MD. SAMSEL ARIFIN

Protecting the Digital Frontier: An Expert Network Security Engineer

Get Connected

  • 0

    Certifications

  • 0+

    Direct Clients

  • 0

    Total Projects

  • 0K

    Technical Issue resolves

  • Certified Fortinet Network Security Professional (NSE 4)

    Successfully passed Fortinet NSE 4 - FortiOS 7.2 on October 20, 2023

  • Certified Network Security Specialist (CNSS)

    Passed the Certified Network Security Specialist (CNSS) exam from ICSI (International CyberSecurity Institute), UK at June, 2020

  • Advanced Penetration Testing

    Completed "Advanced Penetration Testing" on the Cybrary

  • C)SA1: Certified Security Awareness 1

    Successfully passed Certified Security Awareness 1 certification from Mile2

  • MCSA: Windows Server 2016 - Exam 70-740

    Passed and received a 933 score on the MCSA 70-740 Installation, Storage, and Compute with Windows Server 2016 exam.

Presenting

Skilled Network and Security Engineer

4

Successful Years

About Me

With over 4 years in network and security, I specialize in designing and securing intricate infrastructures. My expertise includes network design, VPN implementation, and managing devices like Fortinet FortiGate, Sophos UTM, and Palo Alto firewalls. I excel in LAN/WAN design, data center networking, and system administration across Windows Server, Linux, and Unix platforms. Proficient in routing and switching (Cisco, BGP, OSPF), I also handle network configuration management, patch management, and performance optimization. Proven in technical support, I’ve resolved over 1,200 technical cases, preserved significant revenue, and led projects to enhance security and network efficiency. Let’s optimize and safeguard your digital environment with robust solutions.

    • Name

      Md. Samsel Arifin Chowdhury

    • Email

      samselarifinchowdhury@gmail.com

    • Phone

      +880 152 1428553

    • Address

      Banasree, Dhaka - 1219

    • Degree

      Bachelor

    • Freelance

      Available

Download CV
Skills

I Work Hard to Improve My Skills Regularly

Network Security Implementation 95%
Cisco System Products 80%
Intrusion Detection and Prevention 85%
Routing & Switching 90%
Firewall Management 85%
ISO 27001 Auditing 72%
Network Architecture Design 90%
Services

Network Security Services I provide

  • Network Infrastructure Design and Optimization

    Assess network topology and hardware to identify bottlenecks. Develop diagrams with optimal configurations for routers, switches, and firewalls. Design failover, load balancing, and redundancy. Implement continuous monitoring to enhance efficiency.

  • Firewall Configuration and Management

    Implement customized firewall solutions with tailored rules and policies. Monitor logs for real-time threat detection, conduct periodic audits, update firmware, and optimize performance. Receive expert guidance for robust, compliant security.

  • Wireless Network Security

    We will implement WPA3 and secure SSIDs for wireless security, strategically position access points to minimize interference, and use advanced security features to protect your network effectively.

  • Web Security and Filtering

    We will implement web application firewalls (WAF) to defend against web attacks, filter content to block threats, install IDPS sensors for monitoring, and set up alerts and automated responses to mitigate risks.

  • Compliance and Governance

    We ensure compliance with ISO 27001, GDPR, HIPAA, PCI-DSS, and SOC 2, draft security policies, educate employees on best practices, and conduct audits to verify adherence to standards and regulations.

  • Server, Endpoint, SIEM Deployment

    We offer expert server setup, secure configuration, and optimization. Services include installing server hardware/software, integrating DNS, DHCP, Active Directory, deploying endpoint protection, and configuring SIEM systems for centralized log management.

Resume

Professional Journey refelecting my skills

Experience

  • Network Security Engineer(2023 - Present)

    BacBon Limited

    Responsible for installing, configuring, and maintaining server operating systems such as Windows Server, Linux, and Unix. I draft and update Information Security Management System (ISMS) policies to align with ISO/IEC 27001 standards and manage Fortigate, Sophos, and Cisco firewalls, as well as switches. My role involves configuring and managing MikroTik routers, including tunneling, routing protocols, and firewall features. I investigate and mitigate network threats on layer 2 and layer 3 devices, design and implement firewall rules, and enforce server-level security controls like access controls and encryption. Additionally, I develop security awareness training programs, conduct risk assessments, maintain network documentation, and provide technical support to resolve issues and optimize network performance.

  • Network Engineer(2022 - 2023)

    Aamra Networks Limited

    At Aamra Networks Limited, I handled over 1,200 technical cases and successfully retained critical revenue exceeding 2.5 million BDT. My role involved investigating, diagnosing, and resolving network issues on layer 2 and layer 3 devices, and configuring Fortigate, Sophos, and Cisco firewalls and switches. I worked with diverse technical platforms, including mainframe systems, two-tiered client servers, and three-tiered client-server architectures. Additionally, I managed and configured MikroTik routers, handling tunneling, routing protocols, and firewall features. My responsibilities also included configuring firewalls, routing, and switching to optimize network efficiency and security, as well as troubleshooting mail-related issues across various applications such as Microsoft Outlook, MS O365, and MAC Mail.

  • Executive Engineer(2021 - 2022)

    Business Network – Bnet

    As an Executive Engineer in Network Administration at Business Network – Bnet, I was responsible for configuring, troubleshooting, upgrading, and maintaining routers (MikroTik), switches (Cisco, BDCOM, etc.), OLTs (BDCOM, Huawei, VSOL, etc.), and servers. I handled full ISP setups, including VLAN, BGP routing, filters, NAT, PPP, and queues, and provided technical support for network operations at L2/L3 levels and FTTH. My role involved regular updates of server and router logs, documenting changes, and monitoring overall system and network traffic while maintaining network equipment to ensure optimal performance and reliability.

  • Cyber Intern(2021 - 2021)

    Virtually Testing Foundation Remote (USA based)

    As a Virtual Intern, I received training in VMware, Kubernetes, and virtualization technologies. My responsibilities included learning how to configure and set up virtual machines, as well as implementing security measures to protect these virtual environments. This role provided hands-on experience with virtualization tools and best practices for managing and securing virtual infrastructures.

  • Communication Associate, Digital Marketing(2019 - 2019)

    Sailor by Epyllion Group

    As a Communication Associate in the Digital Marketing Department, I managed social media queries and effectively diagnosed and addressed customer complaints using the LATTE method. I successfully increased the Facebook page response rate from 53% to 97% and enhanced communication by transitioning from robotic FAQ responses to engaging, conversational interactions. This role involved refining customer engagement strategies and improving overall digital communication effectiveness.

Education

  • Bachelor of Science(2017 - 2020)

    Bangladesh Institute of Science & Technology

    Completed Computer Science & Engineering at BIST under the affiliation of National Univeristy

Testimonials

What Clients Say

  • I rarely like to write reviews, but the itemstore team truly deserve a standing ovation for their customer support, customisation and most importantly, friendliness and professionalism. Many thanks once again for everything and hope that I get to deal with you again in the near future.

    James Cameron

    Aroa Founder

  • I rarely like to write reviews, but the itemstore team truly deserve a standing ovation for their customer support, customisation and most importantly, friendliness and professionalism. Many thanks once again for everything and hope that I get to deal with you again in the near future.

    Mike Anderson

    Vivaco Studio

  • I rarely like to write reviews, but the itemstore team truly deserve a standing ovation for their customer support, customisation and most importantly, friendliness and professionalism. Many thanks once again for everything and hope that I get to deal with you again in the near future.

    Alan Walker

    Web Designer
Projects

What I Do for My Clients

  • VMware ESXI setup on DELL Server and Public Accessibility

    Content

    The task was to newly set up Virtualisation, VMware ESXI for the in-house server, and also configure internet access through a manageable router. The server was a Dell PowerEdge R740 Rack Server. The project was done for my client.

    Activities performed:
    o Establishing WAN and LAN through the manageable router
    o Implement Port security for the server port
    o Installing VMware ESXI 8.02
    o Configuring RAID and VM Machine for multiple development Services

    • Client Defence Service
    • Location Bangladesh
    • Device Dell PowerEdge R740 Rack Server, MikroTik CCR 1009
    • Date June 2024

  • Secured Infrastructure: A Comprehensive Server Room Design

    Content

    I have designed and supervised the server room setup and network design for BacBon Ltd.

    Activities performed:
    o Becoming part of the procurement
    o Selecting  devices according to the need
    o Maintaining proper security measures

    • Client BacBon Ltd, Edu Tech company
    • Location Dhaka, Bangladesh
    • Device Toten rack, Cisco Network Switch, Mikrotik, Dell Server
    • Date April,2024

  • ISP POP Configuration CISCO Nexus & Catalyst

    Content

    I have completed configuration of CISCO switch and router of ISP POP location in Bangladesh to provide that area user’s internet connectivity and worked as Network Engineer during my job tenture at Business Network.

    Activities performed:
    o Configured VLAN, STP, Trunking port on CISCO Switch
    o Configured NAT, routing, port security on CISCO Route

    • Client Internet Service Provider (ISP)
    • Location Moghbazar, Bangladesh
    • Device CISCO Nexus 3000, CISCO catalyst switch 2960
    • Date September, 2021

  • Ensuring Data Connectivity from Sophos Firewall to 4 locations

    Content

    I have completed data connectivity through GRE Tunneling for 4 location of a RMG company, where Core device was Sophos Firewall at Head Office and MikroTik router at Branch Office end and worked as Project Network Engineer during my job tenture at Aamra Networks Limited.

    Activities performed:
    o Configured GRE Tunnel in Sophos and Mikortik
    o Policy to access LAN to LAN
    o Route manipulation through route precedence
    o Data redundancy through tunneling

    • Client RMG Company
    • Location Gazipur, Bangladesh
    • Device Sophos XGS, MikroTik CCR 1009
    • Date July, 2023

  • Firewall Migration, Complete Setup (One of the biggest vehicle Manufacturer)

    Content

    I have completed Firewall Migration, logical setup at DR/DC data center for a vehicle manufacturer company and worked as Project Network Engineer during my job tenure at Aamra Networks Limited.

    Activities performed:
    o Configuring fresh firewall with existing features
    o Implanting SSL, IpSec Tunnel, Certificate
    o Blocking Malicious IP and Address policy based
    o User wise access list

    • Client One of the biggest vehicle Manufacturer
    • Location Devotech DC, MIEZ
    • Device FortiGate 300E, FortiGate 500E
    • Date June 2023
Blog

Latest Blog Posts

  • IT Security Awareness September 24, 2024

    Protect Yourself from WhatsApp and LinkedIn Scams: Essential Tips for IT Security Awareness

    Recently, there has been a surge in scams via WhatsApp and LinkedIn. Scammers, often from Africa and parts of South Asia, use random WhatsApp numbers to directly contact individuals, posing as HR representatives from reputable companies. These scammers mention seemingly legitimate company names, and victims can be deceived by calls or messages appearing to be from real people on WhatsApp.

     

    Stay Vigilant: Tips to Safeguard Yourself

     

    1. Verify the Identity: Always verify the identity of the person contacting you. Ask for a business email and cross-check it with the company’s domain.
    2. Check the Company’s Profile: Conduct a thorough search for the company’s profile to ensure its authenticity. Look for inconsistencies in the company name or contact details.
    3. Search on LinkedIn: Use LinkedIn to search for the company name or the caller/sender’s name in the company’s employee list to confirm if the person actually works there.
    4. Google Search: Utilize Google to search the name or full message content for any reported scams associated with the provided information.
    5. Do Not Share Personal Information: Remember, any information is valuable. Refrain from sharing your personal details with strangers. Validate each piece of information before responding.

     

     

    Calling All Businesses: Enhance Your Security with a Network Security Engineer

     

    In an increasingly sophisticated era of cyber threats, your business’s network security should never be an afterthought. Here’s how a Network Security Engineer can fortify your organization:

    1. Identify and Mitigate Threats: A network security engineer conducts thorough assessments to detect potential vulnerabilities, implementing robust solutions to safeguard your digital assets.
    2. Secure Remote Communication: Ensure that all remote communication channels, such as emails and messaging platforms, are secure and authenticated, reducing the risk of phishing and impersonation attacks.
    3. Implement Robust Security Protocols: From secure access control to data encryption and network segmentation, a network security engineer establishes comprehensive security measures tailored to your business needs.
    4. Employee Training and Awareness: Equip your team with the knowledge to recognize and respond to cyber threats, fostering a proactive security culture.

    Need a Network Security Expert? Let’s Secure Your Business Together!

    Are you concerned about your network security and looking for a dedicated professional to secure your business? Look no further! As a skilled Network Security Engineer with experience in designing, implementing, and maintaining secure network environments, I offer:

    1. Customized Network Security Solutions: Tailored strategies that align with your specific business requirements and industry standards.
    2. Proactive Threat Management: Continuous monitoring and rapid response to emerging threats to keep your business safe.
    3. Comprehensive Security Audits: Detailed assessments to identify and address vulnerabilities before they can be exploited.
    4. Ongoing Support and Maintenance: Regular updates, patches, and security reviews to ensure your network remains resilient against evolving threats.

    Ready to take your network security to the next level? Contact me today to discuss how I can help protect your business from cyber threats and ensure the integrity and confidentiality of your data. Together, we can build a secure and robust network environment that enables your business to thrive.

  • Network Design Networking Essentials September 24, 2024

    Crafting Effective Network Diagrams: A Comprehensive Questionnaire for Modern Organizations

    Creating a reliable and scalable network diagram is essential for any network security engineer. Understanding the organization’s unique business needs, current infrastructure, and future goals helps craft a tailored network design that enhances efficiency and security. In this post, I’ll share a questionnaire that not only guides network diagram creation but also helps identify key areas for improvement in any network setup.

     

    Organizational Overview: Setting the Foundation

    The first step to design an effective network is understanding the business context. The questions below are essential for getting to know the organization:

      1. What type of business does the company operate?

        Is it a data-driven organization, service-oriented, or a mix of both?

      2. How many employees or users are there?

        Knowing the scale of users helps define network load requirements.

      3. Where are the company’s branches located?

        This helps to determine if a WAN (Wide Area Network) or VPN setup is necessary.

      4. Is the company data-driven, service-focused, or both?

        Understanding their core business priorities helps in setting the network’s focus.

      5. Who are the key stakeholders, sponsors, and end-users?

        Knowing this helps prioritize network resources for critical users and decision-makers.

      6. What is the physical size of the main offices and branches?

        This can impact hardware placement and connectivity needs.

      7. Does the network support the business, is the network the business, or both?

        Determining the role of the network in business operations is vital for prioritization.

     

     

    Desired Network Characteristics & Capabilities

    Next, explore the network’s current state, its desired characteristics, and required capabilities:

      1. What is the current state of the network?

        This baseline helps to compare post-implementation performance.

      2. Are there existing network documents and consistent standards in use?

        Documentation shows what’s working and where improvements are needed.

      3. Do users need to connect remotely (from home)?

        Knowing this influences the design of remote access solutions.

      4. Will users primarily connect via wireless or wired connections?

        This shapes the design and hardware requirements.

      5. Is Voice over IP (VoIP) needed?

        Understanding telephony requirements ensures adequate bandwidth and QoS setup.

      6. Does the company want their own DNS or email server, or prefer Microsoft Office/GSuite?

        This determines if on-premise services are required or cloud solutions are preferred.

      7. Are ERP or EMS servers running within the network?

        These critical systems can influence network load balancing and redundancy planning.

      8. Is cloud computing required?

        Cloud needs impact bandwidth and integration with external services.

      9. What devices will users connect from?

        A device overview helps plan for compatibility, security, and support.

      10. What are the company’s security and redundancy needs?

        This helps define firewalls, failover setups, and other security measures.

      11. Will the entire network be centrally managed?

        A centrally managed network is easier to control but requires specific tools.

      12. Does the company require a public IP address block?

        This question determines the scope of external access.

      13. How much internet bandwidth does the company currently have?

        Existing bandwidth informs decisions about possible upgrades.

      14. Is the connection provided by the ISP static or dynamic?

        Understanding the type of internet connection affects configurations.

      15. Do they need content filtering and traffic control?

        This shapes the firewall and filtering rules for optimal network usage.

      16. Is priority given to information security or fast and uninterrupted internet usage?

        This dictates the balance between security measures and user experience.

      17. Is zero downtime critical for operations?

        This informs disaster recovery and high-availability requirements.

     

     

    Budget and Device Dependencies

    Lastly, it’s critical to consider budgetary constraints and any specific technology or vendor preferences:

    1. What is the budget for the network infrastructure?

      This dictates the level of hardware and services that can be procured.

    2. Are there any device/vendor dependencies?

      Preferred vendors might restrict or influence device choices.

    3. Will the company’s internal IT team manage the network, or will external providers handle it?

      This informs the design complexity and ongoing support model.

    By answering these essential questions, a network security engineer can build a highly customized network diagram that meets both the current and future needs of the organization. The design becomes more than just lines and nodes on a page—it transforms into a strategic blueprint that drives the business forward.

    This comprehensive questionnaire not only lays the groundwork for a successful network diagram but also strengthens communication with stakeholders and ensures alignment with business goals.

    Need help with network design or security solutions? Reach out, and let’s discuss how to secure and optimize your network for the future!

  • Microsoft Server Server September 14, 2024

    MCSA: Windows Server 2016 (70-740)

    “Installation Storage and Computers with Windows Server 2016”

    MCTS certification exam course offers you a brief overview of server-side OS, Virtualization, Active Directory, Domain Controller, DHCP, Implementing DNS, Implementing Group policies, AD sign-in process, solution for central and secured management of networking objects and other schemas.

    Many of us are using the Microsoft operating system — Windows 10/8/7. This is called Client OS. For connecting to the server, we will use Microsoft Windows Server, this is called Server OS.

    Why do we need to use this?

    Suppose, a company is using multiple data centers but these need to be managed centrally and securely. Here comes a directory solution among various solutions, which is Microsoft Active Directory Domain Services. If you want to use Microsoft Active Directory Domain Services, we will implement Active Directory service on Windows server.

    There are many Windows Server editions available, such as — Foundations, Essentials, Standard, Data Center.

    Server Hardware:

    3 types of hardware we can see:

    1. Tower Server
    2. Rack Server
    3. Blade Server
    Blade Server Chassis [Image source: wikipedia.com]

    Currently, the Blade server is used in many companies. Mainly, this server hardware has a chassis [ like a dish plate] where you can implement multiple server blades, where required CPU, ram, storage, network controller, and other things have already been built into it. So, it can supply power to multiple servers using one chassis. The cable can be managed easily and can be configured or replaced if any problem occurs.

    Active Directory:

    A directory service, which can manage all networking objects, users, groups, computers centrally and securely. AD actually stores the same windows server information, works as a central database of a Domain Controller.
    So, we can say, Active directory is a collection of services (Server Roles and Features) used to manage identity and access for and to resources on a network.

    Active Directory

    Domain Controller:

    Using Active Directory Domain Service [ AD DS], when we install an active directory on a windows server that is called Domain Controller.It authenticates users, stores user account information, and enforces security policy for a Windows domain.

    Active Directory Components:

    1. Partitions
    2. Schemas
    3. Domain
    4. Domain Trees
    5. Sites
    6. Organisational Units
    7. Forest
    8. Containers
    1. Domain Controller
    2. Global Catalog
    3. Data Stores
    4. RODCs [ Read-Only Domain Controller]

    Active Directory Datastores:

    In AD DS database file, which is formatted as ntds.dit. This stores AD data and manages the DC. Domain controllers host and replicate the directory service database inside the forest.

    For sharing folders, SYSVOL — system volume is a special directory in the Domain controller. The default location is %SYSTEMROOT%\SYSVOL\sysvol for the shared folder, It is the repository for all of the active directory files.

    AD has also a feature of multi-master replication. When we connect servers under one domain, we can get any files, information or changes happen in files from one server named SRV1 to another server SRV2 and vice versa, any data from SRV2 to SRV1.

    Active Directory Sign in process:

    Kerberos Authentication — It is the most secure authentication. Kerberos is the authentication protocol. KDC [Key Distribution Center] has two servers at least; KDC provides a secure session key and ticket according to the user’s request.

    1. Authenticating Server: At first the user from a computer will request a server to gain the file access. Login with the user ID and password. The encrypted password will pass to the Authenticating Server as key, to authenticate the user. After comparing the key, which is an encrypted password with the stored password. It will provide users with a ticket, Ticket Granting Ticket.
    2. Ticket Granting Server [TGS]: User’s ticket will route the Ticket Granting Server [TGS] where Authenticating Server has provided the ticket info to TGS as a key. Again, it will check the user ticket authentication with server one.
    3. File Server: After completing the authentication, TGS will provide a token to the user to request the file server. This token is almost like a movie ticket, with a movie ticket, we can watch a movie only for a specific time in a specific hall room. This token also works like this. This will let in the user for a specific period of time with the permitted files.
    4. Login: So lastly, the user token will route to the file server. File server also cross-checks the token information which it got from TGS and permits the user to log in.

    RODC and Bitlocker are also used for security purposes.

    Global Catalog:

    When we have multiple DC installed in one domain, we make a Domain Controller as a global catalog. A global catalog replicates the information of every object in a tree and forest. and user login will be ensured through the global catalog.
    By default, a global catalog is created automatically on the first domain controller in the forest, but any domain controller can be made into a global catalog.

    Organisational Units (OU):

    It is almost similar to a group. But we can apply the policy in OU. OU has users, computers. Delegate permission to administer a group of objects. Mainly created according to the company’s departments or hierarchical structure-wise.

    Groups:

    Distribution Group: This group is only for email communication and sharing files. But no permission can be given.

    Security Group: Here every user got a SID and security permission assigned to the group, then all users will get the access of files. Different roles can be assigned to users to permit them to do the specific task.

    Forest:

    A combination of one or multiple domains in a single hood is called forest.

    Domain — is the root of the single forest.

    Forest Example

    Operational Master Roles:

    There are certain functions that can be handled by only one domain controller at a time, Active Directory uses Flexible Single Master Operations (FSMO) roles, also known as operations master roles.

    FMSO role
    1. Domain Naming Master
    2. Schema Master
    1. RID master- Relative ID master
    2. PDC emulator — Primary Domain Controller emulator
    3. Infrastructure master

    Dynamic Host Configuration Protocol:

    In this topic you need to have a basic knowledge over IP address, MAC address, subnetting.

    Dynamic Host Configuration Protocol (DHCP) services automatically assign IP addresses and related parameters (including subnet mask and default gateway and length of the lease) so that a host can immediately communicate on an IP network when it starts.

    DHCP uses the DORA method to provide a user with an IP address.

    Discover — In this section, a DHCP client searches for a DHCP server by broadcast in the network.

    Offer — One DHCP server offers the DHCP client that it can provide the client IP address.

    Request — DHCP client receives that message and requests the server to provide the client with available IP.

    Acknowledge — DHCP server acknowledged the request and provided the IP to the client which is available at that time.

    Discover Offer Request Acknowledge [ DORA] method

    One IP address isn’t always available for that specific client. It routes client to client regarding the duration of usability of that IP address. In DHCP scope, we can set a valid range of available IP addresses to provide the client, lease to client computers on a particular subnet.

    Sometimes we can reserve some IP addresses in the DHCP database for higher authorities.

    Multiple DHCP servers can be implemented in servers, but each server must share a unique IP address. One DHCP server can have this range of IP, example— 192.168.10.0 to 192.168.10.254. Another one must have this — 192.168.11.0 to 192.168.11.254

    FQDN — Fully Qualified Domain Name structure

    When we have a server computer / host, which we add to a domain; then we get a domain name like this — Hostname.domain. This pattern is called Fully Qualified Domain Name [ FQDN]

    For the FQDN result.bist.com, the TCP/IP hostname is result and its domain is bist.com. The “result” is the part of netbios.

    That means in an address — the name we got before a dot [.] is the part of netbios.

    Domain Name System

    DNS or Domain Name System is like a phonebook on the internet. When we save a contact in our phone. We put a name over their mobile number and also have other information about them. So, like that, when we call — medium.com at the address bar. The DNS server translates the domain name to the IP address so browsers can load Internet resources.

    We can resolve hostnames to IP addresses, vice versa. It can locate global catalog and also if someone hits on the server for sending an email it locates the mail server to deliver the email.

    DNS Zone:

    Forward Lookup Zone: We call by hostname

    Reverse Lookup Zone: We call by IP address

    There are also many DNS records:

    1. Host records
    2. Mail records
    3. State of Authority
    4. Cname
    5. Mail Record

    Forest Functional Level

    In Active Directory, you can have domain controllers running different versions of Windows servers, such as Windows 2000, Windows Server 2003, or Windows Server 2008.
    The forest functional level depends on which Windows Server operating system versions are running on the domain controllers in that forest.
    You can add any DC only using the same Windows Server operating system version or above.

    Domain Functional Level

    In Domain Functional Level, it depends on which Windows Server operating system versions are running on the domain controllers in that domain.
    As a domain keeps under a forest. So, the Server OS version we used in forest, must use that version or above in the domain to install DC.

    Local Storage:

    1. ECSI
    2. SATA
    3. SCSI
    4. SAS
    5. SSD

    This device performance increased serially. The IOPM [ Input Output per Minute] is the performance measurement scale. SSD is the best because it reads very fast. Approx. 1.5 mio IOPM. Basically, choose your device according to applications read-write on the device.

    DAS — Direct Attached Storage — it is attached with the server and it can be configured very easily. But the performance got a little bit slower.

    DAS Storage [Image Source: petri.com]

    NAS — Network Attached Storage — There are multiple servers connected through IP within a network. It can easily share the files to the client PC.

    NAS Storage [Image Source: petri.com]

    SAN — Storage Area Network — This is the most reliable, faster storage. We can connect multiple servers in the SAN switch port with individual HBA [ Host Bus Adapter] for individual servers. To configure the SAN switch, HBA cards have WWID [ World Wide ID] to keep themselves unique. Without it we cannot share any resources. To ensure high performance, we use SAN storage to write high end applications faster.

    SAN Storage [Image Source: petri.com]

    Another way to restore the data if a single server goes down is “Redundant Array Independent Disk” [RAID].

    RAID is basically a data storage technology which combines multiple physical disks into one single logical unit to prevent data loss, improve data redundancy.
    RAID provides fault tolerance by using:

    1. Disk Mirroring
    2. Parity Information
    3. Increase performance benefits by spreading disk I/O across multiple disks
    4. It can be configured using several different levels
    5. It should not replace server backups

    A number of standard schemes have evolved. These are called levels. The RAID levels are:
    RAID 0 — This has 2 disks, which stores by stripe. Stripe means — One data fills in disk1, then the 2nd data will fill in the disk2. This is how it will store data on disks.
    RAID 1 — This mirrors the data of the both disk. Mirrors means — Copying the files in other disk. It copies very slowly
    RAID 5 — It also stores data by stripe but has a parity disk which mirrors the whole disk. It has 5 disks.
    RAID 6 — It also stores data by stripe but has two parity disks which mirror the whole disk. It has 6 disks.
    RAID 0 + 1 — It is widely used and gives high performance. It is a combination of RAID 0 and RAID 1 disks. Data is stored by stripe. The same data gets mirrored in other disks. So there is less risk of losing data.

    Bridge Head Server — AD sites and services

    Sites are associated with IP subnets ;

    1. Used to manage replication traffic
    2. Used to manage client logon traffic
    3. Used to assign group policy objects to all users and computers in a company location.

    AD sites represent the location of DCs in a single server. AD sites and services provide the benefits of managing organizations that have branches in different locations, but fall under the same forest.

    A bridghead used for the replication within multiple DCs in a single sites. It also helps to control the data replication from one server to another.

    Suppose, there are 3 data centers of a company which are located in different locations. The 3 sites has multiple Domain Controller, As AD has multimaster replication features so all data will replicate within each site’s DC to another sites. To make it easier, we can set a DC as a BridgeHead server from a single server. So that data only replicates via server head to server head, not all site’s DC at a time. Then it will replicate within the site’s Domain Controller.

    Group Policy:

    Group Policy is one of the most powerful features of Active Directory that controls the working environment for user accounts and computer accounts.
    Group Policy provides centralized management and configuration of operating systems, applications, and user settings in an Active Directory environment.

    Group Policy Object is the set of Group Policy Setting. Group Policy setting is the implementation of a single specific user, windows, computer policy to prevent data breach, solidify the security, imposing rules.

    Group policy splits in two ways:

    Group Policy Containers — In this section this keeps the updated record of the policy, the Policy Version.

    Group Policy Template — here we can get the location of registry‑based policy settings and also group policy settings.

    In this blog you will get an overview of the course, not get 100% topic coverage. Please do googling with the topic names and watch YouTube videos regarding the topics if you got puzzled.
    #HappyLearning #ShareOpportunities

Contact

I Want to Hear from You

  • Address

    Banasree, Dhaka - 1219

  • Email

    samselarifinchowdhury@gmail.com

  • Phone

    +880 1521428553

  • LinkedIn

    https://www.linkedin.com/in/MdSamsel/

    Copyright © 2024 Md. Samsel Arifin Chowdhury. All rights reserved.

    To Top