Windows Networks Identity Management

Active Directory Domain Controller – Server 2008 r2, Server 2012 r2, Server 2016

Windows -> Start -> Administrative Tools -> Active Directory Users and Computers

All computers on the local network that have been joined to the local domain use the Active Directory User library. Instead of setting up user accounts on each computer, a central database is used to store logon names and passwords. (Generally) Kerberos is used to encrypt and exchange with handshake user logon name and password information. (Windows Professional required for workstations)

Jumpcloud

Install the jumpcloud client on all computers managed by the Jumpcloud database. (Generally) TLS1.1 is used for logon name and password information. First 10 users are free, then $7.50 per user per month.

15 users – 5*7.5*12*.75 = $ 1.875 per user per month paid annual

25 users – 15*7.5*12*.75 = $ 3.375 per user per month paid annual

50 users – $4.50 per user per month paid annual ($ 2,700 annual)

 

Server Costs

  • Server Acquisition – $1,500 – $25,000
  • Professional Installation – $1,000 – $5,000
  • Monthly support costs – $200 – $1,000
  • UPS – $250 – $2,000
  • Five (5) year warranty cost – $1,500 – $5,000 (4 hour repair)
  • Backup
  • Power
  • Heating and Cooling
  • Space utilization and access control

Ubuntu 16 server setup

adduser {{username}}
adduser {{username}} sudo

apt-get install apache2
apt-get install php
apt-get intsall libapache2-mod-php
apt-get install php-mcrypt
apt-get install php-mysql

apt install iptables
apt install fail2ban

apt update
apt full-upgrade
apt install build-essential
apt install tcl

add some swap

fallocate -l 1G /mnt/1GB.swap
dd if=/dev/zero of=/mnt/1GB.swap bs=1024 count=1048576
mkswap /mnt/1GB.swap
swapon /mnt/1GB.swap
chmod 0600 /mnt/1GB.swap
echo "/mnt/1GB.swap  none  swap  sw 0  0" >>/etc/fstab 

apt install mysql-server
mysql_secure_installation

## {{su}}
curl latest redis.io stable
make
make test
make install
mkdir /etc/redis
cp redis.conf /etc/redis

## create /etc/systemd/system/redis.service – e.g.

[Unit]
Description=Redis
After=network.target
[Service]
User=redis
Group=redis
ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf
ExecStop=/usr/local/bin/redis-cli shutdown
Restart=always
[Install]
WantedBy=multi-user.target

## now you need to diff your redis.conf – password, persistence, binding, etc.

## when you are ready to move … (or to test, see ExecStart)
systemctl enable redis

## next

cd /etc/apache2
ln mods-available/rewrite.load mods-enabled/rewrite.load