What is an Intranet?

An Intranet is a computer network that is designed to work like the internet but in a much smaller scale and is restricted only to the employees of the company. It is possible to run HTTP (web services), SMTP (e-mail), and FTP (file transfer) in the Intranet that is independent and inaccessible from the Internet without proper authorization. This allows the employees to send progress reports to their manager even when they cannot meet in person. Workers could also work collaboratively on a certain project while keeping their paperwork properly synchronized. It is often necessary to have access to the Internet from within your Intranet, which is why Intranets are placed behind a firewall. Some companies even deploy two firewalls and place some services inside the DMZ in order to raise their security further.

Benefits of Intranet               

  • Workforce productivity: Intranets can also help users to locate and view information faster and use applications relevant to their roles and responsibilities.
  • Time: with intranets, organizations can make more information available to employees on a “pull” basis (i.e., employees can link to relevant information at a time which suits them) rather than being deluged indiscriminately by emails.
  • Communication: Intranets can serve as powerful tools for communication within an organization, vertically and horizontally. From a communications standpoint, intranets are useful to communicate strategic initiatives that have a global reach throughout the organization
  • Business operations and management: Intranets are also being used as a platform for developing and deploying applications to support business operations and decisions across the internetworked enterprise.
  • Cost-effective: users can view information and data via web-browser rather than maintaining physical documents such as procedure manuals, internal phone list and requisition forms. This can potentially save the business money on printing, duplicating documents, and the environment as well as document maintenance overhead.
  • Promote common corporate culture: every user is viewing the same information within the Intranet.
  • Enhance Collaboration: with information easily accessible by all authorized users, teamwork is enabled.
  • Cross-platform Capability: standards-compliant web browsers are available for Windows, Mac, and UNIX.
  • Built for One Audience: many companies dictate computer specifications. Which, in turn, may allow Intranet developers to write applications that only have to work on one browser (no cross-browser compatibility issues)?
  • Knowledge of your Audience: being able to specifically address your “viewer” is a great advantage. Since Intranets are user specific (requiring database/network authentication prior to access), you know exactly who you are interfacing with. So, you can personalize your Intranet based on role (job title, department) or individual (“Congratulations Jane, on your 3rd year with our company!”).
  • Immediate Updates: When dealing with the public in any capacity, laws/specifications/parameters can change. With an Intranet and providing your audience with “live” changes, they are never out of date, which can limit a company’s liability.
  • Supports a distributed computing architecture: The intranet can also be linked to a company’s management information system, for example a time keeping system.

Install Services for Building an Intranet

Install DNS (Domain Name System)

domain-name-system

  1. Click Start, point to Control Panel, and then click Add or Remove Programs. 2. Click Add or Remove Windows Components.
  2. In the Components list, click Networking Services (but do not select or clear the check box), and then click Details
  3. Click to select the Domain Name System (DNS) check box, and then click OK.
  4. Click Next.
  5. When you are prompted, insert the Windows Server 2003 CD-ROM into the computer’s CD-ROM or DVD-ROM drive.
  6. On the Completing the Windows Components Wizard page, click Finish when Setup is complete.
  7. Click Close to close the Add or Remove Programs window.

Install Internet Information Services

install-internet-information-services

  1. Click Start, point to Control Panel, and then click Add or Remove Programs.
  2. Click Add/Remove Windows Components.
  3. In the Windows Components list, click Application Server, but do not select the check box.
  4. Click Details, and then click to select the Internet Information Services (IIS) check box.
  5. Click Details to view the list of IIS optional components.
  6. Select the optional components that you want to install. By default, the following components are selected:
  • Common Files
  • Internet Information Services Manager
  • File Transfer Protocol (FTP) Service                                                     
  • World Wide Web Service
  1. Click World Wide Web Service (but do not clear the check box), and then click Details to view the list of IIS optional subcomponents, such as the Remote Administration (HTML) Tool. Select the optional subcomponents that you want to install. By default, the following component is selected “World Wide Web Service”    
  2. Click OK, click OK, click OK, and then click Next to install the selected components.
  3. Click Finish to complete the Windows Components Wizard, and then close the Add or Remove Programs dialog box.

Install Mail Server

install-mail-server

  1. Click Start, point to Control Panel, and then click Add or Remove Programs.
  2. Click Add/Remove Windows Components.
  3. In the Windows Components list, click E-mail Service, but do not select or clear the check box, and then click Details
  4. Click to select the POP3 Service, check box, and then click OK.
  5. Click Next to install the selected components.
  6. Click Finish to complete the Windows Components Wizard, and then close the Add or Remove Programs dialog box.

Configure the DNS Server

After installing DNS server, we have to create connection within DNS service such as Forward Lookup Zone and Reverse Lookup Zone. Forward Lookup Zone functions to transform from Domain Name to Domain IP; Reverse Lookup Zone transforms from Domain IP to Domain Name instead.

configure-the-dns-server

Forward Lookup Zones

  1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
  2. Right-click Forward Lookup Zones, and then click New Zone
  3. When the New Zone Wizard starts, click Next.
  4. Click Primary, and then click Next.
  5. 5. Type “com.kh” at Zone Name (Optional); then click Next and Next
  6. Select “Do not allow dynamic updates” and click Next
  7. Click Finish

Reverse Lookup Zone

  1. Right-click Reverse lookup zones, and then click New Zone
  2. Type Network ID (Optional) “192.168.0”; click Next and Next
  3. Select “Do not allow dynamic updates” and click Next and click Finish

Note: Create Domain Name with WWW (World Wide Web)

Click Start, point to Programs, point to Administrative Tools, and then click DNS.

Right click on Domain Name. Then click New Host

Type “www” at Name (Optional) and Type” 192.168.0.1” at IP Address of Server Machine

Select “Create associated pointer (PTR) record and select “Allow any authenticated user to update DNS records with the same owner name.”  Click Add Host and Done.

Install Active Directory

  1. Click Start, point to Run; then type “dcpromo”
  2. Click Next, Next, Next, Next
  3. Domain Name of DNS and Active Directory must be the same to be synchronized. Type “khmerserver.com.kh”; then click Next
  4. Click Next, Next, Next
  5. Select “I will correct the problem later by configuring DNS manually.”
  6. Select “Permission compatible only Widows 2000 or Window server 2003 operating systems”
  7. Click Next, Next
  8. Click Finish

Note: Update DNS to be synchronized with Active Directory

Click Start, point to Programs, point to Administrative Tools, and then click DNS.

Right click on Domain Name and Domain IP, point to Property

Click Change and then select or check “Store the Zone in the Active Directory (available only if DNS server is a domain controller.)”

At Dynamic Updates, select “Secure only

Click Apply and OK.

Web Hosting (Web Site)

Internet Information Service (IIS) or Web Server is one service that can use either Intranet or Internet with development tools such as Microsoft Front Page, especially applying Web Site or Web Hosting for sale, and it has Windows NT and has to change in order until windows server 2003 with series 6.0. What are the main points of IIS 6.0?

  1. IIS Lockdown Wizard: is used for class or open some function of Web Server like .asp, .html, .gif, .bmp and Active Server Page and Front Page Server with each other.
  1. FTP User Isolation: Protect Hacker that uses Protocol ICP/IP on process system no destroys on FTP Server.
  1. It can process as users have low-privileged account to decrease detection of Hacker. Moreover, it adds more security system like:
  • Active control: to check the right of user can use Web Site or not.
  • Authentication: provides us clear using by using name and password.

– Encryption: provides us high security for selling and buying on Web Site through Internet, especially for bank and business that use credit card because it provided us Encryption on Protocol Secure Sock Layer (SSL3.0)

  • Auditing Services: is used for check all the action of users on Web Site.

Note: There are 4 kinds of IIS services:

File Transfer Protocol (FTP) Server: is one service used for download and upload data fast. It has 21 of ports.

Hyper Text Transfer Protocol (HTTP) Server: is one service used Protocol HTTP to translate code of HTML, Java, Asp and PHP. It has 80 of ports.

Simple Mail Transfer Protocol (SMTP): is one service used to send E-mail to Internet.

Network News Transfer Protocol (NNTP): is one service used to read new information that get from ISO.

Configure Web Site

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
  1. 2. Right click on “Websites” and click on “New” and “New Website”.  This will launch the “Web Site Creation Wizard.” Then click “Next”
  1. Provide a description of your web site. For example, “Khmer Story” Click “Next”
  1. In the “IP Address and Port Settings” section, click the drop-down menu under “Enter the IP address to use for this Web site” and select the IP address you want to use for your web site. (Note: Do not use the VLAN IP address for your web site). You do not have to modify the port number. The default TCP port for HTTP is 80. In this example, “Host Header for this site: (Default: None)” will be left blank. Host Headers are used to allow multiple web sites to be used on one IP address. Click “Next.”
  1. Now you must choose the hard drive location of your web site files. Click “Browse” to select the location. Then click “Next.”
  1. The next step in the wizard is to define the access permissions of your web site. The permissions that you choose here are for the root directory and are applied to any subdirectories. However, the permissions for the subdirectories can be changed. The following contains a brief description of each permission:
    Read: Allows users to view web pages on the web server.
    Run Scripts (such as ASP): This option should be enabled if you need to execute Active Server Pages (ASP) scripts.
    Execute (such as ISAPI applications or CGI): Select this option if you are going to execute CGI scripts.
    Write: This option should be enabled if a user needs to write information to a web page. An example of this would be completing an online form from their web browser. This should remain unchecked for the root directory for security purposes.
    Browse: Displays the files and subdirectories in the root directory in html format if the user does not specify a file on the web server, or the default document is not defined on the system. This feature should be left unchecked for security.
    After choosing the permissions for the default site, click “Next.”
  1. Click “Finish” to complete the Web Site Creation Wizard.
  2. Copy the name of the main page to be shown first
  3. Right click on the Name of the Web Site (Khmer Story), point to Property, remove all the files in the content page, and click Add
  4. Paste the name of your main page in the “Default Content Page”. Click “OK”
  5. Now open up a web browser and type http://YOUR _IP_ADDRESS (Domain Name) in order to view your web site.

Configure Sub Web Site

  1. Right click on the Name of the Web Site (Khmer Story), point to “New” and “Virtual Directory”. Click “Next”
  2. Type your sub web site (Optional Name) “English MP3” at Alias
  3. Now you must choose the hard drive location of your sub web site files. Click “Browse” to select the location. Then click “Next.”
  4. The next step in the wizard is to define the access permissions of your web site. The permissions that you choose here are for the root directory and are applied to any subdirectories. However, the permissions for the subdirectories can be changed. The following contains a brief description of each permission:
    Read: Allows users to view web pages on the web server.
    Run Scripts (such as ASP): This option should be enabled if you need to execute Active Server Pages (ASP) scripts.
    Execute (such as ISAPI applications or CGI): Select this option if you are going to execute CGI scripts.
    Write: This option should be enabled if a user needs to write information to a web page. An example of this would be completing an online form from their web browser. This should remain unchecked for the root directory for security purposes.
    Browse: Displays the files and subdirectories in the root directory in html format if the user does not specify a file on the web server, or the default document is not defined on the system. This feature should be left unchecked for security.

After choosing the permissions for the default site, click “Next.”

  1. Click “Finish” to complete the Sub Web Site Creation Wizard.
  2. Copy the name of the sub web site file to be shown. Right click on the Name of the Sub Web Site (English MP3), point to Property, and click “Add”
  3. Paste the name of the sub web site file in the “Default Content Page”. Click “OK”
  4. Now open up a web browser and type http://YOUR _IP_ADDRESS (Domain Name) /Sub Web Site in order to view your sub web site.

Configure FTP Site

  1. Right click on “FTP Sites” and go to “New” and then “New FTP Site…” Then click “Next”
  1. Provide a description of your ftp site. For example, “Sharing Files”. Click “Next.”
  1. In the “IP Address and Port Settings” section, click the drop-down menu under “Enter the IP address to use for this FTP site” and select the IP address you want to use for your ftp site. (Note: Do not use the VLAN IP address for your ftp site). You do not have to modify the port number. The default TCP port for FTP is 21. Click “Next.”
  1. In the “FTP User Isolation” section, click the mode of isolation you desire for your FTP server.  The following contains a brief description of each of the options.
    Do not isolate users:  This means that there is no isolation for your FTP users.  If the file system permissions allow it, users will be able to, at the very minimum, look at the contents of other users’ home directories.
    Isolate users:  This means that each user on your FTP site will have to have their own home directories configured, and the users will not be able to traverse outside of the directories you specified.
    Isolate users using Active Directory:  This means that the home directories for each user will be provided as part of the account’s Active Directory information.  This option is only applicable if your server is on an Active Directory domain. After choosing the mode of isolation, click “Next.”
  1. Now you must choose the hard drive location of the files you want to publish on your FTP server. Click “Browse” to select the location. After, click “Next.”
  1. The next window that appears is “File Site Access Permissions.” The two choices are Read and Write. Select “Read” only, if you want to allow users to only view and download files on your FTP server. Select “Write” if you want to allow users to upload files to your server. If required, both can be selected. After selecting the permissions, click “Next.”
  1. Click “Finish” to complete the wizard.

Mail Server

Make a Mailbox

  1. Click Start, point to “Run”, and type “p3server.msc”. Then the POP3 service will appear.
  2. Right click on “Computer Name” on the left pane and point to “Property”
  3. To get a high security, check “Require Secure Password Authentication (SPA) for all clients. Then Click “OK”
  4. Click on the Domain Name (khmerserver.com.kh) on the left pane
  5. Click “Add Mailbox” on the right pane
  6. Write “Store-Letter” in Mailbox Name and “Box123” in Passwords Click “OK”
  1. Click “OK”

Install SMTP Server

  1. Right click on “My Computer”. Then click “Manage” and the “Computer Management” surface will appear
  2. Expand “Service and Applications” and expand “IIS Internet Information Service”
  3. Right click on “Default SMTP Virtual Server” and point to “Property”
  4. Click on “Access” tab
  5. Click “Authentication” and check “Anonymous Access and Integrated Windows Authentication”. Then click “OK”
  6. Click “Relay” and go to “Allow all computers which successful….”. Then check “Only the list below is selected.”

Create Users Stored in Server

  1. Click “Start->Programs->Administrative Tools->Active Directory Users and Computers”
  2. Right click on “Domain Name->New->Organizational Unit” Then type the “Store-User” in name box and click “OK”
  1. Right click on “Store-User->New->User” Then write “First name, Last name, Full name, and User logon name” For example, First name: Seng, Last name: , and User Logon name: UserName. Then click “Next”
  1. Input Password (Optional) “UserName” and Confirm “UserName”. Then check (Optionally) “User cannot change password” and “Password never expires”. Click “Next”, Click “Finish”

Create E-mail Client

  1. Click “Start->Programs->Outlook Express”
  2. Click “Tools->Accounts->Add->Mail”. The below chart shows for completing detail E-mail Client:

Display name

Surname UserName

E-mail address

UserName@<your domain> (UserName@khmerserver.com.kh)

Incoming mail server

POP3

Incoming mail server

<your domain> (khmerserver.com.kh)

Outgoing mail server

<your domain> (khmerserver.com.kh)

Account name

UserName@<your domain> (UserName@khmerserver.com.kh)

Password

UserName

SPA

Checked

  1. Click “Tools->Accounts->Account (192.168.0.1 ”Domain ID”)->Property”

Click “Server”. Then check “My server requires authentication”, click “Apply” and “OK”.

Reference

Windows Server 2003, Enterprise Edition