Personal tools

Creating a FTPServer in VMWare

From MohidWiki

Revision as of 17:56, 4 April 2012 by Davidbrito (talk | contribs)
Jump to: navigation, search

Create VM in VMWare vSphere

1GB RAM
350GB and no partitions to be easier migration (Marco Reis advice in Xen FTPServer)
Windows Server 2008 standard (no need for datacenter edition if not using more than 8 processors and 64bit - Marco Reis advice in Xen FTPServer)
1 CPU

To Install guest OS, edit VM settings, add the Windows ISO to DVD drive and select "connect at power on" so that the drive launches the installation disk. And Start the VM.

Installed VMTools from vSphere: Inventory->Virtual Machine->Guest->Install/Upgrade VM Tools

Configure VM in Server 2008 console

Change Computer Name

Change computer name to FTPServer2

Update Windows

Run Windows Server 2008 sp2 from \\davinci\Software and run updates untill there are no more updates.

Activate Windows

Under Computer->Right.click->Properties->Activate and give windows key.

Install Antivirus

Install Antivirus from \\davinci\Software and schedule scans and automatic updates. In server needs F-Secure for servers.

Copy Folders and Share

Install Second Copy from \\davinci\Software and copy from ftpserver to the VM c:\WebData 

ftp.mohid.com
FileRecipient

Shared this folders with autheticated users for full control

Add Service Roles in Server Managementg

  1. In Server Manager ->Roles->Add Role->Web Server (IIS)->click Next until select FTP Publishing Service->Until Finish
  2. IIS->ClickFTPServer2->RightClick Sites->Add FTPSite
  3. If in last step Add FTP Site option not available (Server2008 st), Install latest FTP publishing service (7.5 at the time) from \\davinci\Software\FTP7_ForIIS_x86 or in http://www.iis.net/download/FTP
  4. Add IIS service role i) under Management Tools "II6 Management compatibility", and ii) under Security "Basic Security" and "Digest Security" (?? saw in old Ftpserver machine) and iii) FTP Publishing service and iv) management service

FTP implementation

User Accounts

In Computer Management->User and Groups: add FTP users group and add each ftp user with this options 

- General - "user cannot change password" and "password never expires" 
- Member - of "Users" and "FTP users" (the latter only for not maretec users)
!- Remote - "Enable Remote Control" and "Require user's session"
- Disconnect "Remote Control"
- "Remote Desktop Services Profile" deny user.

Users: (agro727, anatrancoso, aquapath, clabsa, davidbrito, easy, easyco, estorilcoast, francisco, guillaume, hidromod, jauch, luisfernandes, meteoIST, mmateus, partner, pedrochambel, rodrigo, user)

In Computer Management->Local Security Policy->Account Policies->Password Policies->Disable "Passwords must meet.." so that it allows the basic user passwords

Define users passwords with the users

IIS

Add FTPSite

  1. Name: ftp2.mohid.com
  2. Path: C:\WebData\ftp.mohid.com
  3. Next
  4. IP: MachineIP
  5. SSL: Allow SSL
  6. Next
  7. Authentication: Basic and Anonymous (after, removed Anonymous because does not make sense to have a public ftp, and as seen below that everyone can write)
  8. Done

FTP authorization

  1. Add a allow rule for all users, read and write (after, removed this, and only users from the group users may have that rights).

FTP user isolation

  1. Select in isolate user radio button "user name physical directory" (after removed this because this assumes that the user name has a folder "Local User". If it has not the user is not able to log in!)

Virtual Directories

  1. Add 4 virtual directories from each FileRecipient folder (Ecomanage, Estorilcoast, Sigel and To_Weberver)
  2. Under each private folder define permissions for the effective users of each folder (remova all users if exists)

Other

  1. Check that ftpserver firewall has FTP server selected
  2. Fllow these steps for no-secure or secure data transfers
http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings-in-iis-7/ 
mainly implement the firewall rules. This allowed that the firewall does not need to be disconnected as it  was needed in old ftpserver!!!
For now do not add the external ip of firewall in IIS FTP firewall support in previous link - for SSL.

Refresh DC

It is needed to go to DC and check that ip and ftp site name (in site domain) for the service are correct so that internally when the ftp is written in a browser it goes to the right ip and machine.

Refresh Firewall

It is needed to go to the firewall and check that internal ip and ftp external ips are correct so that externally when the ftp is written in a web browser it goes to the right ip and machine.

Changing the bridging between the LAN and the DMZ

Create New Network Adapter - if not existing in vSphere

  • In vSphere add a new network adapter (virtual machine) in the host (the physical machine should have a second physical network adapter).
  • After created new network adapter, edit the vSwithc created and add a new vKernel and define the IP's for the host
  • Static ip-->192.168.21.xx
  • Subnet mask-->255.255.255.0
  • Gateway--> 192.168.21.1
  • In the VM configuration add a new ethernet adpater and choose the second virtual adapter just created.
  • The machine will have now available two virtual network adapters

Switching from LAN to DMZ - in the VM

  • Connect the network cable from a DMZ exit to the second host physical network port

Edit the second network connection:

  • Static ip-->192.168.21.xx
  • Subnet mask-->255.255.255.0
  • Gateway--> 192.168.21.1
  • DNSserver 192.168.20.10
  • Disconnect the LAN network connection


Links

Go Back to VMWare

Xen FTPserver Configuration

Retrieved from "http://wiki.mohid.com/index.php?title=Creating_a_FTPServer_in_VMWare&oldid=5961"