ANALYSIS OF THE EXISTING SYSTEM

3.1 The Scope of PLN Pusdiklat Network

As briefly explained in the background, PLN Pusdiklat is a unit under PLN Pusat,

that specialized in handling the activities of educational and training followed by PLN

staffs itself. To satisfy the need of educational and training, PLN Pusdiklat have

established 10 branches called Udiklat (Unit Pendidikan dan Latihan) spreading across

Indonesia. Those location are Udiklat Banjar Baru, Bogor, Jakarta (located in Slipi),

Makassar, Medan, Padang, Palembang, Pandaan, Semarang, and Suralaya. In total, there

are around 500 staffs and numerous participants across Indonesia that might involved in

these activities everyday.

Having those branches, Pusdiklat act as the central of the information system that

supports their daily operation. There are used to be intranet links that installed to connect

those some Udiklat to Pusdiklat that make those system becomes a part of internal

system. However, due to some non technical problems, Pusdiklat decide to deactivate

those links. In short, there are intranet infrastructure installed, but not to be activated,

and those Udiklat access the systems in Pusdiklat publicly via internet links.

Other than supporting those Udiklat, Pusdiklat also have responsibility to work

under PLN Pusat. That activities required Pusdiklat to access some systems that located

in the PLN Pusat such as QPR software, and SMUK online (). Those system accessed

via intranet link that spans from PLN Pusat through Pusdiklat. In fact, there are also mail

exchanger that still occasionally used, and also connected via that intranet link.

47

3.1.1 Global Topology

Before we discuss about the network topology, it is better to see the geographical

location of PLN Pusdiklat scope in figure 9.

From figure above, it is seen that most of the Branches located in Sumatra and

Java. In Jakarta itself, there are 3 offices including Pusdiklat and PLN Pusat itself.

Udiklat Slipi can be considered as the closest branch, making it one possible candidate

for the backup site if WAN backup will be used.

Next, figure 10 will give a clearer picture about the logical topology on how

PLN Pusdiklat are connected to each other offices.

48

Figure 9: Geographical location of PLN Pusdiklat

In that figure, each location denoted by a router. Pusdiklat connected to a link

directly to an ISP router. This ISP router generally branch the connection to the internet,

where have public access, and to the intranet using IP-VPN where belong to PLN

internally. As previously said, this intranet is used for accessing internal systems and

applications in PLN Pusat. There are also intranet links provided to Udiklat located in

49

Figure 10: Existing global topology of PLN Pusdiklat scope

Java, which covers Slipi, Suralaya, Bogor, Semarang, and Pandaan. But, it remains

inactive for now.

Last, among Udiklat and Pusdiklat can communicate via internet access. Hence,

it required for Pusdiklat to have a public access system in order to be accessible by other

Udiklat.

3.1.2 Internal PLN Pusdiklat Topology

50

Figure 11: Existing internal topology of PLN Pusdiklat based on Evan B.S.

Figure 11 shows that Pusdiklat physically consisted of 4 floors. The fourth floor

has the capacity as the source of the connection through the building, where the servers

are located and internet connection originated for the rest of the floors.

3.2 Server Mapping in Pusdiklat

Figure 12 exhibits how the servers in Pusdiklat connected. It is generally divided

into 2 networks. The left hand side of the figure is a public network of 202.162.220.48

with prefix mask /29. This public network is available to be accessed from anywhere.

While the right hand side of the figure shows a local network of 10.10.0.0 with prefix

mask /24, and this network is only accessible internally or through the PLN intranet. In

short, the 3 servers on the left hand side is holding the applications which used among

the Udiklat, and the 4 servers on the right hand side is used internally in PLN Pusdiklat.

51

Figure 12: Server mapping in PLN Pusdiklat

The following points will take a deeper look through those servers.

3.2.1 Web Server

Brand : COMPAQ Proliant ML 530

IP address : 202.162.220.51

Hostname : webserver.pln-jasdik.co.id

Operating system : CentOS 4.4

Used space : 8.3 GB

Total capacity : 105 GB

Memory : 512 MB

Processor : Intel® Pentium 3 (977 MHz) 2 pieces

This web server hold the role of hosting PLN Pusdiklat profile website, available

in http://www.pln-pusdiklat.co.id/. Currently, the activity on this server is quite and not

lightly loaded. The degree of the importance in the data can be classified as low since

there are no such critical documents or databases.

3.2.2 SIMDIKLAT

Brand : HP Proliant DL 380 G6

IP address : 202.162.220.52

Hostname : simdiklat.pln-pusdiklat.co.id

Operating system : Ubuntu 10.04

Used space : N/A

Total Capacity : 5 x 300 GB

52

Memory : 6 GB

Processor : Intel® Xeon® E5530 (4 core, 2.4 GHz) 2 pieces

This server hold the role of hosting the web based educational and training

information system, available in http://simdiklat.pln-pusdiklat.co.id. In term of the

activity, this server is moderately loaded in work hours, especially during the conduct of

class activity since this information system is accessed internally and by all Udiklat. The

degree of the importance in the data can be classified as important.

3.2.3 Silampu (FTP, E-Learning, E-Magazine)

Brand : Wearness

IP address : 202.162.220.53

Hostname : silampu.pln-pusdiklat.co.id

Operating system : CentOS 5.3

Used space :176 GB

Total capacity : 250 GB

Memory : 4 GB

Processor : Intel® Xeon® E7310 (4 core, 1.60GHz) 2 pieces

This server is holding 3 roles at a time. The first is providing FTP shares which is

heavily loaded with important data. Second, it is hosting e-learning information system,

available in http://elearning.pln-pusdiklat.co.id/ which is moderately loaded with

training participant data. Last, it is hosting e-magazine website, available in

http://emagazine.pln-pusdiklat.co.id/ which currently vacuum to be updated. All of those

system is accessed internally and all Udiklat.

53

3.2.3 Mail Server 1

Brand : HP Proliant DL 380 G6

IP address : 10.10.0.20

Hostname :

Operating system : Windows Server 2003

Used space : N/A

Total capacity : 3 x 300 GB

Memory : 6 GB

Processor : Intel® Xeon® E5530 (4 core, 2.4 GHz)

This server hold the role as sub-domain controller of PLN Pusdiklat that prior to

the PLN Pusat domain. It holds the mirror of the user accounts for the windows domain,

and used conjunctionally with the mail server. However, the service is not effectively

used due some non-technical reasons.

3.2.5 Mail Server 2

Brand : HP Proliant DL 380 G6

IP Address : 10.10.0.40

Hostname : JASDIKMAIL01

Operating system : Windows Server 2003

Used space : N/A

Total capacity : 7 x 300 GB

Memory : 6 GB

Processor : Intel® Xeon® E5530 (4 core, 2.4 GHz)

54

This server hold the role as mail exchanger of PLN Pusdiklat that prior to the

PLN Pusat mail exchanger. It works conjunctionally with the mail server 1 in the same

domain. However, same as the previous mail server, this service is not effectively used

due some non-technical reasons.

3.2.6 Finance Server

Brand : N/A

IP Address : 10.10.0.23

Hostname : SIMKEU

Operating system : Windows XP Professional

Used space : 198 GB

Total capacity : 296 GB

Memory : 1 GB

Processor : N/A

This server hold the role of providing finance data sharing that used for the PLN

Pusdiklat finance application. The activity of the server is moderately loaded and

accessed internally by Pusdiklat finance and budgetary division. The data can be

classified as important because it includes payroll, procurement, etc.

55

3.2.7 Antivirus Server

Brand : COMPAQ Proliant ML 370

IP Address : 10.10.0.8

Hostname : ANTIVIRUS

Operating system : Windows Server 2003

Used space : 3 GB

Total capacity : 135 GB

Memory : 896 MB

Processor : Intel® Pentium 3 (930 MHz) 2 pieces

This server hold the role of providing antivirus automatic update service and

windows update yet to be implemented. The activity of the server is lightly loaded and

accessed internally by Pusdiklat workstations. The content can be classified as low

degree importance because it contains virus definitions and windows patches that can be

downloaded anytime.

56

3.3 Backup Mechanism

In order to preserve the data among those certain servers, the previous

administrators have applied data backup mechanism with a simple method. This method

has been done by plainly copying the desired folders from a workstation into an external

hard disk. The process of data transferring done remotely via network using a secure

copy software (WinSCP). Figure 13 shows the network illustration of that process.

The overview of the step-by-step backup process can be mapped to an activity

diagram showed on the figure 14 which is generally partitioned into 3 parts, the admin

activity, the backup client activity, and the WinSCP activity.

57

Figure 13: Network illustration of existing backup mechanism

58

Figure 14: Partitioned activity diagram of existing backup mechanism

Before the transferring process, the admin might want to make changes of the

files. The desired data can be collected first within a compressed folder using a shell

script. It enables to combine multiple command in Linux in order to be executed

sequentially or in parallel manner. Figure 15 shows the example of shell script used for

archiving folders in FTP server.

Other than backing up files in certain folder, there are MYSQL database used in

the web application to be backed up. They have done it by dumping the database into

59

#!/bin/bash

#Folder untuk dibackup tapi overwriteELEARNING=/home/silampu/FTP=/home/pusdiklat/

#Folder untuk dibackup pertanggalBANJARBARU=/home/pusdiklat/UDIKLAT/BANJARBARU/Backup/BOGOR=/home/pusdiklat/UDIKLAT/BOGOR/BACKUP/JAKARTA=/home/pusdiklat/UDIKLAT/JAKARTA/BACKUP/

#Folder Backup per-udiklatB_BANJARBARU=/home/BACKUP/FTP/UDIKLAT/BANJARBARU/B_BOGOR=/home/BACKUP/FTP/UDIKLAT/BOGOR/B_JAKARTA=/home/BACKUP/FTP/UDIKLAT/JAKARTA/

TANGGAL=$(date +%d%m%Y).tgz

#Nama file compressB_ELEARNING=elearning.tgzB_FTP=ftp.tgzFTP_D=/home/BACKUP/FTP/ELEARNING_D=/home/BACKUP/ELEARNING/

#Backup per-udiklat tanpa overwritetar czfP $B_BANJARBARU$TANGGAL $BANJARBARUtar czfP $B_BOGOR$TANGGAL $BOGORtar czfP $B_JAKARTA$TANGGAL $JAKARTA

#Backup untuk overwritetar czfP $FTP_D$B_FTP $FTPtar czfP $ELEARNING_D$B_ELEARNING $ELEARNING

Figure 15: Shell script for archiving folders

.sql files using shell script, and using the same approach to copy the file plainly via

network. Figure 16 shows the example of the shell script to dump MYSQL database.

The advantage of having this kind of backup can be described as following. It is

easy and quick to implement since there is no need of extra server to hold the backed-up

data. The step-by-step process also considered as easy, can be understood by common

users. In term of transfer rate, it is independent from the bottleneck caused by outgoing

internet traffic, since the workstation used for pulling the data located in Pusdiklat local

LAN.

Despite of those advantages, this method draws several weaknesses. The backup

process have to be done manually by the administrators. That condition raises another

problem when the admin need to backup all current active servers. The process of

transferring data become inefficient because the admin can not done it in parallel

manner. There are also possibilities for the human error when the process done manually.

In term of hardware, external hard disk might be less durable in facing failure like bad

sector.

60

#!/bin/sh

tanggal=`/bin/date +%Y%m%d-%H`

/usr/bin/mysqldump --user=root --password=wowkerenbgt --lock-all-tables \ --all-databases > /home/BACKUP/MYSQL/backup-${tanggal}.sql

for file in "$( /usr/bin/find /home/BACKUP/MYSQL -type f -mtime +2 )"do /bin/rm -f $filedone

Figure 16: Shell script for dumping MYSQL database

3.3.1 Classification

Refer to the classification of data backup in chapter 2, the existing backup

mechanism can be classified as following :

Between directly attached and client-server backup. The storage actually directly

attached and there is no software that help the admin to run the process in parallel

manner and manage the backup, but the way it transferred is by using network

connection like client-server.

LAN backup. The storage located in the same building or can be said as one area.

The data transmitted through fast ethernet network through a workstation. It is

difficult to manage when handling the backup for all active servers.

D2D backup. The backup media is using an external hard disk that connected to

the workstation which pull the data from the backup client.

Cold backup, The backup system is not highly available, in fact it done backup

process once in a while. As a result, the backed up data might have a low degree

of consistency compared to the data in the main system.

Full backup, The backup process always involving copy specified folders

entirely. It results for the backup media to serve large space for those files in

every snapshot of the backup.

Encrypted backup. The backup process is encrypted during the transmission only

since it using a secure copy through the network. Although the backed up file is

compressed, it occurred previously using shell script, not during the backup

process.

61

3.3.2 Supporting Software

Although the backup is done quite manually, it actually supported with a secure

copy software called WinSCP that available for windows client. WinSCP is not a

specifically purposed backup software. The main utilization is to perform secure copy

using mechanism of secure shell as a basis that by default using port 22 on the server.

The transmission is also encrypted just like using SSHv2 and the type of encryption is

depends on the server itself. The process to transfer the data will be explained by series

of following figures.

Figure 17 shows that WinSCP requires the user input for the destination

hostname, or can be filled with the server’s IP address, the port number of the SSH

service is running on, the user name which is allowed by the SSH and the password. If

the system is using private key for authentication instead of username and password,

then the admin need to import and specify the private key file. Last thing to consider is

the file protocol. There are available option such as SFTP and plain FTP, but the admin

use SCP considering its faster transfer speed [22].

62

Figure 17: Main menu of WinSCP

Once the admin done the procedure in the main menu and enter the correct

username and password, it will prompt Figure 18, showing message of checking key

fingerprint just like when someone perform SSH to a server to an unknown host. When

the admin decide to trust the fingerprint, then those machine will perform key exchange,

and the the secure transmission is ready.

After it performs key exchanging, it proceed to the file browser menu shown in

figure 19. It generally consists of 2 panels, the left hand side is the local machine file

system, and the right hand side is the remote machine file system. The admin usually

specify the local filesystem directly into the backup media file system, in this case is the

external hard disk file system. To transfer a file, the admin just need to drag the desired

file or folders from the right hand side to the left hand side panel.

63

Figure 18: Checking key fingerprint in WinSCP

When the admin attempts to transfer a whole folder, just like any other plain copy

method, WinSCP needs to calculate the size of the files reside within that particular

folder, shown in figure 20.

Once the client machine done with the calculation, it finally performs the data transfer

shown in figure 21. The copy process actually transfer the data one by one per file,

therefore it is not performing any compression.

64

Figure 20: Calculating directory size in WinSCP

Figure 19: File browser in WinSCP

Having the behavior of copying the data per file, WinSCP does not need to perform any

size calculation when copying a single file or an archive shown in figure 22.

3.3.3 Backup Media

As stated previously, the backed-up data is directly stored into an external hard

disk media. The backup media specification can be listed like following.

Brand : Western Digital My Passport Essential SE

Total capacity : 1 TB

Dimension : 2.5 Inch

Interface : USB 2.0

Filesystem : NTFS

65

Figure 22: Copying archieve in WinSCP

Figure 21: Copying a directory in WinSCP

Based on the interface, this external media have the transfer rate of 60 MB/s at

maximum, hence this media should keep up with the network transfer rate. Regarding to

the total capacity, the capacity is not actually 1 TB because there is a protected volume

containing proprietary software. The NTFS filesystem is suitable in transferring large

files and compatible with current Windows workstation resulting a good performance.

3.3.4 Performance

In conjunction to fast ethernet speed, the network is capable to transfer data with

speed of 12.5 MB/s at maximum. But practically, there is no such 100% transfer rate

efficiency. Moreover, the backup mechanism that utilizing secure copy algorithm might

slow down the transfer rate even more. Table 12 shows the results of performing the

current backup process using existing mechanism, software, and hardware done in

Pusdiklat's web server.

Attempt File type File Size Calculation Time

Transfer Time

Average Transfer Rate

#1 Folder 1.40 GB 2042 seconds 1447 seconds 1014 KB/s#2 Folder 2.80 GB 4192 seconds 3112 seconds 966 KB/s#3 Folder 4.20 GB 6317 seconds 5020 seconds 898 KB/s#4 Tar archive 1.20 GB N/A 244 seconds 5280 KB/s#5 Tar archive 2.40 GB N/A 490 seconds 5259 KB/s#6 Tar archive 3.60 GB N/A 729 seconds 5302 KB/s

Table 12: Current backup performance in PLN Pusdiklat

Average Transfer Rate = File Size / Transfer time1 GB = 1024 MB = 1024 x 1024 KB

Table 8 shows that transferring folders with many files within consumes great

number of time during the directory calculation process. Other than slow calculation

66

process, the transfer rate can also be considered as slow compared to the maximum

capacity of the network.

That condition caused by the mechanism used in SCP actually performs the

directory calculation and the transfer process one by one file at a time. When performing

copy of many files of small size, SCP mechanism does not able to accelerate to reach

high speed because the speed is reset once the copy of a file is finished. In fact, there

also slight delay when it moves from a file to another file that slow down the transfer

rate even more.

In contrast, when the admin compress the previous folder into a tar archive of

about 14.2 % compressed, the transferring process progress much faster. First, it

consumes slight time to calculate the file size, although it practically seems to be ignored

as if there is no time needed in calculation. Having tar archive that in form of a large

chunk of file, the SCP mechanism can accelerate to its maximum transfer rate at stable

since there is no delay performed when changing file to another.

3.4 Condition of Candidate Backup Site

Considering the possibility of upcoming both natural and artificial disaster, the

company is strongly recommending to install the backup media at remote backup site.

Refer to the geographical location of Pusdiklat and its units in figure 9, Udiklat Slipi is

the closest branch that might be relied where the storage location will be located.

Regarding to its network availability, Udiklat Slipi is also included within the existing

scope of PLN's intranet infrastructure.

67

Although the location seems not distant enough from the main system in

Ragunan, it is believed as the the most rational option considering its close location that

might help the early time of the new backup implementation, monitoring, and

evaluation. In fact, Udiklat Slipi consist of better building infrastructure since it is newer

compared to other Udiklat that might help reduce the possibility and effect of those

upcoming disasters.

Having that decision, the author also conducted field survey on how the existing

condition in Udiklat Slipi is, especially related with IT infrastructure. The following

figure shows the existing core network topology of Udiklat Slipi

Figure 23 shows that Udiklat Slipi consist of one local LAN connected with

network address 192.168.1.0 and prefix mask /24, and one public network that

connected to the internet with network address 202.162.208.8 and prefix mask /29. It is

unlikely for common network topology that have non point to point subnet for the link to

68

Figure 23: Existing core topology of Udiklat Slipi

the ISP. As a gateway, both of the public and local network are connected by a PC router

that installed with Windows Server 2003. It mainly perform the task of IP forwarding

and provide services such as DHCP, NAT and network proxy.

In order to connect the backup media to the servers located in Pusdiklat, the

backup media need to get a public IP address or a local IP address that belong and

connected to the PLN intranet. Ideally, the backup media should be placed at least

behind the router to gain some protection. However, there is no more available public

subnet that make it can be access from everywhere. The intranet for whole Udiklat also

remain inactive causing local subnet also can not reach Pusdiklat.

It is stated that in order to gain minimum protection, the backup media should be

installed behind the router. Other than to perform routing function and provide other

service for the clients, the router should also perform minimum incoming or packet

filtering for both network. Having that condition, a reliable router that has stronger and

stable performance is needed to carry on those tasks.

The existing PC-router condition will be insufficient due to lack of network

interfaces which is installed 2 pieces. It might be needed for the router to have more than

2 to anticipate the additional network installation, whether it is the intranet, or other

addition of subnet. Moreover, the specification of the PC-router might not be adequate to

support a reliable operation that is projected. Fortunately, Udiklat Slipi actually store an

unused Cisco 1841 router.

69