METHODS:
 Practical Demonstration w/ oral questioning
 Interview
 Third Party
 Portfolio

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 30 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 Learning Experiences

Learning Outcome 2

Configure Network Services

Learning Activities Special Instructions

Read Information Sheet3.2-1: This Learning Outcome deals with the

“Checked the entire computer development of the Institutional
server must be normally Competency Evaluation Tool which
functional.” trainers use in evaluating their trainees
after finishing a competency of the
Answer Self-check3.2-1for the qualification.
“Checked the entire computer
server must be normally Go through the learning activities
functional.” outlined for you on the left column to
gain the necessary information or
knowledge before doing the tasks to
practice on performing the requirements
of the evaluation tool.

The output of this LO is a complete

Institutional Competency Evaluation
Package for one Competency of
Computer Hardware Servicing NC II.
Your output shall serve as one of your
portfolio for your Institutional
Competency Evaluation for Configure
Network Services.

Feel free to show your outputs to your

trainer as you accomplish them for
guidance and evaluation.

After doing all the activities for this LO,

you are ready to proceed to the next LO:
Perform testing, documentation and
pre-deployment procedures

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 31 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 Information Sheet 3.2-1

Normal Functions of a Computer Server

Learning Objectives:
After reading this information sheet, you must be able to:
a. Check the entire computer server for its normal functions

A server is a running instance of an application (software) capable of

accepting requests from the client and giving responses accordingly.
Servers can run on any computer including dedicated computers, which
individually are also often referred to as "the server". In many cases, a
computer can provide several services and have several servers running.
The advantage of running servers on a dedicated computer is security.
For this reason most of the servers are daemon processes and designed in
that they can be run on specific computer(s).
Servers operate within a client-server architecture. Servers are computer
programs running to serve the requests of other programs, the clients.
Thus, the server performs some tasks on behalf of clients. It facilitates the
clients to share data, information or any hardware and software
resources. The clients typically connect to the server through the network
but may run on the same computer. In the context of Internet Protocol (IP)
networking, a server is a program that operates as a socket listener.
Servers often provide essential services across a network, either to private
users inside a large organization or to public users via the Internet.
Typical computing servers are database server, file server, mail
server, print server, web server, gaming server, and application server.
Numerous systems use this client server networking model including Web
sites and email services. An alternative model, peer-to-peer
networking enables all computers to act as either a server or client as
needed.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 32 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Usage

The term server is used quite broadly in information technology. Despite

the many server-branded products available (such as server versions of
hardware, software or operating systems), in theory, any computerised
process that shares a resource to one or more client processes is a server.
To illustrate this, take the common example of file sharing. While the
existence of files on a machine does not classify it as a server, the
mechanism that shares these files to clients by the operating system is the
server.
Similarly, consider a web server application (such as
the multiplatform "Apache HTTP Server"). This web server software can
be run on any capable computer. For example, while a laptop or
personal computer is not typically known as a server, they can in these
situations fulfill the role of one, and hence be labelled as one. It is, in this
case, the machine's role that places it in the category of server.
In the hardware sense, the word server typically designates computer
models intended for hosting software applications under the heavy
demand of a network environment. In this client–server configuration,
one or more machines, either a computer or a computer appliance, share
information with each other with one acting as a host for the other[s].
While nearly any personal computer is capable of acting as a network
server, a dedicated server will contain features making it more suitable for
production environments. These features may include a faster CPU,
increased high-performance RAM, and increased storage capacity in the
form of a larger or multiple hard drives. Servers also typically
have reliability, availability and serviceability (RAS) and fault
tolerance features, such as redundancy in power supplies, storage (as
in RAID), and network connections.
Include switches, routers, gateways, and print servers, all of which are
available in a near plug-and-play configuration.
Modern operating systems such as Microsoft Windows or Linux
distributions seem to be designed with a client–server architecture in
mind. These operating systems attempt to abstract hardware, allowing a
wide variety of software to work with components of the computer. In a
sense, the operating system can be seen as serving hardware to the

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 33 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
software, which in all but low-level programming languages must interact
using an API.
The Internet itself is also a forest of servers and clients. Merely requesting
a web page from a few kilometers away involves satisfying
a stack of protocols that involve many examples of hardware and
software servers. The least of these are the routers, modems, domain
name servers, and various other servers necessary to provide us
the world wide web.
The introduction of Cloud computing allows server storage and other
resources to be shared in a pool and provides servers with a higher degree
of fault tolerance.

Hardware Requirement

A rack-mountable server. Top cover removed to reveal the internal

components.

Hardware 
requirement for servers vary, depending on the server application. Absolute
CPU speed is not quite as critical to a server as it is to a desktop machine ].
Servers' duties to provide service to many users over a network lead to
different requirements such as fast network connections and high I/O
throughout. Since servers are usually accessed over a network, they may
run in headless mode without a monitor or input device. Processes that
are not needed for the server's function are not used. Many servers do not
have a graphical user interface (GUI) as it is unnecessary and consumes
resources that could be allocated elsewhere. Similarly, audio
and USB interfaces may be omitted.
Servers often run for long periods without interruption
and availability must often be very high, making hardware reliability and
durability extremely important. Although servers can be built from
Date Prepared: Document No. CIT-CSS-0115
COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 34 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
commodity computer parts, mission-critical enterprise servers are ideally
very fault tolerant and use specialized hardware with low failure
rates in order to maximize uptime, for even a short-term failure can cost
more than purchasing and installing the system. For example, it may take
only a few minutes of down time at a national stock exchange to justify
the expense of entirely replacing the system with something more reliable.
Servers may incorporate faster, higher-capacity hard drives,
larger computer fans or water cooling to help remove heat,
and uninterruptible power supplies that ensure the servers continue to
function in the event of a power failure. These components offer higher
performance and reliability at a correspondingly higher price.
Hardware redundancy—installing more than one instance of modules
such as
To increase reliability, most servers use memory with error detection and
correction, redundant disks, redundant power supplies and so on. Such
components are also frequently hot swappable, allowing technicians to
replace them on the running server without shutting it down. To prevent
overheating, servers often have more powerful fans. As servers are usually
administered by qualified system administrators, their operating systems
are also more tuned for stability and performance than for user
friendliness and ease of use, Linux taking a noticeably larger percentage
than for desktop computers.
As servers are often noisy and they need a stable power supply, good
Internet access, and increased security, it is usual to store them in
dedicated server centers. This requires reducing the power consumption,
as the extra energy used generates more heat thus causing the
temperature in the room to exceed acceptable limits; hence normally, server
rooms are equipped with air conditioning devices. Server casings are
usually flat and wide (typically measured in "rack units"), adapted to store
many devices next to each other in a server rack. Unlike ordinary
computers, servers usually can be configured, powered up and down or
rebooted remotely, using out-of-band management,
Servers often do extensive pre-boot memory testing and verification and
startup of remote management services. The hard drive controllers then
start up banks of drives sequentially, rather than all at once, so as not to
overload the power supply with startup surges, and afterwards they
initiate RAID system pre-checks for correct operation of redundancy. It is
Date Prepared: Document No. CIT-CSS-0115
COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 35 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
common for a machine to take several minutes to start up, but it may not
need restarting for months or years.

A server rack seen
from the rear

servers as seen from the

front

 servers as seen from the

rear

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 36 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 servers as seen from the
rear

Operating systems

Server-oriented operating systems tend to have certain features that make

them more suitable for the server environment, such as
GUI not available or optional

 ability to reconfigure and update both hardware and software to some

extent without restart,
 advanced backup facilities to permit regular and frequent online
backups of critical data,
 transparent data transfer between different volumes or devices,
 flexible and advanced networking capabilities,
Windows and Mac OS X server operating systems are deployed on a
minority of servers, as are other proprietary mainframe operating
systems .The rise of the microprocessor-based server was facilitated by
the development of Unix to run on the x86 microprocessor architecture.
The Microsoft Windows family of operating systems also runs on x86
hardware and, since Windows NT, have been available in versions
suitable for server use.[
While the role of server and desktop operating systems remains distinct,
improvements in the reliability of both hardware and operating systems
have blurred the distinction between the two classes. Today, many
desktop and server operating systems share similar code bases, differing
mostly in configuration. The shift towards web

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 37 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
applications and middleware platforms has also lessened the demand for
specialist application servers.[citation needed]

Types

In a general network environment the following types of servers may be

found.

 Application server, a server dedicated to running certain software

applications
 Catalog server, a central search point for information across a
distributed network
 Communications server, carrier-grade computing platform for
communications networks
 Compute server, a server intended for intensive (esp. scientific)
computations
 Database server, provides database services to other computer
programs or computers
 Fax server, provides fax services for clients
 File server, provides remote access to files
 Game server, a server that video game clients connect to in order to
play online together
 Home server, a server for the home
 Mail server, handles transport of and access to email
 Mobile Server, or Server on the Go is an Intel Xeon processor based
server class laptop form factor computer.
 Name server or DNS
 Print server, provides printer services
 Proxy server, acts as an intermediary for requests from clients seeking
resources from other servers
 Sound server, provides multimedia broadcasting, streaming.
 Stand-alone server, a server on a Windows network that neither
belongs to nor governs a Windows domain
 Web server, a server that HTTP clients connect to in order to send
commands and receive responses along with data contents
Almost the entire structure of the Internet is based upon a client–
server model. High-level root name servers, DNS, and routers direct the
traffic on the internet. There are millions of servers connected to the
Internet, running continuously throughout the world.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 38 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
World Wide Web

 Domain Name System

 E-mail
 FTP file transfer
 Chat and instant messaging
 Voice communication
 Streaming audio and video
 Online gaming
 Database servers

a small business might be tempted to save money by simply running a

server operating system on a desktop computer -- but this isn't a
replacement for  real server hardware.

 A small business might be tempted to save money by simply

running a server operating system on a desktop computer -- but
this isn't a replacement for  real server hardware. Continue reading
to gain a better understanding of the difference between a network
server and a desktop computer, and learn about the core
technologies behind them.
 While implementing a network is not a trivial or inexpensive
undertaking, the benefits you gain by adding a server to your small
business computing environment outweigh any shortcomings. A
small business might be tempted to save time and money by
simply running a server operating system on a desktop computer,
but this isn't a replacement for a real server.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 39 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Maximize MS Server 2003 Migrations with SanDisk Flash

Main Differences
 Many people mistakenly believe that a server is no different from a
typical desktop computer. This couldn't be further from the truth.
While almost any computer that meets the minimum hardware
requirements can run a server operating system that alone does
not make a desktop computer a true server. Even if the desktop
computer had similar processor speeds, memory and storage
capacity compared to a server, it still isn't a replacement for a real
server. The technologies behind them are engineered for different
purposes.
 A desktop computer system typically runs a user-friendly operating
system and desktop applications to facilitate desktop-oriented
tasks.  In contrast, a server manages all network resources.
Servers are often dedicated (meaning it performs no other task
besides server tasks). Because a server is engineered to manage,
store, send and process data 24-hours a day it has to be more
reliable than a desktop computer and offers a variety of features
and hardware not typically used in the average desktop computer.
Server Hardware
 One of the best choices for a small business is a dedicated
server built from the ground up as a file server to provide features
and expansion options that a desktop computer lacks. Some server
hardware decisions you will need to make include the following:
1. Form Factor: For small businesses, the best choice is a
dedicated entry-level server in a tower configuration.
2. Processor: Choose a server-specific processor to boost
performance and data throughput.
3. Memory: Buy as much memory as you can afford and look
for expansion slots for future upgrades.
4. Storage: Look for SATA or SCSI hard disks, not IDE.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 40 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Server Operating System
 The operating system (OS) is the software platform on top of which
other programs will run. Choosing a server operating system is no
easy task. The specific operating system you go with will depend on
what the server is going to be mainly used for. For basic file servers
a small business should choose an operating system that staff will
be the most comfortable with. Another issue to consider is if you
have any application that is best-suited to a particular operating
system.

Additional Server Considerations

 For the average home user looking for a basic, infrequently used
server a built from an old desktop computercould work.  For the
small business owner, however, the question to ask is: Do you
really want to trust your business data and processes to just any
old hardware? Most small businesses will be far happier with a
computer that is ready-made to be a dedicated server than with
one that began life as a standard desktop computer. If your
company's data is at all important to you, it is the only way to go.
 Choosing the Right Server: Before investing in server hardware,
you need to consider applications, storage, processor, form factor,
and more to help you choose wisely.

Components of a Server Computer

The hardware components that a typical server computer comprises are
similar to the components used in less expensive client computers.
However, server computers are usually built from higher-grade components
than client computers. The following paragraphs describe the typical
components of a server computer.

Motherboard
The motherboard is the computer's main electronic circuit board to which
all the other components of your computer are connected. More than any
other component, the motherboard is the computer. All other components
attach to the motherboard.
Date Prepared: Document No. CIT-CSS-0115
COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 41 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
The major components on the motherboard include the processor (or CPU),
supporting circuitry called the chipset, memory, expansion slots, a
standard IDE hard drive controller, and input/output (I/O) ports for devices
such as keyboards, mice, and printers. Some motherboards also include
additional built-in features such as a graphics adapter, SCSI disk
controller, or a network interface.

Processor
The processor, or CPU, is the brain of the computer. Although the processor
isn't the only component that affects overall system performance, it is the
one that most people think of first when deciding what type of server to
purchase. At the time of this writing, Intel had four processor models
designed for use in server computers:
 Itanium 2: 1.60GHz clock speed; 1–2 processor cores
 Xeon: 1.83–2.33GHz clock speed; 1–4 processor cores
 Pentium D: 2.66-3.6GHz clock speed; 2 processor cores
 Pentium 4: 2.4-3.6GHz clock speed; 1 processor core
Each motherboard is designed to support a particular type of processor.
CPUs come in two basic mounting styles: slot or socket. However, you can
choose from several types of slots and sockets, so you have to make sure
that the motherboard supports the specific slot or socket style used by the
CPU. Some server motherboards have two or more slots or sockets to hold
two or more CPUs.
The term clock speed refers to how fast the basic clock that drives the
processor's operation ticks. In theory, the faster the clock speed, the faster
the processor. However, clock speed alone is reliable only for comparing
processors within the same family. In fact, the Itanium processors are
faster than Xeon processors at the same clock speed. The same holds true
for Xeon processors compared with Pentium D processors. That's because
the newer processor models contain more advanced circuitry than the older
models, so they can accomplish more work with each tick of the clock.
The number of processor cores also has a dramatic effect on performance.
Each processor core acts as if it's a separate processor. Most server
computers use dual-core (two processor cores) or quad-core (four cores)
chips.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 42 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Memory
Don't scrimp on memory. People rarely complain about servers having too
much memory. Many different types of memory are available, so you have
to pick the right type of memory to match the memory supported by your
motherboard. The total memory capacity of the server depends on the
motherboard. Most new servers can support at least 12GB of memory, and
some can handle up to 32GB.

Hard drives
Most desktop computers use inexpensive hard drives called IDE drives
(sometimes also called ATA).These drives are adequate for individual
users, but because performance is more important for servers, another type
of drive known as SCSI is usually used instead. For the best
performance, use the SCSI drives along with a high-performance SCSI
controller card.
Recently, a new type of inexpensive drive called SATA has been
appearing in desktop computers. SATA drives are also being used more
and more in server computers as well due to their reliability and
performance.

Network connection
The network connection is one of the most important parts of any server.
Many servers have network adapters built into the motherboard. If your
server isn't equipped as such, you'll need to add a separate network
adapter card.

Video
Fancy graphics aren't that important for a server computer. You can equip
your servers with inexpensive generic video cards and monitors without
affecting network performance. (This is one of the few areas where it's
acceptable to cut costs on a server.)

Power supply
Because a server usually has more devices than a typical desktop
computer, it requires a larger power supply (300 watts is typical). If the
server houses a large number of hard drives, it may require an even larger
power supply.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 43 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Self-Check 3.2-1: TRUE OR FALSE

1. The advantage of running servers on a dedicated computer is

security.
2. Application server, a server dedicated to running certain
hardware applications.
3. Sound server, provides multimedia broadcasting, streaming.
4. Choose a server-specific processor to boost performance and
data throughput.
5. The motherboard is the computer's main electricity circuit
board to which all the other components of your computer
are connected.
6. CPU is the brain and heart of the computer.
7. The network connection is one of the most important parts of
any server.
8. If the server houses a large number of hard drives, it may
require an even larger power supply.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 44 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Answers to Self-Check 3.2-1

1. True
2. False--software
3. True
4. True
5. False---electronic
6. True
7. True
8. True

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 45 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
LEARNING OUTCOME # 3 Perform testing, Documentation and
Pre-deployment

CONTENTS:

Upon completion of this module, you will be able to:

1. Perform testing, documentation and pre-deployment
procedures must follow.

ASSESSMENT CRITERIA:

1. Pre-deployment procedures is undertaken based on

enterprise policies and procedures
2. Operation and security check are undertaken based on end-
user requirements
3. Reports are prepared/completed according to enterprise
policies and procedures.

CONDITIONS:

The student/trainee must be provided with the following:

ASSESSMENT METHODS:
 Practical Demonstration w/ oral questioning
 Interview
 Third Party
 Portfolio

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 46 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 Learning Experiences

Learning Outcome 3

Perform testing, documentation and pre-deployment procedures

Learning Activities Special Instructions

Read Information Sheet3.3-1: This Learning Outcome deals with the

“Perform testing, development of the Institutional
documentation and pre- Competency Evaluation Tool which
deployment procedures must trainers use in evaluating their trainees
follow.” after finishing a competency of the
qualification.
Answer Self-check3.3-1 for the
“Perform testing, Go through the learning activities
documentation and pre- outlined for you on the left column to
deployment procedures must gain the necessary information or
follow.” knowledge before doing the tasks to
practice on performing the requirements
of the evaluation tool.

The output of this LO is a complete

Institutional Competency Evaluation
Package for one Competency of
Computer Hardware Servicing NC II.
Your output shall serve as one of your
portfolio for your Institutional
Competency Evaluation for Perform
testing, documentation And pre-
deployment procedures.
Feel free to show your outputs to your
trainer as you accomplish them for
guidance and evaluation.

After doing all the activities for this

LO, you’re through with this module
and can already go to the next unit of
competency for MAINTAIN AND REPAIR
COMPUTER SYSTEMS AND
NETWORKS

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 47 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 Information Sheet 3.3-1

Perform testing, Documentation and

Follow Pre-Deployment Procedures

Learning Objectives:
After reading this information sheet, you must be able to:
Setting up management server.

Management server is made up of 4 main components:

1. Database server, which stores inventory information

2. Communication server, which handles HTTP communications
between database server and agents.
3. Administration console, which allows administrators to query the
database server using their favorite browser.
4. Deployment server, which stores all package deployment
configuration (requires HTTPS!)
These 4 components can be hosted on a single computer or on different
computers to allow load balancing. Above 10000 inventoried computers,
we recommend using at least 2 physical servers, one hosting database
server + Communication server and the other one hosting a database
replica + Administration server + Deployement server.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 48 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 OCS Inventory NG communication architecture.

Note: If you want to use multiple computers to host OCS inventory NG

management server, we recommend that you set it up on Linux servers.
OCS Inventory NG server for Windows comes as an integrated package
including all required components (apache, perl, php, mod_perl, mysql…).

Database server currently can only be MySQL 4.1 or higher with InnoDB

engine active.
Communication server needs Apache Web Server 1.3.X/2.X and is
written in PERL as an Apache module. Why? Because PERL scripts are
compiled when Apache starts, and not at each request. This is better
performance-wise. Communication server may require some additional
PERL modules, according to your distribution.
Deployment server needs any Web Server with SSL enabled.
Administration console is written in PHP 4.1 (or higher) and runs under
Apache Web Server 1.3.X/2.X. Administration console requires ZIP and GD
support enabled in PHP in order to use package deployment.
Under Linux Operating System.

We assume that you have:

 MySQL database server running somewhere and listening on default

port 3306 with TCP/IP communication enabled.
 Apache Web server installed and running for Communication server
and Administration server.
 PHP and Perl installed and usable by Apache Web server for the
Administration console.
 Perl and mod_perl installed and usable by Apache Web server for the
Communication server.
Requirements.

 Apache version 1.3.33 or higher / Apache version 2.0.46 or higher.

 Mod_perl version 1.29 or higher.
 Mod_php version 4.3.2 or higher.
 PHP 4.3.2 or higher, with ZIP and GD support enabled.
 PERL 5.6 or higher.
 Perl module XML::Simple version 2.12 or higher.
 Perl module Compress::Zlib version 1.33 or higher.
 Perl module DBI version 1.40 or higher.
Date Prepared: Document No. CIT-CSS-0115
COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 49 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
  Perl module DBD::Mysql version 2.9004 or higher.
 Perl module Apache::DBI version 0.93 or higher.
 Perl module Net::IP version 1.21 or higher.
 Perl module SOAP::Lite version 0.66 or higher (optional)
 MySQL version 4.1.0 or higher with InnoDB engine active.
 Make utility such as GNU make.

Note: OCS Inventory NG Server Setup will check for all these components
and will exit if any are missing.

Installing Communication server required PERL modules.

The Web communication server requires Apache web server and Perl 5
scripting language and some additional modules for Perl 5 (see
Requirements). It acts as an Apache module which handles HTTP OCS
Inventory agents' requests to a virtual directory /ocsinventory.
Warning: You must have root privileges to set required perl modules up.

It is better for system integrity to use your distribution's precompiled

packages when they are available. Some of these packages are only
avalaible in EPEL.

On Fedora/Redhat like Linux, you can use “yum” to set required

modules up:

yum install perl-XML-Simple

yum install perl-Compress-Zlib
yum install perl-DBI
yum install perl-DBD-MySQL
yum install perl-Apache-DBI
yum install perl-Net-IP
yum install perl-SOAP-Lite

On Debian like Linux, you can use “apt-get” to set required modules up:

apt-get install libxml-simple-perl

apt-get install libcompress-zlib-perl

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 50 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
apt-get install libdbi-perl
apt-get install libdbd-mysql-perl
apt-get install libapache-dbi-perl
apt-get install libnet-ip-perl
apt-get install libsoap-lite-perl
cpan -i XML::Entities

On Gentoo like Linux, you can use "emerge" to get required modules set
up:

emerge dev-perl/XML-Simple
emerge perl-core/IO-Compress
emerge dev-perl/Apache-DBI
emerge dev-perl/Net-IP
emerge dev-perl/SOAP-Lite
emerge app-portage/g-cpan
g-cpan -i XML::Entities

If a precompiled package is not available for your distribution, you can

download the package source from http://search.cpan.org and build it on
your system (make and C compiler must be available). For example:

tar –xvzf package_name.tar.gz

cd package_name
perl Makefile.PL
make
make test
make install

You can also install the missing modules using the cpan script. i.e.

cpan -i Compress::Zlib

Note: If you are not using system perl interpreter, but another one such as
the XAMPP/LAMPP perl interpreter, you must call this perl interpreter, not
the system one, by specifying full path to your perl interpreter. For
example:

/opt/lampp/bin/perl Makefile.PL

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 51 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Installing Administration console required PHP modules

The Web Administration console requires Apache web server and PHP 4
scripting language and some additional modules for PHP
(seeRequirements).
Warning: You must have root privileges to install Administration console.

ou need to install ZIP support for PHP.

On Fedora/Redhat like Linux, you can use “yum” to install PHP Zip
support:

yum install php-pecl-zip

For RedHatEL, you can download the RPM here.

For later Fedora installations 7.x+

yum install php-common

On Debian like Linux, you can use “apt-get” to set it up:

apt-get install libphp-pclzip

Otherwise, the best way to do this is to use PHP PECL ZIP package. You
must have PHP development libraries (php-devel package under RedHat or
Fedora Core, under Linux Debian or Ubuntu) in order to
have phpize command.

Then, if you have pear installed, just type

pear install zip

If you don’t have pear installed, or no connection to Internet, download

package “zip-1.3.1.tgz” from http://pecl.php.net/package/zip. In
Debian/Ubuntu like systems, be sure to have installed libpcre3 and
libpcre3-dev packages before install PECL_ZIP.
Install it (php devel package is required):

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 52 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
tar –xvzf zip-1.3.1.tgz
cd zip-1.3.1
phpize
./configure
make
make install

You also need to install GD support for PHP.

On Fedora/Redhat like Linux, you can use “yum” to set it up:

yum install php-gd

On Debian like Linux, you can use “apt-get” to set it up:

apt-get install php5-gd

Installing management server.

You must have root privileges to set management server up.

Note: Ensure MySQL InnoDB engine is activated on your database server.
Open my.cnf and ensure there is no line “skip-innodb” or this line is
commented (begins with ‘#’).

Download latest version of server tarball “OCSNG_UNIX_SERVER-

2.1.x.tar.gz” from OCS Inventory Web Site.
Unpack it.

tar –xvzf OCSNG_UNIX_SERVER-2.1.x.tar.gz

cd OCSNG_UNIX_SERVER-2.1.x

Run “setup.sh” installer. During the installer, default choice is presented

between []. For example, [y]/n means that “y” (yes) is the default choice,
and “n” (no) is the other choice.

sh setup.sh

Note: Installer writes a log file “ocs_server_setup.log” in the same

directory. If you encounter any error, please refer to this log for detailed
error messag

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 53 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Warning: If you’re upgrading from OCS Inventory NG 1.01 and previous,
you must first remove any Apache configuration file for Communication
server.

Type “y” or “enter” to validate and, then enter MySQL server host address,
in most cases localhost.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 54 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Then, setup checks for MySQL client binary files version 4.1 or higher. If
not present, you will be prompted to continue or abort setup.
If all is OK, enter MySQL server port, generally 3306.

Enter or validate path to Apache daemon binary, generally

“/usr/sbin/httpd”. It will be used to find Apache configuration files.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 55 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Note: If you’re not using system Apache daemon, but another one like
XAMPP/LAMPP Apache server, you must enter full path to your Apache
daemon, not the system one.

Enter or validate Apache main configuration file path, generally

“/etc/apache/conf/apache.conf” or “/etc/httpd/conf/httpd.conf”.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 56 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Enter or validate Apache daemon running user account, generally “apache”
or “www” (under Debian/Ubuntu is “www-data”).

Enter or validate Apache daemon user group, generally “apache” or

“www” (under Debian/Ubuntu is “www-data”).

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 57 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Next, setup checks for PERL interpreter binaries. Enter or validate path to
PERL interpreter.
Note: If you’re not using system perl interpreter, but another one like
XAMPP/LAMPP perl interpreter, you must specify full path to this perl
interpreter, not the default system one. (/opt/lampp/bin/perl generally
used in XAMPP/LAMPP).

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 58 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Common information for setting up Communication server or
Administration console is now collected. Setup prompts you if you wish to
set Communication server up on this computer. Enter “y” or validate to set
Communication server up, “n” to skip Communication server installation.

Setup will then try to find make utility. If it fails, setup will stop.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 59 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Enter or validate path to Apache include configuration directory. This is the
directory where is stored Apache configuration for specific modules.
Generally, this directory is

/etc/httpd/conf.d

or

/etc/apache/conf.d

If you are not using configuration directory, but having all configurations
into Apache main configuration file, enter no.

Setup will next try to determine your Apache mod_perl version. If it is not
able to determine mod_perl version, it will ask you to enter it.
Note: You can check which version of mod_perl you are using by querying
your server's software database.

 Under RPM enabled Linux distribution (RedHat/Fedora, Mandriva…),

run rpm –q mod_perl.
 Under DPKG enabled Linux distribution (Debian, Ubuntu…), run dpkg
–l libapache*-mod-perl*.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 60 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Next, it will prompt you to enter log directory where Communication server
will store debugging/tuning logs. Validate or enter directory path. If it does
not exist, this directory will be created.

Next, setup will check for required PERL modules (cf Requirements.):

 XML::Simple version 2.12 or higher

 Compress::Zlib version 1.33 or higher
 DBI version 1.40 or higher
 DBD::mysql version 2.9004 or higher
 Apache::DBI version 0.93 or higher
 Net::IP version 1.21 or higher
 SOAP::Lite version 0.66 or higher
Warning: If any of these modules is missing, setup will abort.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 61 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
If all is OK, setup will install Communication server:

 Configure Communication server PERL module.

 Build Communication server PERL module.
 Install Communication server PERL module into PERL standard library
directories.
 Create Communication server log directory (/var/log/ocsinventory-NG
by default).
 Configure daily log rotation for Communication server (file
/etc/logrotate.d/ocsinventory-NG by default)
 Create Apache configuration file (ocsinventory.conf). If you are using
Apache configuration directory, this file will be copied under this
directory. Otherwise, you will be prompted to add content of this file to
the end of Apache main configuration file.
Warning: Do not add content to apache main configuration file if it is not a
fresh install! You must manually copy content of
theocsinventory.conf.local file created by setup into apache main
configuration file, replacing existing configuration.

Communication server installation is now finished. You will be prompted to

set Administration console up. Enter “y” or validate to set Administration
console up, enter “n” to skip Administration console installation.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 62 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Setup will ask you to enter Apache root document directory, usually
“/var/www/html” or “/var/www-data”.

Next, setup will check for required PERL modules (cf Requirements.):

 XML::Simple version 2.12 or higher

 DBI version 1.40 or higher
Date Prepared: Document No. CIT-CSS-0115
COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 63 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 DBD::Mysql version 2.9004 or higher
 Net::IP version 1.21 or higher
Warning: If any of these modules is missing, setup will abort.

If everything is OK, setup will install Administration console into the

“ocsreports” subdirectory:

 Create /ocsreports directory structure.

 Create /download directory structure.
 Copy files into /ocsreports directory.
 Fix directories and files permissions to allow Apache daemon reading
and writing to required directories (write access is required in
/ocsreports, /ocsreports/ipd and /download, cf § 11.4 Files and
directories permissions under Linux.).
 Configure PERL script ipdiscover-util.pl to access database and install
it.

Now, you can restart Apache web server for changes to take effect (httpd is
usually for apache2).

/etc/init.d/httpd restart

or

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 64 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
/etc/init.d/apache restart

Configuring management server.

Warning: We recommend you to check your php.ini when you upgrade

your server from 1.x to 2.x, specially these variables :

 max_execution_time
 max_input_time
 memory_limit

Note: You are not obliged to launch install.php, you can use this command
too :

mysql -f -hlocalhost -uroot -p DBNAME < ocsbase.sql >log.log

Else, open your favorite web browser and point it on

URL http://administration_console/ocsreports to connect the
Administration server.
As database is not yet created, this will begin OCS Inventory setup
process. Otherwise, you can rerun configuration process by
Date Prepared: Document No. CIT-CSS-0115
COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 65 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
browsinghttp://administration_console/ocsreports/install.php URL (this
must be used when upgrading OCS Inventory management server).

Note: You will see warning regarding max size of package you will be able
to deploy. Please, see Uploads size for package deployment.) to configure
your server to match your need.

Note: If your default collation is UTF8, you will see some errors regarding
KEY too long in some tables, see here for some
workarounds:http://forums.ocsinventory-ng.org/viewtopic.php?
pid=32009#p32009

Fill in information to connect to MySQL database server with a user who

has the ability to create database, tables, indexes, etc (usually root):

 MySQL user name

 MySQL user password
 MySQL hostname
Setup actions :

 Create ocsweb database, and will add MySQL user ocs with

password ocs.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 66 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 Grant to user ocs privileges Select | Insert | Update | Delete | Create
| Drop | References | Index | Alter | Create temp | Lock on
databaseocsweb.
Note: This user will be used by Administration server and Communication
server to connect to the database. If you do not wish to use default MySQL
user ocs with ocs password, you must update in the
file dbconfig.inc.php PHP constants COMPTE_BASE, which is MySQL
user login, and/or PSWD_BASE, which MySQL user password.

Don’t forget to also update Communication server configuration, especially

in apache configuration file. Refer to Secure your OCS Inventory NG
Server for all information about modifications of configuration files.

To secure you server, refer to Secure your OCS Inventory NG

Server documentation.
If you don't want to secure your OCS Inventory Server, you have to
desactivate Warning message in user profile. Procedure is in the same
documentation page.

Warning: We recommend you to read this documentation and follow the

procedure

Finally, you may fill in a text describing the TAG, a string displayed at first
launch of the agent to ask user to enter the TAG Value. It's a generic data
which allows you to sort the new computers (geographical site, first floor,
john room....). If you don't want this functionality, just let it blank.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 67 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Configuration of Management server is now finished.

Just point your browser to the

URL http://administration_server/ocsreports and login in
with admin as user and admin as password.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 68 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Upgrading management server.

When new versions of web communication server or web administration

console are released, you must upgrade your installation.
Note: Ensure MySQL InnoDB engine is activated on your database server.
Open my.cnf and ensure there is no line with skip-innodb or this line is
commented out(begins with ‘#’).

Warning: Backup your database before upgrading! If you encounter any

errors while upgrading, restore your database, then upgrade MySQL
server to version 4.1.20 or higher. Then, rerun upgrade procedure.

Warning: Notice that many package removers are asking if you want to
also remove database - you should not do this, because you want to
upgrade, and not install from scratch.

Warning: Make sure you set max_execution_time limit in php.ini to zero

(unlimited). Database upgrade can take a long time.

Warning: We recommend you to migrate your OCS database to

UTF8. Refer to Migrate your OCS database to UTF8 HowTo. You
have to do this migration ONLY AFTER update.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 69 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
To upgrade web communication server and administration console, you
must follow instructions as described in Installing management server. You
don’t need to update Perl modules if not required in the release notes.
Then, just point your favorite browser to URL
“http://administration_server/ocsreports” and it will run the upgrade
process to ensure that your database schema and default data are up to
date. Upgrade process looks like configuration of management server as
described in Configuring management server.
Note: You will see warning regarding max size of package you will be able
to deploy. Please, see Uploads size for package deployment.) to configure
your server to match your needs.

Fill in MySQL administrator name (usually root) and password, and

MySQL database server address and click
on [ Send ] button.Template:Notice

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 70 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Finally, you may fill in a text describing the TAG if you wish to use it.

Note: Notice that installers says about how to log in to server after
upgrade. Actually use your user/pass that you used before upgrade,
especially if you removed/disabled user admin :)

Under Windows Operating System.

We have chosen to package OCS inventory NG server for Windows as an

integrated package containing all required components. As is, the 3 main

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 71 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
components of Management server (database server, web communication
server and web administration server) are installed on the same computer.
OCS Inventory NG server 1.0 for Windows is based on ApacheFriends
XAMPP version 1.7.7 (ApacheFriends) which sets the following components
up on a single computer:

 Apache 2.2.17
 MySQL 5.5.8 + PBXT engine(currently disabled)
 PHP 5.3.5 + PEAR
 XAMPP Control Panel 2.5.8
 SQLite 2.8.17
 SQLite 3.6.20
 OpenSSL 0.9.8l
 phpMyAdmin 3.3.9
 ADOdb 5.11
 Mercury Mail Transport System v4.72
 FileZilla FTP Serveur 0.9.37
 Webalizer 2.21-02
 Perl 5.10.1
 mod_perl 2.0.4
 Xdebug 2.1.0rc1
 Tomcat 7.0.3 (with mod_proxy_ajp as connector)
Note: Even if all these components are installed, you will be able to choose
the components you want to automatically start.

Installing management server.

Warning: You must have Administrator privileges to set OCS Inventory NG

server up under Windows NT4, Windows 2000, Windows XP or Windows
Server 2003.

Download [OCSNG-Windows-Server-2.0.zip] from OCS Inventory Web

Site, unpack it and launch OCSNG-Windows-Server-2.0.exe.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 72 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
If XAMPP components (server and perl addon) are not already installed,
Setup will prompt you that you have to set them up. Otherwise, Setup will
automatically install OCS Inventory Server into XAMPP directories.

Click [ Next ] button to start installation wizard.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 73 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Click [ Next ] button and accept License agreement.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 74 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Choose installation directory, by default C:\Program Files\OCS
Inventory NG. You need 400 MB of free hard disk space if XAMPP
components are not installed, otherwise, only 10MB are required.
Note: When upgrading, you must ensure that Setup detects the folder
including XAMPP directory. See Upgrading management server.

Then, you have to validate components to install. Only OCS Inventory NG

Server is required, if XAMPP components are already installed.
Note: OCS Inventory NG Server Setup now use standard XAMPP setup. So,
it may be able to upgrade existing XAMPP installation. However, by
default, Setup will _not_ upgrade XAMPP components. See Upgrading
management server

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 75 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Next, you have to choose the program group name in start menu, where
OCS Inventory NG icons will be created and then click on [ Install ]button
to start installation.
If XAMPP setup selected, Setup will first launch XAMPP 1.7.7 setup in
silent mode. This will create a folder xampp under destination folder, and
a program group Apache Friends in start menu.
You will be prompted to start XAMPP Control Panel. Please, answer No.
Then, it will launch XAMPP perl addon setup in silent mode.
Last, Setup will install OCS Inventory NG Server files, configure XAMPP
Apache and MySQL servers for OCS Inventory NG Server, and
automatically start MySQL and Apache servers.
At the end of the process, Setup will launch your default browser to start
OCS Inventory NG Server configuration (see Configuring management
server).

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 76 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Setup is now finished and you can click [ Finished ] button.

Note: OCS Inventory NG setup for Windows has installed XMAPP

components under xampp subfolder of selected installation directory.
Apache web server document root directory is located in the htdocs sub
directory of XAMPP. This is here that ocsreports administration console
files are installed.

Communication server files are now located into PERL standard libraries.
Apache logs (access.log, error.log, phperror.log) and communication server
logs (ocsinventory-NG.log) are located in the sub-directoryApache\Logs”.

1. Identify and understand your deployment audience. There are

at least three distinct groups that you need to consider: your end
users, the operations staff responsible for running the software
once it is in production, and the support staff who is responsible
for aiding your users with the software once it is in production. You
need to identify the level of control that each group has over your
actual deployment. Can one group stop your deployment if you don't

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 77 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 meet their specific requirements? For example, it is quite common to
discover that operations departments have defined criteria for the
release of new software, criteria that your deployment approach
must meet. I once worked for an organization where the users were
unionized and any software that was deployed to them had to be
first accepted by their union representatives, otherwise you couldn't
ship. Early in your project you need to identify the deployment hoops
that you need to jump through to be successful.
2. Identify your deployment strategy early. Will you run the new
system in parallel with the existing system or will you perform a
cutover? Running the system in parallel offers the advantage that
you can easily back out to the original system if the new one runs
into problems. However, parallel operations requires significant effort
on the part of everyone involved: Your users need to do double entry,
operations staff need to run both systems, support staff need to
support both systems, and development staff may need to create
integration code that temporarily works behind the scenes to
synchronize data. For many systems, particularly ones supporting
online customers via the Internet, a cutover is your only option – few
customers would be willing to place their book order with both
Amazon version N and with Amazon version N+1. With a straight
cutover you will need to plan for a downtime period in which the
cutover occurs, anywhere from a few seconds to a few hours, or
even a few days depending on the nature of the system being
deployed.
3. Installation testing. Just like you test your application, you should
also test your installation scripts. A good way to do this is to develop
your installation scripts as you develop your system, and use them
to promote your software between your team integration sandbox
into your pre-production testing environments as shown inFigure 1.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 78 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Figure 1. Development sandboxes.

4. Release regularly. Agile software developers typically deliver

development releases at the end of each iteration into pre-
production staging area(s) (see Figure 1). A development release of
an application is something that could potentially be released into
production if it were to be put through your pre-production quality
assurance (QA), testing, and deployment processes. Granted, this
won’t be true earliest development releases because you won’t have
delivered sufficient functionality to make deployment worth your
while. Furthermore at the beginning of a project you often stub out
interfaces to shared services – such as security, persistence, or even
reusable legacy functionality – so technically you still have some
clean up to do before you’re ready to release to production. This is
why inFigure 2 you see that the first production release often takes

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 79 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 longer to deliver than subsequent releases; in the first release of a
system you likely need to get a lot of the “plumbing” in place and
your team likely hasn’t “gelled” yet enabling them to become efficient
at collaboration. The first production release may take you twelve
months to deliver, the second release nine months, and then other
releases are delivered every six months. An early focus on
deployment issues not only enables you to avoid problems it also
allows you to take advantage of your experiences during
development. For example, when you are deploying software into
your staging area you should take notes of what works and what
doesn’t, notes that can serve as the backbone of your installation
scripts.

Figure 2. Regular software releases.

5. Start planning early. Deployment can be quite complex, especially

when your user base is physically dispersed or there is a wide
range of system configurations, you often find that you need to start
planning early in your project lifecycle to be successful. There is
nothing worse than rushing to finish software on time only to have it
put on the shelf to await installation due to lack of deployment
planning.
6. Recognize that deployment is harder than it looks. Figure
3 depicts the workflow of the Agile Unified Process
(AUP)'s Deployment discipline. Regardless of whether your
organization has adopted the AUP or not, the fact is that as you can
see there are several activities which you need to consider when
deploying a system into production.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 80 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Figure 3. The AUP Deployment discipline workflow.

7. Take an agile approach to planning. Keep your plans high-level at

first, focusing on the major dependencies. The people doing the work
should plan the details, and you don't need to worry about the
details until you're about to do the work.
8. Reduce your pre-production testing efforts safely over time.
It’s of little value to deliver working software on a weekly basis if
there is a three-month pre-production testing process which it must
go through each time. With agility you’ll find that you can reduce the
amount of time invested in your pre-production testing efforts, and
Date Prepared: Document No. CIT-CSS-0115
COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 81 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 thereby speed up deployment. Why is this? Agilists produce high
quality artifacts and have the regression test suite to prove that their
system actually works. This higher level of quality implies that you’ll
be able to do less testing during system deployment. Once you get
really good you may find that you can in fact deploy working
software into production on a weekly basis – I’ve seen this at a very
large financial institution and a dot-com so it is possible, regardless
of what the traditionalists may tell you.
9. Well-tested software is easier to deploy. Object-oriented
testing is a complex and difficult endeavor, but one that you must
undertake. I have several fundamental philosophies regarding
testing. First, test early and test often. Two, if you can build it you
can test it. Three, if it isn't worth testing it likely isn't worth building.
10. Your plan must reflect your organizational culture. You
need to understand whom you are deploying software to, their
current work practices and policies, the amount of change they are
willing to tolerate, and how your software will affect them once
deployed. I've found that the larger the organization the more
difficult it is to deploy new software due to cultural inertia. Most
people have a tendency to sit back and wait to see who else is using
a product, which is often contrary to the nature of most software
developers who will jump at the chance to work with new software.
11. Update your deployment plan regularly. This helps to set
realistic expectations by both your project team and your deployment
audience.
12. Work backwards when deployment planning. Envision
the system in production – users are working with it, operations
professionals are keeping it going, support staff are helping users to
work with the system, and developers are potentially evolving the
system to address defects and to implement new requirements – and
ask what needs to occur to get me to that point. Then compare that
vision with where the current environment is today, something called
deployment gap analysis, to determine what needs to occur to
successfully install your system. My experience is that forward
planning generally isn’t sufficient when it comes to system
deployment because your requirements often do not reflect issues
pertinent to the production phase of your system, the need to operate
and support your software is often assumed and therefore not
explicitly reflected in your requirements.
13. Have go/no-go decision points during the installation
process. A good deployment plan includes go/no-go decisions points
during the installation process. If at defined times during the
installation you have not reached a certain point in the overall
installation process you will rollback your efforts and try to install
again at a future date. This is a critical concept for projects that have
Date Prepared: Document No. CIT-CSS-0115
COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 82 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 very stringent deployment requirements, typically software that is
replacing existing mission-critical systems that currently run your
business.
14. Develop "de-installation" scripts. The ability to back out
becomes critical with this approach, requiring investment of
additional resources to develop and test de-installation scripts. In
fact, many deployment efforts fail miserably because the
development team didn’t bother to consider how to back out their
new system, and then discovered that they had to do so because of
an unforeseen problem during installation. Never assume that your
deployment efforts will go smoothly.
15. Remember the data. Data conversion is often a key task for
the deployment of a new software system, a complex effort that
should be started early in your project.Analysis of your legacy
data needs to be performed: the legacy data sources need to be
identified, the legacy schemas should be modeled, and official
sources of each attribute need to be chosen for data stored in several
places. You need to understand your existing legacy data so that
you can convert it to your new schema
16. Negotiate with legacy system owners early. During
development you will discover dependencies between your system
and other systems, dependencies that should appear on your
deployment model. These dependencies affect your deployment plan
because they imply the order in which updates to the various
systems (if any) must be installed. You will need to negotiate
deployment efforts with the other project teams that own the
systems you have dependencies on, effectively a cross-project effort.
If the interface to your system changes, or if you require new ways
to access their systems, then they may also need to release all or
part of their systems before yours.
17. Announce the deployment. You should announce the
anticipated deployment schedule, including both the expected
training and installation dates. Your announcement could be an
email to your customers, a press release, or even advertisements on
television, in magazines, or on the Internet. Release announcements
are important because people want to know how the new system
will affect them, if at all, and when it will affect them. Respect the
fact that your deployment efforts are disrupting the lives of your
stakeholders.
18. Hold regular release meetings. The closer you get to
deployment, the greater the need to hold regular release meetings
with key players involved in the actual deployment. This includes
quality assurance staff to advise everyone of the testing status of
your software, developers to advise you of the current rework status,
operations staff to inform you of current production issues of the
Date Prepared: Document No. CIT-CSS-0115
COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 83 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 existing environment, and support and user management to inform
you of their training statuses.
19. Understand the associated risks of deploying systems.
Because software projects have a tendency to be delivered late and
over budget, there is often spectacular pressure exerted by senior
management on the project manager to forgo training. Without
training, your users won't be able to effectively use your software,
your operations staff won't understand how to operate your
software, and your support staff will have difficulty properly
supporting your system. Documentation is typically at risk on most
projects, once again due to being late and over budget as well as a
general lack of knowledge among developers as to how to write
effective documentation. Poor documentation results in significantly
higher maintenance and support costs for your system. The greatest
risk is often data conversion, a very complex and critical task that is
often ignored until it is too late.
20. Don't underestimate the opportunities for reuse. Other
projects may have already developed deployment models that
reflect your target platform, models that you can evolve as needed
for your own use (ideally your enterprise architects should be able
to provide these models). Furthermore, templates for deployment
plans, installation procedures, and templates for operations, user,
and support documentation can also be reused from other projects.
Remember, you can reuse more than just code.
21. You may need to upgrade your user's existing
environments. These upgrades could include changes to existing
hardware, operating systems, databases, or middleware. If you
don’t know the current status of your technical environment you will
also need to plan for activities to perform the required legacy
analysis. If you are upgrading your database, you may be
upgrading the database software itself or the schema of your
database, you will need to include data conversion activities in your
deployment plan. Physical considerations should also be considered
when performing environment upgrades. Is sufficient power
available? Are working areas such as desks and cubicles in place?
Does sufficient room exist in the building(s) that you are deploying
to? Do sufficient network drops exist for new workstations?
22. Training is an important part of deployment. Remember
that your stakeholders may need training beyond that of learning
how to work with your application. For example, this may be the first
time that some users are working with a PC, a browser, or even a
mouse. Similarly, this may be the first time that your operations staff
is working with a new technology that your system users, such as
an EJB application server, and therefore will need to be trained and

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 84 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
 educated in that technology to qualify them to work with your
system.
23. Develop supporting documentation. Another important
effort is the development of operations, support, and user
documentation, the potential artifacts of which are summarized
in Table 1. Depending on your corporate documentation standards
you will likely find that you need to include one or more technical
writers on your team to develop this documentation (hopefully in
an agile manner).

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 85 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Self-Check 3.3-1: TRUE OR FALSE

1. Identify and understand your deployment audience to be

able to meet their specific requirements.
2. Start planning early especially when your user base is
physically dispersed or there is a wide range of system
configurations to be successful.
3. Reduce your pre-production testing efforts safely over time.
4. Well-tested software is easier to deploy.
5. Update your deployment plan regularly.

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 86 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01
Answers to Self-Check 3.3-1
1. TRUE
2. TRUE
3. TRUE
4. TRUE
5. TRUE

Date Prepared: Document No. CIT-CSS-0115

COMPUTER March 2015 Issued by:
SYSTEM
SERVICING NCII
Prepared by: CORE Page 87 of 88
Institute of
Set-up Computer Technology
Reynaldo C.
Servers Revision #
Cariño
01