analysis of the existing system - thesis.binus.ac.idthesis.binus.ac.id/asli/bab3/bab...
TRANSCRIPT
ANALYSIS OF THE EXISTING SYSTEM
3.1 The Scope of PLN Pusdiklat Network
As briefly explained in the background, PLN Pusdiklat is a unit under PLN Pusat,
that specialized in handling the activities of educational and training followed by PLN
staffs itself. To satisfy the need of educational and training, PLN Pusdiklat have
established 10 branches called Udiklat (Unit Pendidikan dan Latihan) spreading across
Indonesia. Those location are Udiklat Banjar Baru, Bogor, Jakarta (located in Slipi),
Makassar, Medan, Padang, Palembang, Pandaan, Semarang, and Suralaya. In total, there
are around 500 staffs and numerous participants across Indonesia that might involved in
these activities everyday.
Having those branches, Pusdiklat act as the central of the information system that
supports their daily operation. There are used to be intranet links that installed to connect
those some Udiklat to Pusdiklat that make those system becomes a part of internal
system. However, due to some non technical problems, Pusdiklat decide to deactivate
those links. In short, there are intranet infrastructure installed, but not to be activated,
and those Udiklat access the systems in Pusdiklat publicly via internet links.
Other than supporting those Udiklat, Pusdiklat also have responsibility to work
under PLN Pusat. That activities required Pusdiklat to access some systems that located
in the PLN Pusat such as QPR software, and SMUK online (). Those system accessed
via intranet link that spans from PLN Pusat through Pusdiklat. In fact, there are also mail
exchanger that still occasionally used, and also connected via that intranet link.
47
3.1.1 Global Topology
Before we discuss about the network topology, it is better to see the geographical
location of PLN Pusdiklat scope in figure 9.
From figure above, it is seen that most of the Branches located in Sumatra and
Java. In Jakarta itself, there are 3 offices including Pusdiklat and PLN Pusat itself.
Udiklat Slipi can be considered as the closest branch, making it one possible candidate
for the backup site if WAN backup will be used.
Next, figure 10 will give a clearer picture about the logical topology on how
PLN Pusdiklat are connected to each other offices.
48
Figure 9: Geographical location of PLN Pusdiklat
In that figure, each location denoted by a router. Pusdiklat connected to a link
directly to an ISP router. This ISP router generally branch the connection to the internet,
where have public access, and to the intranet using IP-VPN where belong to PLN
internally. As previously said, this intranet is used for accessing internal systems and
applications in PLN Pusat. There are also intranet links provided to Udiklat located in
49
Figure 10: Existing global topology of PLN Pusdiklat scope
Java, which covers Slipi, Suralaya, Bogor, Semarang, and Pandaan. But, it remains
inactive for now.
Last, among Udiklat and Pusdiklat can communicate via internet access. Hence,
it required for Pusdiklat to have a public access system in order to be accessible by other
Udiklat.
3.1.2 Internal PLN Pusdiklat Topology
50
Figure 11: Existing internal topology of PLN Pusdiklat based on Evan B.S.
Figure 11 shows that Pusdiklat physically consisted of 4 floors. The fourth floor
has the capacity as the source of the connection through the building, where the servers
are located and internet connection originated for the rest of the floors.
3.2 Server Mapping in Pusdiklat
Figure 12 exhibits how the servers in Pusdiklat connected. It is generally divided
into 2 networks. The left hand side of the figure is a public network of 202.162.220.48
with prefix mask /29. This public network is available to be accessed from anywhere.
While the right hand side of the figure shows a local network of 10.10.0.0 with prefix
mask /24, and this network is only accessible internally or through the PLN intranet. In
short, the 3 servers on the left hand side is holding the applications which used among
the Udiklat, and the 4 servers on the right hand side is used internally in PLN Pusdiklat.
51
Figure 12: Server mapping in PLN Pusdiklat
The following points will take a deeper look through those servers.
3.2.1 Web Server
Brand : COMPAQ Proliant ML 530
IP address : 202.162.220.51
Hostname : webserver.pln-jasdik.co.id
Operating system : CentOS 4.4
Used space : 8.3 GB
Total capacity : 105 GB
Memory : 512 MB
Processor : Intel® Pentium 3 (977 MHz) 2 pieces
This web server hold the role of hosting PLN Pusdiklat profile website, available
in http://www.pln-pusdiklat.co.id/. Currently, the activity on this server is quite and not
lightly loaded. The degree of the importance in the data can be classified as low since
there are no such critical documents or databases.
3.2.2 SIMDIKLAT
Brand : HP Proliant DL 380 G6
IP address : 202.162.220.52
Hostname : simdiklat.pln-pusdiklat.co.id
Operating system : Ubuntu 10.04
Used space : N/A
Total Capacity : 5 x 300 GB
52
Memory : 6 GB
Processor : Intel® Xeon® E5530 (4 core, 2.4 GHz) 2 pieces
This server hold the role of hosting the web based educational and training
information system, available in http://simdiklat.pln-pusdiklat.co.id. In term of the
activity, this server is moderately loaded in work hours, especially during the conduct of
class activity since this information system is accessed internally and by all Udiklat. The
degree of the importance in the data can be classified as important.
3.2.3 Silampu (FTP, E-Learning, E-Magazine)
Brand : Wearness
IP address : 202.162.220.53
Hostname : silampu.pln-pusdiklat.co.id
Operating system : CentOS 5.3
Used space :176 GB
Total capacity : 250 GB
Memory : 4 GB
Processor : Intel® Xeon® E7310 (4 core, 1.60GHz) 2 pieces
This server is holding 3 roles at a time. The first is providing FTP shares which is
heavily loaded with important data. Second, it is hosting e-learning information system,
available in http://elearning.pln-pusdiklat.co.id/ which is moderately loaded with
training participant data. Last, it is hosting e-magazine website, available in
http://emagazine.pln-pusdiklat.co.id/ which currently vacuum to be updated. All of those
system is accessed internally and all Udiklat.
53
3.2.3 Mail Server 1
Brand : HP Proliant DL 380 G6
IP address : 10.10.0.20
Hostname :
Operating system : Windows Server 2003
Used space : N/A
Total capacity : 3 x 300 GB
Memory : 6 GB
Processor : Intel® Xeon® E5530 (4 core, 2.4 GHz)
This server hold the role as sub-domain controller of PLN Pusdiklat that prior to
the PLN Pusat domain. It holds the mirror of the user accounts for the windows domain,
and used conjunctionally with the mail server. However, the service is not effectively
used due some non-technical reasons.
3.2.5 Mail Server 2
Brand : HP Proliant DL 380 G6
IP Address : 10.10.0.40
Hostname : JASDIKMAIL01
Operating system : Windows Server 2003
Used space : N/A
Total capacity : 7 x 300 GB
Memory : 6 GB
Processor : Intel® Xeon® E5530 (4 core, 2.4 GHz)
54
This server hold the role as mail exchanger of PLN Pusdiklat that prior to the
PLN Pusat mail exchanger. It works conjunctionally with the mail server 1 in the same
domain. However, same as the previous mail server, this service is not effectively used
due some non-technical reasons.
3.2.6 Finance Server
Brand : N/A
IP Address : 10.10.0.23
Hostname : SIMKEU
Operating system : Windows XP Professional
Used space : 198 GB
Total capacity : 296 GB
Memory : 1 GB
Processor : N/A
This server hold the role of providing finance data sharing that used for the PLN
Pusdiklat finance application. The activity of the server is moderately loaded and
accessed internally by Pusdiklat finance and budgetary division. The data can be
classified as important because it includes payroll, procurement, etc.
55
3.2.7 Antivirus Server
Brand : COMPAQ Proliant ML 370
IP Address : 10.10.0.8
Hostname : ANTIVIRUS
Operating system : Windows Server 2003
Used space : 3 GB
Total capacity : 135 GB
Memory : 896 MB
Processor : Intel® Pentium 3 (930 MHz) 2 pieces
This server hold the role of providing antivirus automatic update service and
windows update yet to be implemented. The activity of the server is lightly loaded and
accessed internally by Pusdiklat workstations. The content can be classified as low
degree importance because it contains virus definitions and windows patches that can be
downloaded anytime.
56
3.3 Backup Mechanism
In order to preserve the data among those certain servers, the previous
administrators have applied data backup mechanism with a simple method. This method
has been done by plainly copying the desired folders from a workstation into an external
hard disk. The process of data transferring done remotely via network using a secure
copy software (WinSCP). Figure 13 shows the network illustration of that process.
The overview of the step-by-step backup process can be mapped to an activity
diagram showed on the figure 14 which is generally partitioned into 3 parts, the admin
activity, the backup client activity, and the WinSCP activity.
57
Figure 13: Network illustration of existing backup mechanism
58
Figure 14: Partitioned activity diagram of existing backup mechanism
Before the transferring process, the admin might want to make changes of the
files. The desired data can be collected first within a compressed folder using a shell
script. It enables to combine multiple command in Linux in order to be executed
sequentially or in parallel manner. Figure 15 shows the example of shell script used for
archiving folders in FTP server.
Other than backing up files in certain folder, there are MYSQL database used in
the web application to be backed up. They have done it by dumping the database into
59
#!/bin/bash
#Folder untuk dibackup tapi overwriteELEARNING=/home/silampu/FTP=/home/pusdiklat/
#Folder untuk dibackup pertanggalBANJARBARU=/home/pusdiklat/UDIKLAT/BANJARBARU/Backup/BOGOR=/home/pusdiklat/UDIKLAT/BOGOR/BACKUP/JAKARTA=/home/pusdiklat/UDIKLAT/JAKARTA/BACKUP/
#Folder Backup per-udiklatB_BANJARBARU=/home/BACKUP/FTP/UDIKLAT/BANJARBARU/B_BOGOR=/home/BACKUP/FTP/UDIKLAT/BOGOR/B_JAKARTA=/home/BACKUP/FTP/UDIKLAT/JAKARTA/
TANGGAL=$(date +%d%m%Y).tgz
#Nama file compressB_ELEARNING=elearning.tgzB_FTP=ftp.tgzFTP_D=/home/BACKUP/FTP/ELEARNING_D=/home/BACKUP/ELEARNING/
#Backup per-udiklat tanpa overwritetar czfP $B_BANJARBARU$TANGGAL $BANJARBARUtar czfP $B_BOGOR$TANGGAL $BOGORtar czfP $B_JAKARTA$TANGGAL $JAKARTA
#Backup untuk overwritetar czfP $FTP_D$B_FTP $FTPtar czfP $ELEARNING_D$B_ELEARNING $ELEARNING
Figure 15: Shell script for archiving folders
.sql files using shell script, and using the same approach to copy the file plainly via
network. Figure 16 shows the example of the shell script to dump MYSQL database.
The advantage of having this kind of backup can be described as following. It is
easy and quick to implement since there is no need of extra server to hold the backed-up
data. The step-by-step process also considered as easy, can be understood by common
users. In term of transfer rate, it is independent from the bottleneck caused by outgoing
internet traffic, since the workstation used for pulling the data located in Pusdiklat local
LAN.
Despite of those advantages, this method draws several weaknesses. The backup
process have to be done manually by the administrators. That condition raises another
problem when the admin need to backup all current active servers. The process of
transferring data become inefficient because the admin can not done it in parallel
manner. There are also possibilities for the human error when the process done manually.
In term of hardware, external hard disk might be less durable in facing failure like bad
sector.
60
#!/bin/sh
tanggal=`/bin/date +%Y%m%d-%H`
/usr/bin/mysqldump --user=root --password=wowkerenbgt --lock-all-tables \ --all-databases > /home/BACKUP/MYSQL/backup-${tanggal}.sql
for file in "$( /usr/bin/find /home/BACKUP/MYSQL -type f -mtime +2 )"do /bin/rm -f $filedone
Figure 16: Shell script for dumping MYSQL database
3.3.1 Classification
Refer to the classification of data backup in chapter 2, the existing backup
mechanism can be classified as following :
Between directly attached and client-server backup. The storage actually directly
attached and there is no software that help the admin to run the process in parallel
manner and manage the backup, but the way it transferred is by using network
connection like client-server.
LAN backup. The storage located in the same building or can be said as one area.
The data transmitted through fast ethernet network through a workstation. It is
difficult to manage when handling the backup for all active servers.
D2D backup. The backup media is using an external hard disk that connected to
the workstation which pull the data from the backup client.
Cold backup, The backup system is not highly available, in fact it done backup
process once in a while. As a result, the backed up data might have a low degree
of consistency compared to the data in the main system.
Full backup, The backup process always involving copy specified folders
entirely. It results for the backup media to serve large space for those files in
every snapshot of the backup.
Encrypted backup. The backup process is encrypted during the transmission only
since it using a secure copy through the network. Although the backed up file is
compressed, it occurred previously using shell script, not during the backup
process.
61
3.3.2 Supporting Software
Although the backup is done quite manually, it actually supported with a secure
copy software called WinSCP that available for windows client. WinSCP is not a
specifically purposed backup software. The main utilization is to perform secure copy
using mechanism of secure shell as a basis that by default using port 22 on the server.
The transmission is also encrypted just like using SSHv2 and the type of encryption is
depends on the server itself. The process to transfer the data will be explained by series
of following figures.
Figure 17 shows that WinSCP requires the user input for the destination
hostname, or can be filled with the server’s IP address, the port number of the SSH
service is running on, the user name which is allowed by the SSH and the password. If
the system is using private key for authentication instead of username and password,
then the admin need to import and specify the private key file. Last thing to consider is
the file protocol. There are available option such as SFTP and plain FTP, but the admin
use SCP considering its faster transfer speed [22].
62
Figure 17: Main menu of WinSCP
Once the admin done the procedure in the main menu and enter the correct
username and password, it will prompt Figure 18, showing message of checking key
fingerprint just like when someone perform SSH to a server to an unknown host. When
the admin decide to trust the fingerprint, then those machine will perform key exchange,
and the the secure transmission is ready.
After it performs key exchanging, it proceed to the file browser menu shown in
figure 19. It generally consists of 2 panels, the left hand side is the local machine file
system, and the right hand side is the remote machine file system. The admin usually
specify the local filesystem directly into the backup media file system, in this case is the
external hard disk file system. To transfer a file, the admin just need to drag the desired
file or folders from the right hand side to the left hand side panel.
63
Figure 18: Checking key fingerprint in WinSCP
When the admin attempts to transfer a whole folder, just like any other plain copy
method, WinSCP needs to calculate the size of the files reside within that particular
folder, shown in figure 20.
Once the client machine done with the calculation, it finally performs the data transfer
shown in figure 21. The copy process actually transfer the data one by one per file,
therefore it is not performing any compression.
64
Figure 20: Calculating directory size in WinSCP
Figure 19: File browser in WinSCP
Having the behavior of copying the data per file, WinSCP does not need to perform any
size calculation when copying a single file or an archive shown in figure 22.
3.3.3 Backup Media
As stated previously, the backed-up data is directly stored into an external hard
disk media. The backup media specification can be listed like following.
Brand : Western Digital My Passport Essential SE
Total capacity : 1 TB
Dimension : 2.5 Inch
Interface : USB 2.0
Filesystem : NTFS
65
Figure 22: Copying archieve in WinSCP
Figure 21: Copying a directory in WinSCP
Based on the interface, this external media have the transfer rate of 60 MB/s at
maximum, hence this media should keep up with the network transfer rate. Regarding to
the total capacity, the capacity is not actually 1 TB because there is a protected volume
containing proprietary software. The NTFS filesystem is suitable in transferring large
files and compatible with current Windows workstation resulting a good performance.
3.3.4 Performance
In conjunction to fast ethernet speed, the network is capable to transfer data with
speed of 12.5 MB/s at maximum. But practically, there is no such 100% transfer rate
efficiency. Moreover, the backup mechanism that utilizing secure copy algorithm might
slow down the transfer rate even more. Table 12 shows the results of performing the
current backup process using existing mechanism, software, and hardware done in
Pusdiklat's web server.
Attempt File type File Size Calculation Time
Transfer Time
Average Transfer Rate
#1 Folder 1.40 GB 2042 seconds 1447 seconds 1014 KB/s#2 Folder 2.80 GB 4192 seconds 3112 seconds 966 KB/s#3 Folder 4.20 GB 6317 seconds 5020 seconds 898 KB/s#4 Tar archive 1.20 GB N/A 244 seconds 5280 KB/s#5 Tar archive 2.40 GB N/A 490 seconds 5259 KB/s#6 Tar archive 3.60 GB N/A 729 seconds 5302 KB/s
Table 12: Current backup performance in PLN Pusdiklat
Average Transfer Rate = File Size / Transfer time1 GB = 1024 MB = 1024 x 1024 KB
Table 8 shows that transferring folders with many files within consumes great
number of time during the directory calculation process. Other than slow calculation
66
process, the transfer rate can also be considered as slow compared to the maximum
capacity of the network.
That condition caused by the mechanism used in SCP actually performs the
directory calculation and the transfer process one by one file at a time. When performing
copy of many files of small size, SCP mechanism does not able to accelerate to reach
high speed because the speed is reset once the copy of a file is finished. In fact, there
also slight delay when it moves from a file to another file that slow down the transfer
rate even more.
In contrast, when the admin compress the previous folder into a tar archive of
about 14.2 % compressed, the transferring process progress much faster. First, it
consumes slight time to calculate the file size, although it practically seems to be ignored
as if there is no time needed in calculation. Having tar archive that in form of a large
chunk of file, the SCP mechanism can accelerate to its maximum transfer rate at stable
since there is no delay performed when changing file to another.
3.4 Condition of Candidate Backup Site
Considering the possibility of upcoming both natural and artificial disaster, the
company is strongly recommending to install the backup media at remote backup site.
Refer to the geographical location of Pusdiklat and its units in figure 9, Udiklat Slipi is
the closest branch that might be relied where the storage location will be located.
Regarding to its network availability, Udiklat Slipi is also included within the existing
scope of PLN's intranet infrastructure.
67
Although the location seems not distant enough from the main system in
Ragunan, it is believed as the the most rational option considering its close location that
might help the early time of the new backup implementation, monitoring, and
evaluation. In fact, Udiklat Slipi consist of better building infrastructure since it is newer
compared to other Udiklat that might help reduce the possibility and effect of those
upcoming disasters.
Having that decision, the author also conducted field survey on how the existing
condition in Udiklat Slipi is, especially related with IT infrastructure. The following
figure shows the existing core network topology of Udiklat Slipi
Figure 23 shows that Udiklat Slipi consist of one local LAN connected with
network address 192.168.1.0 and prefix mask /24, and one public network that
connected to the internet with network address 202.162.208.8 and prefix mask /29. It is
unlikely for common network topology that have non point to point subnet for the link to
68
Figure 23: Existing core topology of Udiklat Slipi
the ISP. As a gateway, both of the public and local network are connected by a PC router
that installed with Windows Server 2003. It mainly perform the task of IP forwarding
and provide services such as DHCP, NAT and network proxy.
In order to connect the backup media to the servers located in Pusdiklat, the
backup media need to get a public IP address or a local IP address that belong and
connected to the PLN intranet. Ideally, the backup media should be placed at least
behind the router to gain some protection. However, there is no more available public
subnet that make it can be access from everywhere. The intranet for whole Udiklat also
remain inactive causing local subnet also can not reach Pusdiklat.
It is stated that in order to gain minimum protection, the backup media should be
installed behind the router. Other than to perform routing function and provide other
service for the clients, the router should also perform minimum incoming or packet
filtering for both network. Having that condition, a reliable router that has stronger and
stable performance is needed to carry on those tasks.
The existing PC-router condition will be insufficient due to lack of network
interfaces which is installed 2 pieces. It might be needed for the router to have more than
2 to anticipate the additional network installation, whether it is the intranet, or other
addition of subnet. Moreover, the specification of the PC-router might not be adequate to
support a reliable operation that is projected. Fortunately, Udiklat Slipi actually store an
unused Cisco 1841 router.
69