Making Hi-edge Router in the middle of nowhere.

Introductions:

What will you do when you are living in a coastal area where there is no road to travel and sailing by sea was been dangerous and you need your router to be replaced?Yes! a router machine that you need in the middle of nowhere, what you have got is a satellite internet access and 1 recordable CD only. Definitely we need a hi-grade router, that could functions a 24 by 7 usage and avoid some worries that it will get sucks during operations. So the objective first was to have a working router otherwise we need to repair it (LinksysWRTG54) but hey, the router was really been damaged because of too much current fluctuations that made its circuit to blew . For a practical reason and to anticipate stand-by operation, we need to immediately replace the Linksys router and that was a big questions then-How and When?

And here was the story begun,Menard my technical team mate who happen to be in the field buzzed me " Padi men bagsak si router ta" Brother,our router here is sucked , so its downtime period!Upon hearing the problem,I told him "Padi men,gibo kita router" "Padi men we will make a router instead " he then said "eu padi kaya lang papano?" "Yes , brother but how will we" and again my reply " Ok Padi men download ka ning stable release ning IP Cop tapos kua kang sarong computer saka extra LAN card" "Ok Padi men please download IP Cop stable /release version and a pieces of LAN cards through that we will make a router" and he said "OK.."so then the story continued by following the HowTo's of IP Cop and to make the long story short-we had recovered our down time as soonest possible.

Instead ,I would share to you how we tweaked it from PC to a router.

Requirements:
Hardware:
PII Hitachi (mini-Desktop)
Softwares:
1)IPCop version 1.4.20
2)Smooth wall

Methodology:
Use IPCop software to make a simple PC router this will enable all the capabilities of a NAT,Firewall and Bandwidth traffic managements inside an old almost junk PC.The project will demonstrate how a modified router will surpass the performance ofthe commercially available routers.

Here is te HowTo's
1) Add a PCI LAN Card into your PC

2)Download the IPCop here
http://www.ipcop.org/index-pn.php?name=News&file=article&sid=41

3) Configuring PC to be a router

a) DSL/MODEM (Red) configure WAN in DHCP mode.
*We choose this options for fast IP broadcast coming from the source

b) HUB1(Green) configure with a static IP and enable DHCP server
*The first hub/switch are able to broadcast range of IP's

c)HUB2 (Orange) configure with a static IP and enable DHCP server
*The second hub/switch are able to broadcast range of IP's

4) A PC router using NAT,Port forwarding and blocking sites

Detail(1): Oh! the router got sucks..


Detail(2):So let's get it on,hook the old one(PII 450Mhz)!


Detail(3)Flop the case and add Ethernet Cards!


Detail(4)LAN for the Yellow and WAN for the Gray..


Detail(5)On our hi-edge PC router completing test ah 1.2.3.4...!


Detail(6)Close the metal case, and proceed to operation...


Detail(7)The PC router in tandem with Netgear switch(The works of Old!)


Detail(8): Hi-edge PC router operations in the middle of nowhere!


Summary:

Conclusions:
We made a Hi-edge router in the middle of nowhere!

A simple FTP Server

Objectives:
1)To build a simple FTP server
2)To use old -junked PC into a file storage machine


Introductions:

Sometimes most old PC or servers are junked in the garage or even are scheduled for an inventory or dispatch.But,you can use it as an storage machine;instead of buying a quite expensive CD/DVD ROM or storage gadget.Another application this old machine can be useful is to link it in the local network and then you can upload /download data. I hope this tutorial will help a lot for this expected purpose.

I) Configure FTP Server
1) Click the start program
2) Goto and click control panel

3) Goto and click IIS(Internet Information Services) icon


4) Goto and click the IIS Sub-icon


5) Goto and click “properties” FTP icon directory


6) Goto and click security accounts
7) Goto and uncheck “ Allow anonymous connections then click “OK”


8) Goto and click FTP sub-icon directory then click “properties” menu


9) Goto and click “FTP site” tab
10) Give a name descriptions ( or say the IP address of a Server[PC])
11) It should look as what was captured below


12) Goto and click “Security Accounts” tab then uncheck the “Allow Anonymous Connections”

13) Goto and click the “ “ Home Directory” tab then click “OK”

Note” (# 13)guide as to where the files of the FTP server will be stored in this case the path is C:/Initpub/ftproot -it is your preference

II) Access FTP Server

1)Open a Mozilla Internet browser

2)Goto Tools->Internet options->Network->settings then check the “Auto-detect Proxy setting.
Note' (#2) avoid from interfering the defined proxy of the administrator because some of the user uses proxy server and it will require a lot of configurations and permission if you set up FTP server and that it would pass to their proxy

.

3)Browse now the directory
4)Type ftp://ipaddress
5)User Name and Password will pop-up after browsing the FTP server this
will ensure authentications for access grant of the FTP server files.

6).The directory contents should be the files stored in your C:/inetpu/ftproot/

7) The file that are stored in the C:/Inetpub/ftproot/ are available for FTP downloading

7.a)FTP files viewed in the browser


7.b)File in FTP Server Directory


Note: Still need photos and is subjected for edition

Thanks!


E^3

OpenSource IP-PBX ( VoIP Server Setup)

Introductions:
Why VoIP?
The traditional PSTN
To PSTN to VoIP
The VoIP advantage-1
The OpenSource Asterisk VoIP advantage-2
How to Do it yourself

Requirements:
2 units of at least 800Mhz PC (P4 or P3)
1 switch/hub
3 RJ45 cable
IP Phones
Xlite-Softphone (windows)
Kphone-Softphone( linux)

Scenario:
Lab setup
Office Setup
Home Setup
Building or commercial setup.

Detail() Asterisk card: 1 FXO(red) and 1 FXS(green)


Detail()Inserting an Asterisk card in a PCI slot


Detail()Fixing an Asterisk card in a PCI slot


Detail() On boarding Asterisk card inside a VoIP Server


Detail()A picture of VoIP Training work shop

Summary:


Conclusions:

I could not believe that a commercial branded model PBX(with addons and features) cost hundred of thousand pesos or could reach to half a million pesos.But, because of an opensource soft PBX ,engineers and common users may have now a wise options to learn and use the less cost IP Telephony technology.

Shibboleth Deployment

Shibboleth Deployment Guide

FOREWORD

The objective is to have a proof of concept about “Shibboleth” and the main feature is its deployment. Shibboleth is a software that handles web applications of identity management in federations, which makes it possible to realize a Single Sign On across organizational; boundaries .A federation in this context is a group of organizations which incorporate to share user data and protected resources under common guidelines .Shibboleth provides a uniform authentication mechanism for application offered by the members of a federations, which could be realized with different technologies, architectures and security mechanism.It allows users to sign on to these applications with the same username and passwords and also make itpossible to realize a single sign on for them. Shibboleths primary target domain is higher education, but itcan be used in other areas. Another is the application of proxy server added to shibbolization because combining the two features on the system either bilateral (simple authentications) or federations can be a useful highly secured SSO fast proxy server

The deployment being discussed here are the bilateral, federated and reverse proxying mode application of shibboleth. These three applications are setup in three different phases: Phase 1 for bilateral, Phase2 for DS/WAYF federated and in Phase 3 we add reverse proxying on shibboleth. This User Deployment Guide aims to give an easiest way of complex shibboleth deployment.

The tutorial uses both Windows (XP) and Linux (Cetos.X) operating system. All Softwares can be downloaded for free.

Good Luck!

CMC-2008-9


SHIBBOLETH DEPLOYMENT PHASES
I) SHIBBOLETH BILATERAL DEPLOYMENT

First Phase is to deploy a bilateral deployment of shibboleth with a single IdP and SP on two separate platforms ( Windows and Linux).The discussion are detailed that sufficiently allow user/s to replicate setting and configuration of one server to another. The bilateral deployment will show the use of shibbolization such as: generating certificate and key credentials, doing simple apache http authentications and simple secured website. This will give an example of creating a partner metadata that describe the identities of the two participating Identity provider and the Service providers .Each metadata’s describe different entities that would characterize each providers and be able to acquire credentials registrations, membership to other providers. Communicating between SP and IdP are given a step by step procedure as well us debugging log files to review errors of session and transactions. It gives miscellaneous tutorials for setting Network Time protocols for servers and clients and enabling /opening port against firewall restrictions. This is enough to demonstrate simple Single Sign On authentication applications. Hence some advance shibbolization will be tackled in the next phase.

II) SHIBBOLETH FEDERATED DEPLOYMENT

Second Phase is a deployment of simple federated shibboleth with a two or more IdP and multiple SP; both of which running on two separate platforms ( Windows and Linux).The discussion are detailed that sufficiently allow user/s to replicate setting and configuration of one server to another. The shibboleth federated deployment will show the use of shibbolization such as: generating certificate and key credentials, doing simple apache http authentications and simple secured website. Each metadata’s describe different entities that would characterize providers and be able to acquire credentials registrations and membership wishing to have an access to other providers. This will give examples of creating a partner metadata that describe the identities and entities of the participating groups of Identity provider and Service providers – Shibboleth Federations. Another is the rerouting from a usual IdP SSO to a Discovery Service or the Who Are You From (WAYF server) service .Although not implemented in the second phase, it still discusses how to configure LDAP on shibboleth by interfacing it in apache. Communicating between SP and IdP are given a step by step procedure as well us debugging log files for reviewing errors such as session and transactions. It gives miscellaneous tutorials for setting Network Time protocols and the enabling /opening port against firewall restrictions

III) SHIBBOLETH WITH REVERSE PROXY DEPLOYMENT
Third Phase, lastly if shibboleth Federation works pretty well, then the next phase is the additional application .Aside from shibbolization like Single Sign On access it is possible also to add function like reverse proxying .Reverse proxy is a gateway for servers, and enables on web server to provide content from another transparently. As with the standard proxy, a reverse proxy may server to improve performance of the web by caching, this simple way to mirror a website .But the most common reason to run a reverse proxy is to enable controlled access from the web at large to servers behind firewall. The proxied server may be a web server itself, or it may be an application server using a different protocol, or an application server with just rudimentary HTTP that needs to be shielded from the web at large .In this last phase reverse proxying has been preferred method of deploying shibboleth on the web, replacing the old mod_jk (itself) a special –purpose reverse proxy module) features of Apache. The configuration is simple that it gives a smooth reverse proxy application on shibbolization.

SHIBBOLETH WINDOWS SYSTEM REQUIREMENTS
1) HARDWARES:
2 PC (virtual machine) or 3 PC
1 IdP (windows XP), SP (Windows XP) & SP (Centos X.0)

2) SOFTWARES:
A) Shibboleth Service Provider
Apache 2.2
apache_2.2.4-win32-x86-openssl-0.9.8d.msi
Tomcat 5.5
apache-tomcat-5.5.23.exe
Shibboleth SP 1.3/2.0
shibboleth-sp-1.3f-win32.msi
B) Shibboleth Identity Provider
Apache 2.2
apache_2.2.4-win32-x86-openssl-0.9.8d.msi
Java 1.5 SDK
jre-1_5_0_12-windows-i586-p.exe
Tomcat 5.5
apache-tomcat-5.5.23.exe
Shibboleth IdP 1.3/2.0
shibboleth-idp-1.3.2.zip
3) Miscellaneous:
VNC viewer
VMware
Notepad ++
NTP server & clients (for time sync)
4) Download Sites:
APACHE
http://archive.apache.org/dist/httpd/binaries/win32/apache_2.2.4-win32-x86-openssl-0.9.8d.msi
TOMCAT
http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.23/bin/apache-tomcat-5.5.23.exe
TOMCAT CONNECTOR
http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/win32/jk-1.2.26/mod_jk-1.2.26-httpd-
2.2.4.so
JAVA
http://www.livingresources.org/livresforms/Downloads/jre-1_5_0_12-windows-i586-p.exe
SHIBBOLETH IDP
http://shibboleth.internet2.edu/downloads/shibboleth/idp/archive/shibboleth-idp-1.3.2.zip
SHIBBOLETH SP
http://shibboleth.internet2.edu/downloads/shibboleth/cppsp/archive/1.3f/win32/shibboleth-sp-1.3f.msi
NTP
http://download.softros.com/nts.zip

INSTALLING IDENTITY PROVIDER
A) Installing Apache (version 2.2)
i) Download apache
ii) Install the package
iii) Change the directory into C:/Apache2.2/
iv) Test Apache; browse http://localhost/ (“It works”)
B) Install Java (version 5 update 12)
i) Download Java 1.5
ii) Install the package
iii) Change the directory into C:\JRE
iv) Set the PATH environment variable to include JAVA_HOME\bin
C:\> path
PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System23\Wbem;C:\Apache2.2\bin
C:\> set JAVA_HOME=C:\JRE\
C:\> set PATH=PATH%;%JAVA_HOME%\bin
C:\> path
PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System23\Wbem;C:\Apache2.2\bin;C:\JRE\bin
C) Install Tomcat (version 5 update 12)
i) Download Tomcat
ii) Install the package
iii) Change the directory into C:/Tomcat5.5
iv) Test Tomcat, browse http://localhost:8080
D) Install IdP software package
i)Download IdP 1.3
ii) Install the package
iii) Change the directory into C:/shibboleth-idp
and answer the ff: questions:
iv.1) hostname
iv.2) group name
iv.3) Admin e-mail
v) Copy C:/shibboleth-idp/endorsed/*.jar to C:/Tomcat5.5/webapps/commom/endorsed
vi) Copy C:/shibboleth-idp/shibboleth-idp.war to C:/Tomcat5.5/webapps/
vii) Go to C:/Apache2.2/bin and generate certificate and key file
C:/Apache2.2/bin/
openssl req –new –x509 –nodes –out C:\PKI\sp.crt –keyout C:\PKI\sp.key –config C:\Apache2.2\conf\openssl.cnf
viii) Now you have sp.crt and sp.key in the C:/PKI
ix1) idp.key (Key File)
ix2) idp.crt (Certificate File)

INSTALLING SERVICE PROVIDER
A) Installing Apache (versions 2.2)
i) Download apache
ii) Install the package
iii) Change the directory into C:/Apache2.2/
iv) Test Apache; browse http://localhost/ (“It works”)
C:/Apache2.2/bin/
httpd -k start –n “Apache2”
httpd -k sttop
B) Installing Shibboleth Software (version 1.3)
ii) Download SP
iii) Unzipped the SP package (shibboleth-1.3f.zip)
iv) Install the package (shibboleth-1.3f.msi)
and answer the following questions
iv.1) hostname
iv.2) group name
iv.3)e-mail
v) Change the directory into C:/shibboleth-sp
vi) make a dir C:/PKI
vii) goto C:/Apache2.2/bin/ generate a certificate and key file for SP
C:/Apache2.2/bin/
openssl req –new –x509 –nodes –out C:\PKI\idp.crt –keyout C:\PKI\idp.key –config C:\Apache2.2\conf\openssl.cnf
viii) Now you have sp.crt and sp.key in the C:/PKI folder
ix1) sp.key ( Key File)
ix2) sp.crt (Certificate File)
C) Install Tomcat (version 5 update 12)
i) Download Tomcat
ii) Install the package
iii) Change the directory into C:/Tomcat5.5
iv) Test Tomcat, browse http://localhost:8080/


BILATERAL IdP SETUP & CONFIGURATIONS
1) Apache configurations
i) Edit httpd.conf in the C:\Apache2.2\conf
ii) Uncomment/ remove the hash (#) symbol in Loadmodule modules/mod_ssl.so line
iii) Uncomment/remove the hash (#) symbol in Include extra/httpd-ssl.conf line.
iv) Edit httpd-ssl.conf in the C:\Apache2.2\conf\extra
SSLCertificate c:\PKI\idp.crt
SSLCertificateKeyFile\idp.key
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLOptions +StdEnvVars +ExportCertData
v) Create a file named “workers.properties” in the C:\Apache2.2\conf folder
worker.list=ajp13
worker.ajp13.port= 8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13
v) Download the latest win32 version of the mod_jk-httpd-2.2.4.so
vii) Copy mod_jk_httpd-2.2.4.so in the C:\Apache2.2\modules\ folder
viii) Create a file named “httpd-tomcat.conf “in the C:\Apache2.2\conf\extra folder
ix) Edit httpd-tomcat .conf
Loadmodule jk_module conf/modules/mod_jk-apache-2.2.4.so
JkWokersFile C:/Apache2.2/conf/workers.properties
JkLog File C:/Apache2.2/logs/mod_jk.log
JkShmFile C:/Apache2.2/logs/mod_jk.shm
JkMount Shibboleth-idp ajp13
JkMount Shibboleth-idp/*.jsp ajp13
x) Create a file name “httpd-ssl-8443.conf” in the C:\Apache2.2\conf\extra folder
xi) Copy the content of “httpd-ssl.conf” and replace 443 by 8443.
2) Tomcat configurations
i) Edit server.xml in the C:\Tomcat5.5\conf directory.
ii) Find/locate “8009”, replace the command statement then save.

3) IdP configurations
i) Edit idp.xml found in the C:/shibboleth-idp/etc/ folder
i.1) Replace example.edu.org by bi-idp.xxd.edu.ph
i.2) Search and replace 443 by 8443 (port 8443 for SSL).
i.3) Replace “defcreds” by “bilateral”
i.4) Replace the previous certificate by the generated idp.crt
i.5) Configure certificate and key file path “file:/c:/PKI/Idp.key”
i.6) Configure certificate and key file path “file:/c:/PKI/Idp.crt”
ii) Copy the example-metadata.xml in the C:\shibboleth-sp\etc\shibboleth folder
ii.2) Rename the copied example-metadata.xml into partner-metadata.xml
ii.3) Edit the partner-metadata.xml
ii.4) Replace the shibidp.crt and shibdsp.crt by a new generated idp.crt and sp.crt strings of characters.

==========================================================================

----BEGIN CERTIFICATE-----
MIID6TCCA1KgAwIBAgIJANz/+JnxoNSPMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD
VQQGEwJQSDEPMA0GA1UECBMGTWFuaWxhMRQwEgYDVQQHEwtRdWV6b24gQ2l0eTEg
MB4GA1UEChMXTWFpbiBMaWJyYXJ5IFVQIERpbGltYW4xEzARBgNVBAsTCnVwZC5l
ZHUucGgxGjAYBgNVBAMTEWJpLWlkcC51cGQuZWR1LnBoMSEwHwYJKoZIhvcNAQkB
FhJzaGlidGVzdEB5YWhvby5jb20wHhcNMDgxMTI5MDA1MzA5WhcNMDgxMjI5MDA1
MzA5WjCBqjELMAkGA1UEBhMCUEgxDzANBgNVBAgTBk1hbmlsYTEUMBIGA1UEBxML
UXVlem9uIENpdHkxIDAeBgNVBAoTF01haW4gTGlicmFyeSBVUCBEaWxpbWFuMRMw
EQYDVQQLEwp1cGQuZWR1LnBoMRowGAYDVQQDExFiaS1pZHAudXBkLmVkdS5waDEh
MB8GCSqGSIb3DQEJARYSc2hpYnRlc3RAeWFob28uY29tMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDAylRbmuv0PMhpdgtEZ/2QilMmARJnNu2orwWhL5zmSPSC
E/CMmsuArIDBOu2sekAdMvez9ymtoRc4zdf1Fy85FpEi+UNhRB0FSNLF4kE3Zq6b
GXu8HEU3f7Rz9Fs/Wmni1R32/H8JEKfP69Qf241JKBaliB2CadQF7JwjdQF72wID
AQABo4IBEzCCAQ8wHQYDVR0OBBYEFAuvQ8jh2mcEUYWu04BZEfR7tCjtMIHfBgNV
HSMEgdcwgdSAFAuvQ8jh2mcEUYWu04BZEfR7tCjtoYGwpIGtMIGqMQswCQYDVQQG
EwJQSDEPMA0GA1UECBMGTWFuaWxhMRQwEgYDVQQHEwtRdWV6b24gQ2l0eTEgMB4G
A1UEChMXTWFpbiBMaWJyYXJ5IFVQIERpbGltYW4xEzARBgNVBAsTCnVwZC5lZHUu
cGgxGjAYBgNVBAMTEWJpLWlkcC51cGQuZWR1LnBoMSEwHwYJKoZIhvcNAQkBFhJz
aGlidGVzdEB5YWhvby5jb22CCQDc//iZ8aDUjzAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBBQUAA4GBADKTpbJ2h2mNq45e87yYxVSayMZEJx2ombz7XrlWBkumnZ0t
kUIFtb0gkaJJMD90H0kweb1Vco7CtUvGGqPUhazIAjSQOkKoRz7NsSrmuCPtEC1p
6TG5n2FPVnoyoAnwkxz0OPjf5F5YQVKidoAmfVN69Fs1p5VDRjH2T0ZtzwRU
-----END CERTIFICATE-----

==========================================================================

ii)Edit resolver.xml in the C:\Shibboleth-idp\extra\
ii.1) Change the smartcope=”” content by xxd.edu.ph
iii) Create a partner-metadata.xml file in the C:\shibboleth-sp\etc\ folder by copying example-
metadata.xml
iii.1) Replace the original shibdidp.crt and shibdsp.crt by idp.crt and sp.crt respectively.
iii.2) Replace the content by upd.edu.ph
iii.3) Replace idp.example.edu.org by bi-idp.xxd.edu.ph and sp.example.edu.org by bi-sp.xxd.edu.ph

BILATERAL SP SETUP & CONFIGURATIONS
1) Apache configurations
i) Edit httpd.conf in the C:\Apache2.2\conf
ii) Uncomment/ remove the hash (#) symbol in Loadmodule modules/mod_ssl.so line.
iii) Uncomment/remove the hash (#) symbol in Include /extra/httpd-ssl.conf line.
iv) Edit httpd-ssl.conf in the C:\Apache2.2\conf\extra
SSLCertificate c:\PKI\sp.crt
SSLCertificateKeyFile\sp.key
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLOptions +StdEnvVars +ExportCertData
v) Create a file named “workers.properties” in the C:\Apache2.2\conf folder
worker.list=ajp13
worker.ajp13.port= 8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13
v) Download the latest win32 version of the mod_jk-httpd-2.2.4.so
vii) Copy mod_jk_httpd-2.2.4.so in the C:\Apache2.2\modules\ folder.
viii) Create a file named “httpd-tomcat.conf “in the C:\Apache2.2\conf\extra folder
ix) Edit httpd-tomcat .conf
Loadmodule jk_module conf/modules/mod_jk-apache-2.2.4.so
JkWokersFile C:/Apache2.2/conf/workers.properties
JkLog File C:/Apache2.2/logs/mod_jk.log
JkShmFile C:/Apache2.2/logs/mod_jk.shm
JkMount Shibboleth-idp ajp13
JkMount Shibboleth-idp/*.jsp ajp13
2) SP configurations
i) Edit shibboleth.xml in the C:\shibboleth-sp\etc\shibboleth folder
ii) Replace the FileResolverId “defcreds” to “bilateral”
iii) Copy and change the path of the certificate and key file to
iii.1) Configure certificate and key file path “file:/c:/PKI/sp.key”
iii.2) Configure certificate and key file path “file:/c:/PKI/sp.crt”
iv) Search and replace the idp.example.edu.org by bi-idp.upd.edu.ph (our IdP)
vi) Replace example-metadata.xml by the modified partner-metadata.xml
x) Copy the example-metadata.xml in the C:\shibboleth-sp\etc\shibboleth folder
ix) Rename the copied example-metadata.xml into partner-metadata.xml
xi) Edit partner-metadata.xml
xii) Replace both shibidp.crt and shibdsp.crt by the newly generated idp.crt and sp.crt respectively
12
Note***
1) After the SSL cli command check for the generated idp.crt and idp.key stored in the /PKI/ directory.
2) Open idp.crt by a notepad++ editor.
3) Copy or cut (please back up) a string of characters with in” BEGIN & END CERTIFICATE” delimiter.
4) Paste the copied certificate in step # 4, thus it will replace the certificate content of the
to found in the partner-metadata.xml of Identity Provider.
5) IdP server can be accessed by a multiple Service Providers in a bilateral Shibboleth. It is done by
inserting another
which equivalently describe a newly added Service Provider entities inside or within the IdP partner-
metada.xml.
iv.2) sp.crt
==========================================================================
-----BEGIN CERTIFICATE-----
MIID5jCCA0+gAwIBAgIJAO7iXQVDMgydMA0GCSqGSIb3DQEBBQUAMIGpMQswCQYD
VQQGEwJQSDEPMA0GA1UECBMGTWFuaWxhMRQwEgYDVQQHEwtRdWV6b24gQ2l0eTEg
MB4GA1UEChMXTWFpbiBMaWJyYXJ5IFVQIERpbGltYW4xEzARBgNVBAsTCnVwZC5l
ZHUucGgxGTAXBgNVBAMTEGJpLXNwLnVwZC5lZHUucGgxITAfBgkqhkiG9w0BCQEW
EnNoaWJ0ZXN0QHlhaG9vLmNvbTAeFw0wODExMjcwNzMzMTBaFw0wODEyMjcwNzMz
MTBaMIGpMQswCQYDVQQGEwJQSDEPMA0GA1UECBMGTWFuaWxhMRQwEgYDVQQHEwtR
dWV6b24gQ2l0eTEgMB4GA1UEChMXTWFpbiBMaWJyYXJ5IFVQIERpbGltYW4xEzAR
BgNVBAsTCnVwZC5lZHUucGgxGTAXBgNVBAMTEGJpLXNwLnVwZC5lZHUucGgxITAf
BgkqhkiG9w0BCQEWEnNoaWJ0ZXN0QHlhaG9vLmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAwvMjbrZ/xb2swp+gijBHaCLoG7Vp5JXybWc/tWBL4qxjaFNh
GWKmDLzyf89SGjFvU741giS658sFWj4S6HHHVm/JbvZOmz+FmmeaKch4JIeLag9Q
WELBarz3KmAA60SpyKxZ4dkQKhDfKhdXbDPqGZ2XpfHU7WDC1tzOvYNlspMCAwEA
AaOCARIwggEOMB0GA1UdDgQWBBQ1G4eVVShYUvmxcbQJdGhOqSkSYjCB3gYDVR0j
BIHWMIHTgBQ1G4eVVShYUvmxcbQJdGhOqSkSYqGBr6SBrDCBqTELMAkGA1UEBhMC
UEgxDzANBgNVBAgTBk1hbmlsYTEUMBIGA1UEBxMLUXVlem9uIENpdHkxIDAeBgNV
BAoTF01haW4gTGlicmFyeSBVUCBEaWxpbWFuMRMwEQYDVQQLEwp1cGQuZWR1LnBo
MRkwFwYDVQQDExBiaS1zcC51cGQuZWR1LnBoMSEwHwYJKoZIhvcNAQkBFhJzaGli
dGVzdEB5YWhvby5jb22CCQDu4l0FQzIMnTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBBQUAA4GBAFqSeEud1mw5jDTZNGTD3Y64po0dE+2SPexh5Ir5m43xrcEpIbf8
QuufnJL9P4T9iCFgjdTq91bNC0/Q4x7uhU4HuybDRnI0keIb2T9KgY+eNfCvv1O/
fYvipw2Je3KGlUj+zlGhQXZG0z2muqfYs0yQzt0qCp1QGlxltDNFAvyM
-----END CERTIFICATE-----

==========================================================================
6)File 3) Create an index.html
1)Create a folder “secure” in the web path subdirectory of /usr/local/apache2/htdocs/ folder.
2)Create an /usr/local/apache2/htdocs/secure index.html to be use a a secured webpage .

MISCELLANEOUS SETUP & CONFIGURATIONS
1) Installing NTP client and Server
i.1) Install the NTP (time) server software package to either IdP or SP machine server
i.2) click the Setting->Broadcast (to broadcast UDP time packet)
ii.1) Install the package of NTP (time) software clients to the rest of IdP and SP
ii.2) Install the package of AD-Deployment NTP clients
ii.2) click the “Sync Now) to synchronize the time from NTP server
Note* **
1) Using IP addresses to access both Service Providers and Identity Providers is not ideal and confusing,
instead use an initial domain.
2) A user within a local network can test both IdP and SP by accessing their respective local domains.
2) Configure a simple IP -> DNS HTTP-URL access.
i) Goto C:\windows32\System32\drivers\etc\ folder
ii) Edit the “host”, type the following
# This is just a substitute if there is no DNS server available.
#---Configure to your own preference (local domain)
10.36.129.38 bi-sp.xxd.edu.ph
10.36.129.36 bi-idp.xxd.edu.ph
10.36.133.15 secure-sp.xxd.edu.ph
10.36.133.6 secure-idp.xxd.edu.ph

COMMUNICATIONS B/W SP & IdP
1) IdP Authentications using Apache (IdP server side)
i) Edit the httpd.conf file in C:\Apache2.2\conf folder
i.2) Add the following shibboleth configurations
#-------Shibconfig----------------
#LoadModule Shibboleth module
LoadModule mod_shib /usr/local/shibboleth-sp/libexec/mod_shib_22.so
#Global Configuration
ShibSchemaDir c: /shibboleth-sp/share/xml/shibboleth
ShibConfig c: /shibboleth-sp/share/xml/shibboleth
#.SSO

SetHandler shib-handler

AuthType Basic
AuthName "XX Diliman IdP"
AuthUserFile C:/shibboleth-idp/credentials/user.db
require valid-user

2) Password and database for HTTP access (Username & Password)
C:\> htpasswd –c –b c:/shibboleth-idp/credentials /user.db bopher xxx
Check for user.db in the folder
C:\> cd C:\ shibboleth-idp/credentials
3) To bounce other services goto program->control panel->Administrative tools-> click this icon
4) Service Provider (SP server side)
4.1) Starting shibboleth 1.3 daemon.

Rural e-Center System Integration & Design(Garchitorena)

Abstract :
Rural e-Center is the ultimate solutions of bridging rural community digital divide. But the sufficiency of funds weigh more than any dilemma compared to its technology importance.It is the challenge of pursuing an e-Center to look for a bulky funds (solicitation and donations ) or what just we need is the customizations of technical skills expertise that indirectly proportionate the cost and eventually attain the establishment of Rural e-Center program.

Introductions :

So; we live in this archipelago and in particular in the place they called Bicol where we had grown technically and professionally. For the years passed by, this place with outbound beauties is always been surprised by calamities and that could turn into a traumatic event that folks can never ever be forgotten. Whatsoever, there are essence of coping up, Bicolanos are oragon' and have all the means to strive of moving on-still life with non fading hopes. Astonishingly aside from those calamities Bicolanos residing in rural places in hilly or in coastal areas couldn't travel by land if roads are at mud, nor by sea when waves hits is lethal. Losses of information & communication almost caution his life to an onslaught of disasters and still Bicolanos survived. But for how long this digital divide would deprive their lives and futures? And those were the history, those were stories, and those were sympathy and countless way to promote who really we are.

Now, we realize it’s time to leave the book and turn around credentials and widen the horizon of our own e-lab and addressed to the technical problem outside. Because for us, what matter most is the challenge these marginalize brethren who happen to be our town folks-Bicolanos experienced marginality in the hope to see the freedom of techno's and info’s freely. A freedom that they can surf the wide world virtually, a joy to converge speaking with other remotely and no need for a half day journey and going back home for another day. Somehow,it is worth compelling service to let them reunite with their families abroad and let themselves gain morale- believing they are still connected in the globe.

Hence, we; are not a traditionally made politician, a well off business men neither an influential public figure. Yet, we have a less penny in the pocket a supplemental ideas and tools to crack the barrier and outreach concern to their necessities. And what are these for all? An e-service and an e-business ,after all a philosophy of helping and living and is possible through System Integrations & Design of a Rural e-Center . EtherTech Team(Bicol)

Objectives:
1)To provide useful documents about the Rural e-Center System Integration & Design
2)To provide detailed technical data from scratch to fully operational System Integration of an e-Center
3) The How-To's of establishing Rural e-Center System


Methodology of the Project:

The project will be done with 4 phase of development: The first phase is the building of mini-edifice of an e-Center and the installation of the satellite dish.The second phase is the kind of network topology the DTE /CPE will be interconnected.The third phase is the network security and the convenience of the user to patronize the e-Center's feature and applications. The last phase is all about the transfer of technology and the technical documentations of the System Integrations & Design of a Rural e-Center .

e-Center Scope of Work:

VSAT Network Design
->Satellite Dish:Orientations, panning, mounting
->Calibrations
->Configurations
->Final Setup

Infrastructure Design
-Floor Dimension
->Area
->Height
-Electrical Layout
->AVR/UPS
->Current rating

Local Area Network Cabling Design
->Cable crimping
->Roughing
->Patching
->Hauling
->Smoothing

Network Communication System Efficiency
-Bandwidth Management
->Traffic Routing,
->Sharing
->Shaping

-Network Security
->NAT
->IP Filter
->Firewall
->Open Kiosk

Server Setup
->FTP server
->Mail Server
->Squid Proxy Server
->Embedded server Setup
->VoIP Server Setup
->Open Kiosk Server Setup

DTE/CPE setup & Installations
->Router
->Switch
->IP Phones
->Tele Fax Machine Setup
->Web Camera
->Scanner/Printer/Photo Copier

Applications Internet:
->Browsing
->Uploading /Downloading
->SSS-ID/loan/benefits transactions
->GSIS -ID/loan/benefits transactions
->Web Cam with Chat
->E-mail
->VoIP
-->Intranet IP calls
-->External IP calls
->PSTN Calls
->TeleFax Machine
-> Video Conferencing

Detail(1): Garchitorena e-Center site


Detail(2): Tamban port and the journey to Garchitorena e-Center


Detail(3): Garchitorena Sea port-reaching Techno Barrio e-Center

Detail(4): The e-Center crafty laborer


Detail(5) "e-Phone" Garchitorena IP Telephony booth constructions


Detail(5.a) "e-Phone" IP Telephony booth complete setup


Detail(6): Garchitorena e-Center first and youngest volunteer IT worker


Detail(7):Satellite(Outer-space) link successful configurations-IP Star(Thai-Comm4)


Detail(8): The "Sampayan" beyond IP Star


Detail(9): An e-Center humble beginning and its indigenous smile

Detail(10) Electrical lay out,UPS,Modem,router,server,and network links

Detail(11): Satellite Link bandwidth testing-ftp server


Detail(12): Satellite link access speed test-speed meter


Detail(13): e-Center Network Diagram


Detail(14) A newly hired technical quality consultant


Detail(15) e-Center 's kiosk and its sharing futures


Detail(16) Video coverage Garchitorena Cam. Sur e-Center

Summary :

Requirements for Satellite integration and Installations certification was successfully passed by the EtherTech Team.PC's and equipments were safely transported from Manila to the remote area of Garchitorena. A complete establishment of an e-Center was finished with satellite internet(TCP/IP) access that were linked to the DTE/CPE terminals. Shared bandwidth both wireless and wired connections was ideal and MTBF did not affect its system full usage.The final demonstrations of an e-Center makes it possible through dry-running with 4 weeks of broadband internet traffic testing and the results was superb.EtherTech is working on additional room for the e-Center expansion which is exclusively use for monitoring ,traffic controls and farm servers.

Conclusions:
Yes, a complete System integration and design of a rural e-Center.


Acknowledgments:

To HIM who give us the determinations to the fruition of pursuing an e-Center.
To Oliver Family of Garchitorena, Mam Lina and Sir , and their grand kids who had shown great interest to the world of Info Tech .
To my Family of Progress Home Canaman and my two nephews: Crisdon and MacRon.
To the Town folks who handed us some extra woods which were free of charge just to add beaming in the structure of e-Center.
To the Open source Community for our innovations of making a simple PC robust and reliable and alternatives to hi-tech equipments thus reducing cost.
To WIT Company for the trust and confident that make us as one of their business partner.
To the Filipinos of this archipelago who believe that changes could happen within themselves.

EtherTech Team:(info at et-ict dot com)

Cenon Menard Oliver
-System Integrator Engineer
-Certified Satellite Installer & Integrator
-Rural e-Center Operation Manager(cmb dot oliver at et-ict dot com)

Michael Anthony Anonat,ECE
-Telecom Engineer(Consultant)

Richard Esperitu,CoE
-Network Engineer(Consultant)

Note:***
Writings on this blog/article are still subject to comments, suggestions and editions.


Thanks

E^3
The Author