Compare commits
33 commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 2b722eb637 | |||
| aba2759415 | |||
| 59aec5dff5 | |||
| 885f6ff3ca | |||
| 6bff81a2e0 | |||
| 725d2a1e95 | |||
| f3532b7175 | |||
| b86302b01d | |||
| c2d298bb6d | |||
| 6a63c2b81e | |||
| d39bcfddb5 | |||
| b3abc45752 | |||
| 4fdbec2800 | |||
| 40a8fb0234 | |||
| 9130b1c1b8 | |||
| 92eec31f81 | |||
| f44c3c8fa5 | |||
| 52c3fc3d56 | |||
| f477975d3a | |||
| 99430d7494 | |||
| 21a62aa558 | |||
| f0a81f19a8 | |||
| 4ff0176bf6 | |||
| 36473e994c | |||
| a569339a1e | |||
| 9482989028 | |||
| f73b2447bd | |||
| c7779d8013 | |||
| c1668ab671 | |||
| c8c68df16b | |||
| f4311dcd69 | |||
| 9dc0925912 | |||
| ee2b0340b7 |
BIN
.DS_Store
vendored
BIN
docs/.DS_Store
vendored
BIN
docs/assets/ hg8245h-01.png
Normal file
|
After Width: | Height: | Size: 155 KiB |
|
Before Width: | Height: | Size: 31 KiB |
BIN
docs/assets/7040-01.png
Normal file
|
After Width: | Height: | Size: 518 KiB |
|
Before Width: | Height: | Size: 48 KiB |
BIN
docs/assets/balena-etcher.png
Normal file
|
After Width: | Height: | Size: 29 KiB |
BIN
docs/assets/dell-prox-01.png
Normal file
|
After Width: | Height: | Size: 175 KiB |
|
Before Width: | Height: | Size: 75 KiB |
BIN
docs/assets/dell-prox-02.png
Normal file
|
After Width: | Height: | Size: 55 KiB |
|
Before Width: | Height: | Size: 26 KiB |
BIN
docs/assets/dell-prox-03.png
Normal file
|
After Width: | Height: | Size: 49 KiB |
|
Before Width: | Height: | Size: 22 KiB |
BIN
docs/assets/dell-prox-04.png
Normal file
|
After Width: | Height: | Size: 48 KiB |
|
Before Width: | Height: | Size: 22 KiB |
BIN
docs/assets/dell-prox-05.png
Normal file
|
After Width: | Height: | Size: 51 KiB |
|
Before Width: | Height: | Size: 24 KiB |
BIN
docs/assets/dell-prox-06.png
Normal file
|
After Width: | Height: | Size: 79 KiB |
|
Before Width: | Height: | Size: 32 KiB |
BIN
docs/assets/dell-prox-07.png
Normal file
|
After Width: | Height: | Size: 69 KiB |
|
Before Width: | Height: | Size: 26 KiB |
BIN
docs/assets/dell-prox-08.png
Normal file
|
After Width: | Height: | Size: 62 KiB |
|
Before Width: | Height: | Size: 22 KiB |
BIN
docs/assets/dell-prox-09.png
Normal file
|
After Width: | Height: | Size: 61 KiB |
|
Before Width: | Height: | Size: 22 KiB |
BIN
docs/assets/hg8245h-00.png
Normal file
|
After Width: | Height: | Size: 537 KiB |
|
Before Width: | Height: | Size: 53 KiB |
BIN
docs/assets/hg8245h-02.png
Normal file
|
After Width: | Height: | Size: 161 KiB |
|
Before Width: | Height: | Size: 73 KiB |
BIN
docs/assets/hg8245h-03.png
Normal file
|
After Width: | Height: | Size: 61 KiB |
|
Before Width: | Height: | Size: 37 KiB |
BIN
docs/assets/hg8245h-04.png
Normal file
|
After Width: | Height: | Size: 71 KiB |
|
Before Width: | Height: | Size: 34 KiB |
|
Before Width: | Height: | Size: 87 KiB |
BIN
docs/assets/hp-prox-01.png
Normal file
|
After Width: | Height: | Size: 204 KiB |
|
Before Width: | Height: | Size: 73 KiB |
BIN
docs/assets/hp-prox-02.png
Normal file
|
After Width: | Height: | Size: 113 KiB |
|
Before Width: | Height: | Size: 57 KiB |
BIN
docs/assets/hp-prox-03.png
Normal file
|
After Width: | Height: | Size: 55 KiB |
|
Before Width: | Height: | Size: 25 KiB |
BIN
docs/assets/hp-prox-04.png
Normal file
|
After Width: | Height: | Size: 59 KiB |
|
Before Width: | Height: | Size: 28 KiB |
BIN
docs/assets/hp290-01.png
Normal file
|
After Width: | Height: | Size: 531 KiB |
|
Before Width: | Height: | Size: 66 KiB |
BIN
docs/assets/hp290-02.png
Normal file
|
After Width: | Height: | Size: 607 KiB |
|
Before Width: | Height: | Size: 77 KiB |
BIN
docs/assets/hp290-03.png
Normal file
|
After Width: | Height: | Size: 565 KiB |
|
Before Width: | Height: | Size: 60 KiB |
|
Before Width: | Height: | Size: 56 KiB |
BIN
docs/assets/pihole_logo.png
Normal file
|
After Width: | Height: | Size: 27 KiB |
BIN
docs/assets/proxmox-01.png
Normal file
|
After Width: | Height: | Size: 77 KiB |
|
Before Width: | Height: | Size: 26 KiB |
BIN
docs/assets/proxmox-02.png
Normal file
|
After Width: | Height: | Size: 216 KiB |
|
Before Width: | Height: | Size: 127 KiB |
BIN
docs/assets/proxmox-03.png
Normal file
|
After Width: | Height: | Size: 181 KiB |
|
Before Width: | Height: | Size: 81 KiB |
BIN
docs/assets/proxmox-04.png
Normal file
|
After Width: | Height: | Size: 180 KiB |
|
Before Width: | Height: | Size: 74 KiB |
BIN
docs/assets/proxmox-05.png
Normal file
|
After Width: | Height: | Size: 177 KiB |
|
Before Width: | Height: | Size: 78 KiB |
BIN
docs/assets/proxmox-06.png
Normal file
|
After Width: | Height: | Size: 189 KiB |
|
Before Width: | Height: | Size: 79 KiB |
BIN
docs/assets/proxmox-07.png
Normal file
|
After Width: | Height: | Size: 185 KiB |
|
Before Width: | Height: | Size: 81 KiB |
BIN
docs/assets/proxmox-08.png
Normal file
|
After Width: | Height: | Size: 176 KiB |
|
Before Width: | Height: | Size: 64 KiB |
BIN
docs/assets/rs816-01.png
Normal file
|
After Width: | Height: | Size: 107 KiB |
|
Before Width: | Height: | Size: 46 KiB |
BIN
docs/assets/rs816.png
Normal file
|
After Width: | Height: | Size: 577 KiB |
|
Before Width: | Height: | Size: 63 KiB |
BIN
docs/assets/traefik_logo.png
Normal file
|
After Width: | Height: | Size: 258 KiB |
|
Before Width: | Height: | Size: 134 KiB |
|
|
@ -1,7 +1,7 @@
|
|||
# HP 290 G1 MT
|
||||
The HP 290 G1 system was acquired by Kh3group in the past, earlier than 2020. The system has been repurposed and is currently serving as the Kh3 office firewall. A PCIe 4-port gigabit Ethernet adapter has been installed, providing a total of 5 network interfaces for the firewall.
|
||||
|
||||

|
||||

|
||||
|
||||
## Specifications
|
||||
|
||||
|
|
@ -13,19 +13,19 @@ The HP 290 G1 system was acquired by Kh3group in the past, earlier than 2020. Th
|
|||
### Proxmox VE
|
||||
Proxmox VE 7.2-1, a virtualization management solution, has been installed on the HP 290 G1. It provides an easy-to-use web interface for managing virtual machines and containers.
|
||||
|
||||

|
||||

|
||||
|
||||
The following virtual machines and containers are currently running on the Proxmox VE host:
|
||||
|
||||
#### pfSense Virtual Machine
|
||||
A pfSense virtual machine acts as the firewall for the Kh3 office network. It has been configured using hardware passthrough to link the Ethernet adapter to the pfSense VM. This allows for better network performance and provides more control over the firewall configuration.
|
||||
|
||||

|
||||

|
||||
|
||||
#### Debian 11 LXC Container
|
||||
A Debian 11 LXC container also runs on the Proxmox host with Docker installed. The container runs a Pi-hole container and a Cloudflare Tunnel container. Pi-hole serves as the local DNS and ad-blocker for the Kh3 office network. The Cloudflare Tunnel container provides secure access to the internal services running on the Kh3 office network.
|
||||
|
||||

|
||||

|
||||
|
||||
## Upgrade Path and Future Plans
|
||||
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# Dell Optiplex 7040 SFF
|
||||
The Dell Optiplex was acquired in September 2022 to expand KH3's server infrastructure and host additional services. Proxmox VE 7.2-1 is installed on the system, which in turn supports three Windows Server 2016 virtual machines. One VM serves as an active directory domain controller, another runs SQL Server 2016, and the third runs SharePoint Server 2019. Additionally, a Debian LXC container runs on the Proxmox host, with Docker installed to support a variety of additional services containers.
|
||||
|
||||
|  |
|
||||
|  |
|
||||
| :-: |
|
||||
|
||||
|
||||
|
|
@ -15,15 +15,15 @@ The Dell Optiplex was acquired in September 2022 to expand KH3's server infrastr
|
|||
## Proxmox VE
|
||||
Proxmox VE 7.2-1, a virtualization management solution, has been installed on the Dell Optiplex 7040. It provides an easy-to-use web interface for managing virtual machines and containers.
|
||||
|
||||
|  |
|
||||
|  |
|
||||
| :--: |
|
||||
| Promox Web Management Dashboard - Dell Optiplex 7040 |
|
||||
|
||||
|
||||
|  |  |
|
||||
|  |  |
|
||||
| :--: | :--: |
|
||||
| Storage - DIR01 | Storage - local |
|
||||
|  | |
|
||||
|  | |
|
||||
| Storage - local-lvm | Storage - network-backup-syn |
|
||||
|
||||
|
||||
|
|
@ -32,7 +32,7 @@ The following virtual machines and containers are currently running on the Proxm
|
|||
### Windows Server 2016 - AD Domain Controller (dc01)
|
||||
This server is responsible for authenticating users, computers, and other resources primarily to the Document Management System (DMS). It provides a centralized database of user accounts (kh3 users), passwords, and security information that enables users to log in to a domain and access resources across the network, namely the DMS.
|
||||
|
||||
|  |
|
||||
|  |
|
||||
| :--: |
|
||||
| Proxmox Content Panel for Windows Server Guest dc01 |
|
||||
|
||||
|
|
@ -40,7 +40,7 @@ This server is responsible for authenticating users, computers, and other resour
|
|||
### Windows Server 2016 - SQL Server 2016 (db01)
|
||||
SQL Server is a relational database management system (RDBMS) developed by Microsoft. This server is used primarily to store and retrieve data as requested by SharePoint Server 2019 (Document Management System). All data housed in the DMS in stored here
|
||||
|
||||
|  |
|
||||
|  |
|
||||
| :--: |
|
||||
| Proxmox Content Panel for Windows Server Guest db01 |
|
||||
|
||||
|
|
@ -48,7 +48,7 @@ SQL Server is a relational database management system (RDBMS) developed by Micro
|
|||
### Windows Server 2016 - SharePoint Server 2019
|
||||
SharePoint Server 2019 is a collaboration and document management platform developed by Microsoft. It provides a set of tools and services that enable teams to create, share, and manage documents, websites, and other digital content. SharePoint provides the platform for KH3's Document Management System
|
||||
|
||||
|  |
|
||||
|  |
|
||||
| :--: |
|
||||
| Proxmox Content Panel for Windows Server Guest sp01 |
|
||||
|
||||
|
|
@ -56,6 +56,6 @@ SharePoint Server 2019 is a collaboration and document management platform devel
|
|||
### Debian 11 LXC Container
|
||||
A Debian 11 LXC container also runs on the Proxmox host with Docker installed. The container runs a Pi-hole container and a Cloudflare Tunnel container. Pi-hole serves as the local DNS and ad-blocker for the Kh3 office network. The Cloudflare Tunnel container provides secure access to the internal services running on the Kh3 office network.
|
||||
|
||||
|  |
|
||||
|  |
|
||||
| :--: |
|
||||
| Proxmox Content Panel for Debian 11 LXC Container proxy |
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# Synology RS816
|
||||
The Synology RackStation RS816 is a 4-bay rackmount Network Attached Storage device, that was acquired by the KH3 before 2020. Currently it used to store and synchronize design files and backup data from employees that have left the KH3.
|
||||
|
||||

|
||||

|
||||
|
||||
## Device Information
|
||||
The Synology NAS runs on DSM 7.0-41890, which is the operating system for Synology's NAS devices.
|
||||
|
|
@ -16,7 +16,7 @@ Below is a summary of additional information about the device
|
|||
| RAM | 1GB |
|
||||
| Capacity | 3.6TB |
|
||||
|
||||

|
||||

|
||||
|
||||
|
||||
## Configuration
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# KH3 Hardware Infrastructure
|
||||
# Device List
|
||||
|
||||
_List of current hardware on network that includes network equipment, computers and configuration details._
|
||||
|
||||
|
|
@ -7,9 +7,9 @@ _List of current hardware on network that includes network equipment, computers
|
|||
### Computers and Servers
|
||||
| Device Name | CPU | RAM | OS | Hostname |
|
||||
| ------------------------------------- | -------------------------- | --------- | ------------------------ | -------- |
|
||||
| [HP 290 G1 MT ](computers/290-g1.md) | i3-7100 | 8GB DDR4 | Debian 11(Proxmox 7.2-1) | pve01 |
|
||||
| [Dell OptiPlex 7040](computers/optiplex-7040.md)| i7-6700 | 32GB DDR4 | Debian 11(Proxmox 7.2-1) | pve02 |
|
||||
| [Synology NAS RS816](computers/rs816.md) | MARVELL Armada 385 88F6820 | 1GB DDR3 | Synology DSM7 | kh3-fsrv |
|
||||
| [HP 290 G1 MT ](hp-290-g1.md) | i3-7100 | 8GB DDR4 | Debian 11(Proxmox 7.2-1) | pve01 |
|
||||
| [Dell OptiPlex 7040](optiplex-7040.md)| i7-6700 | 32GB DDR4 | Debian 11(Proxmox 7.2-1) | pve02 |
|
||||
| [Synology NAS RS816](synology-nas.md) | MARVELL Armada 385 88F6820 | 1GB DDR3 | Synology DSM7 | kh3-fsrv |
|
||||
|
||||
## Network Devices
|
||||
|
||||
|
|
@ -19,10 +19,12 @@ _List of current hardware on network that includes network equipment, computers
|
|||
| ---------------------------------------- | ------------------ | -------------- | -------- |
|
||||
| [Cisco SF300-24P](switch.md) | 24-Port 10/100 PoE | Managed Switch | Change |
|
||||
|
||||
### Routers
|
||||
### Router Details
|
||||
|
||||
| Device Name | Firewall | DHCP | Mode |
|
||||
| ------------------- | -------- | ---- | --------- |
|
||||
| [Synology-RT2600ac](network/rt2600ac.md) | No | No | AP |
|
||||
| [Huawei-HG8245H](network/hg8245h.md) | No | Yes | ADSL |
|
||||
| [Huawei-HG8245W5-8T](network/hg8245w5.md) | No | No | ADSL |
|
||||
| Synology-RT2600ac | No | No | AP |
|
||||
| Huawei-HG8245H | No | Yes | ADSL |
|
||||
| Huawei-HG8245W5-8T | No | No | ADSL |
|
||||
|
||||
## Images
|
||||
|
|
@ -2,22 +2,15 @@
|
|||
The Huawei EchoLife HG8245H is a routing-type Optical Network Terminal (ONT) in the Huawei all-optical access solution. It uses the GPON technology to implement ultra-broadband access for users.
|
||||
The device was supplied by Kh3's primary Internet Service Provider, Vodafone and provides highspeed fiber broadband to the KH3 office. This device served as KH3's primary wireless, however it did not funtion optimally as a wireless router and resulted in poor internet browsing experience for kh3 users.
|
||||
|
||||
|  |
|
||||
| :--: |
|
||||
| Huawei EchoLife HG8245H router |
|
||||
<img width="100%" src="../../assets/hg8245h-00.png" style="margin:0 auto" />
|
||||
|
||||
Currently the device no longer acts as a wireless router but its is still responsible for bringing
|
||||
in internet from vodafone, the wirless Access Point functionality is handeled by a different device (Synology RT2600AC).
|
||||
|
||||
|  |
|
||||
| :--: |
|
||||
| HG8245H Login |
|
||||
in internet from vodafone, the wirless Access Point functionality is handeled by a different device (Synology RT2600AC).
|
||||

|
||||
|
||||
## Device Information
|
||||
Below is a screenshot for the managment web interface page of the device, showing all device related information
|
||||
|  |
|
||||
| :--: |
|
||||
| Huawei Device Information Page |
|
||||
![]()
|
||||
|
||||
## LAN Host Configuration
|
||||
|
||||
|
|
|
|||
|
|
@ -1,49 +1,2 @@
|
|||
# Network Overview
|
||||
KH3 Group’s network infrastructure is composed of a variety of devices designed to provide reliable and high-speed internet connectivity, manage traffic efficiently, and ensure secure networking. The network devices include both routing and switching equipment sourced from trusted vendors, adapted to meet KH3’s specific needs for internet access and internal network management.
|
||||
|
||||
The key devices in the network infrastructure are:
|
||||
|
||||
1. **Huawei EchoLife HG8245H** - A routing-type Optical Network Terminal (ONT) provided by Vodafone as part of KH3's primary fiber broadband service. Despite its role in delivering high-speed fiber broadband, its performance as a wireless router was suboptimal, leading to a poor internet browsing experience for KH3 users.
|
||||
|
||||
2. **Huawei EchoLife H8245W5-8T** - Another ONT device using GPON technology, supplied by MTN as part of their fiber broadband service in 2021. It provides 4 GE ports, 2 POTS ports, 1 USB port, and both 2.4GHz and 5GHz WiFi, serving as a key component of KH3’s network setup.
|
||||
|
||||
3. **Synology RT2600ac** - A high-performance WiFi router powered by a dual-core 1.7GHz processor. It supports both 2.4GHz and 5GHz radios and offers WAN aggregation, failover capabilities, and Layer 7 traffic control, all managed through Synology’s user-friendly DSM interface.
|
||||
|
||||
4. **Cisco Small Business Ethernet Switch** - A 24-port Fast Ethernet switch that provides advanced security features and network management capabilities. Part of Cisco’s Small Business line, this switch is designed to handle the demands of data, voice, security, and wireless technologies, making it an essential part of KH3’s internal networking.
|
||||
|
||||
Together, these devices form the backbone of KH3’s network, enabling high-speed internet access, seamless connectivity, and robust network management.
|
||||
|
||||

|
||||
|
||||
## Huawei EchoLife HG8245H
|
||||
The Huawei EchoLife HG8245H is a routing-type Optical Network Terminal (ONT) in the Huawei all-optical access solution. It uses the GPON technology to implement ultra-broadband access for users.
|
||||
The device was supplied by Kh3's primary Internet Service Provider, Vodafone and provides highspeed fiber broadband to the KH3 office. This device served as KH3's primary wireless, however it did not funtion optimally as a wireless router and resulted in poor internet browsing experience for kh3 users.
|
||||
|
||||
|  |
|
||||
| :--: |
|
||||
| Huawei EchoLife HG8245H router |
|
||||
|
||||
Currently the device no longer acts as a wireless router but its is still responsible for bringing
|
||||
in internet from vodafone, the wirless Access Point functionality is handeled by a different device (Synology RT2600AC).
|
||||
|
||||
|  |
|
||||
| :--: |
|
||||
| HG8245H Login |
|
||||
|
||||
### Device Information
|
||||
Below is a screenshot for the managment web interface page of the device, showing all device related information
|
||||
|  |
|
||||
| :--: |
|
||||
| Huawei Device Information Page |
|
||||
|
||||
## Huawei EchoLife HG8245W5-8T
|
||||
The Hauwei EchoLife H8245W5-8T is a routing-type Optical Network Terminal (ONT). It uses the GPON technology to implement ultra-broadband access for users.
|
||||
It provides 4 GE ports, 2 POTS ports, 1 USB port and 2.4G & 5G WiFi ports.
|
||||
|
||||
KH3 subscribed to MTN's fiber broadband service in early 2021 and the device was supplied a part of the service bundle by MTN.
|
||||
|
||||
## Synology RT2600ac
|
||||
The Synology RT2600ac is a wifi router that brings together a comprehensive selection of wireless protocols and features with a management interface based on Synology’s DSM operating system. Powered by a dual-core 1.7Ghz processor, the RT2600ac incorporates 2.4GHz and 5GHz radios and offers WAN aggregation, WAN failover, and hardware-assisted Layer 7 traffic control.
|
||||
|
||||
## Cisco SF300-24P
|
||||
Part of the Cisco Small Business line of network solutions, is a fixed-configuration managed Ethernet switch. It has 24 ports of Fast Ethernet connectivityIt supports advanced security management capabilities and network features for data, voice, security, and wireless technologies. It is simple to deploy and configure.
|
||||

|
||||
|
|
@ -1,60 +0,0 @@
|
|||
# Servers Overview
|
||||
KH3 Group's server infrastructure is built using a combination of repurposed desktop systems and dedicated network storage devices to meet the organization’s evolving needs. These systems, though originally designed for different purposes, have been strategically adapted to provide essential services, ensuring both flexibility and cost-efficiency in IT operations.
|
||||
|
||||
The servers support a variety of critical functions, from network security to hosting enterprise applications and managing data storage. Leveraging virtualization technologies, they maximize resource utilization, allowing for the deployment of multiple virtual machines and services on a single physical system.
|
||||
|
||||
KH3’s infrastructure is centered around three main components:
|
||||
|
||||
1. **HP 290 G1** - Repurposed as the office firewall, with an enhanced network interface configuration to manage and secure internal and external traffic.
|
||||
2. **Dell Optiplex 7040** - Serving as a core virtualized host, running Proxmox to deliver essential services like Active Directory, SQL Server, and SharePoint, while also supporting containerized applications.
|
||||
3. **Synology RackStation RS816** - Acting as the primary storage device, this NAS handles both file synchronization and data backup, ensuring the security of critical organizational data.
|
||||
|
||||
Each of these systems plays a vital role in KH3 Group’s operations, providing the necessary infrastructure for secure, reliable, and scalable IT services.
|
||||
|
||||
|
||||
|
||||
## HP 290 G1 MT
|
||||
The HP 290 G1 system was acquired by Kh3group in the past, earlier than 2020. The system has been repurposed and is currently serving as the Kh3 office firewall. A PCIe 4-port gigabit Ethernet adapter has been installed, providing a total of 5 network interfaces for the firewall.
|
||||
|
||||

|
||||
|
||||
### Specifications
|
||||
|
||||
| CPU | RAM | Storage | OS | Hostname |
|
||||
| -------------- | --- | --------- | --------------------------- | -------- |
|
||||
| Intel i3-7100 | 8GB | 500GB HDD | Debian 11 (Promox VE 7.2-1) | pve02 |
|
||||
|
||||
|
||||
## Dell Optiplex 7040 SFF
|
||||
The Dell Optiplex was acquired in September 2022 to expand KH3's server infrastructure and host additional services. Proxmox VE 7.2-1 is installed on the system, which in turn supports three Windows Server 2016 virtual machines. One VM serves as an active directory domain controller, another runs SQL Server 2016, and the third runs SharePoint Server 2019. Additionally, a Debian LXC container runs on the Proxmox host, with Docker installed to support a variety of additional services containers.
|
||||
|
||||
|  |
|
||||
| :-: |
|
||||
|
||||
|
||||
### Specifications
|
||||
|
||||
| CPU | RAM | Storage | OS | Hostname |
|
||||
| -------------- | ---- | ---------------------------- | --------------------------- | -------- |
|
||||
| Intel i7-6700 | 32GB | 1TB M.2 SATA SSD / 500GB SSD | Debian 11 (Promox VE 7.2-1) | pve02 |
|
||||
|
||||
|
||||
## Synology RS816
|
||||
The Synology RackStation RS816 is a 4-bay rackmount Network Attached Storage device, that was acquired by the KH3 before 2020. Currently it used to store and synchronize design files and backup data from employees that have left the KH3.
|
||||
|
||||

|
||||
|
||||
### Device Information
|
||||
The Synology NAS runs on DSM 7.0-41890, which is the operating system for Synology's NAS devices.
|
||||
Below is a summary of additional information about the device
|
||||
|
||||
| Specification | Value |
|
||||
| ------------------ | --------------------------- |
|
||||
| Server Name | kh3-fileserver |
|
||||
| OS | DSM 7.0-41890 |
|
||||
| Model | RS816 |
|
||||
| CPU | MARVELL Armada 385 88F6820 |
|
||||
| RAM | 1GB |
|
||||
| Capacity | 3.6TB |
|
||||
|
||||

|
||||
44
docs/how-to-guides/How-to-add-devices-to-a-network.md
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
# How to add a user’s device to a network
|
||||
In order to add a device to the network you would need to use the device’s MAC address
|
||||
The process for find the MAC addresss differs between the various operating systems.
|
||||
|
||||
|
||||
## How to find the Mac address for the various Operating systems
|
||||
### Finding your Mac address - IOS
|
||||
1. Open the Settings app
|
||||
2. Select General
|
||||
3. Select About
|
||||
4. Scroll down and note Wi-Fi Address
|
||||
5. The Wi-Fi address is your Mac address
|
||||
|
||||
### Finding your Mac address - Android
|
||||
1. Open the Settings App
|
||||
2. Select Wi-Fi
|
||||
3. Select the Menu icon and choose Advanced
|
||||
4. Note the MAC address
|
||||
|
||||
### Finding your Mac address - Mac
|
||||
1. Open System Preferences from the Apple menu
|
||||
2. Select Network
|
||||
3. Select Airport from the sidebar, then Advanced
|
||||
4. Select the Airport tab, note the Airport ID
|
||||
5. The Airport ID is your Mac address
|
||||
|
||||
### Finding your Mac address - Windows
|
||||
1. Hold down the Windows key and 'R' simultaneously
|
||||
2. Enter cmd.exe
|
||||
3. Enter ipconfig/all
|
||||
4. Scroll up to find the Wireless LAN adapter section
|
||||
5. Note the Physical Address
|
||||
6. The Physical Address is your Mac address
|
||||
|
||||
### How to connect using the Mac address
|
||||
1. Obtain the MAC Address: Locate the MAC address of the device you want to add to the network. You can usually find it in the device's network settings or on a label/sticker on the device itself.
|
||||
2. Access the Router's Web Interface: Open a web browser on a device that is already connected to the Synology router's network. Enter the router's IP address (e.g., 192.168.1.1) in the address bar and press Enter to access the router's web Interface
|
||||
3. Login to the Router: Enter your administrator username and password to log in to the router's web interface. If you haven't changed the default credentials, check the router or its user manual for the default login information.
|
||||
4. Navigate to MAC Filter Settings: Once logged in, locate the "MAC Filter" or "Wireless MAC Filter" option. It is typically found under the "Wireless" or "Network" settings section, but the exact location may vary depending on your router model and firmware version.
|
||||
5. Add Device to MAC Filter: In the MAC filter settings, look for an option to add a new MAC address or device. Enter the MAC address of the device you want to add to the network. Specify the appropriate filtering mode (e.g., allow or deny) for the device's MAC address.
|
||||
6. Save the Settings: Once you have added the device's MAC address to the MAC filter list and specified the filtering mode, click on the "Save" or "Apply" button to save the MAC filter settings.
|
||||
7. Connect the Device: Connect the device you want to add to the network to the Synology router. Use an Ethernet cable or connect to the router's wireless network, depending on the device's capabilities.
|
||||
8. Verify Network Connectivity: Once connected, check if the device has successfully obtained an IP address from the router and can access the internet or other devices on the network. Ensure that the device is functioning properly on the network.
|
||||
9. Test the Connection: Test the network connection on the added device to ensure it can access the internet and other network resources as intended. Verify that the device can communicate with other devices on the network.
|
||||
20
docs/how-to-guides/Mac Filter.md
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
### Create MAC filter rules
|
||||
1. Go to Wi-Fi Connect > Wi-Fi Settings > MAC Filter.
|
||||
2. Click the Create button.
|
||||
3. Enter the MAC filter name and select an access policy:
|
||||
* Deny: Restricts the specified MAC address from accessing the wireless network.
|
||||
* Allow: Restricts all access to the wireless network except for the specified MAC address.
|
||||
4. To add devices to your MAC filter, select a connected device or manually specify a device name and MAC address.
|
||||
5. Determine whether to Automatically apply this filter to all Wi-Fi names.
|
||||
6. Confirm your settings and click Apply.
|
||||
|
||||
### Edit the system block list
|
||||
1. Go to Wi-Fi Connect > Wi-Fi Settings > MAC Filter.
|
||||
2. Click on System Block List.
|
||||
3. Edit the device list:
|
||||
* Add a device to the list: Select a connected device or manually specify a device name and MAC address.
|
||||
* Remove a device from the list: Click the x under the Delete column.
|
||||
4. Click OK to save the settings.
|
||||
|
||||
|
||||
|
||||
36
docs/how-to-guides/email filters.md
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
# Create rules to filter your emails
|
||||
On your computer, you can manage your incoming mail using Gmail’s filters to send email to a label, or archive, delete, star, or automatically forward your mail.
|
||||
|
||||
## Create a filter
|
||||
1. Open Gmail.
|
||||
2. In the search box at the top, click Show search options
|
||||
3. Enter your search criteria. If you want to check that your search worked correctly, see what emails show up by clicking Search.
|
||||
4. At the bottom of the search window, click Create filter.
|
||||
5. Choose what you’d like the filter to do.
|
||||
6. Click Create filter.
|
||||
Note: When you create a filter to forward messages, only new messages will be affected. Additionally, when someone replies to a message you've filtered, the reply will only be filtered if it meets the same search criteria.
|
||||
|
||||
## Use a particular message to create a filter
|
||||
1. Open Gmail.
|
||||
2. Check the checkbox next to the email you want.
|
||||
3. Click More
|
||||
4. Click Filter messages like these.
|
||||
5. Enter your filter criteria.
|
||||
6. Click Create filter.
|
||||
|
||||
## Edit or delete filters
|
||||
1. Open Gmail.
|
||||
2. At the top right, click Settings
|
||||
3. See all settings.
|
||||
4. Click Filters and Blocked Addresses.
|
||||
5. Find the filter you'd like to change.
|
||||
6. Click Edit or Delete to remove the filter. If you’re editing the filter, click Continue when you’re done editing.
|
||||
7. Click Update filter or OK
|
||||
|
||||
## Export or import filters
|
||||
If you have a backup of your filters, you can import the filters in Gmail. You can also export your filters.
|
||||
1. Open Gmail.
|
||||
2. At the top right, click Settings
|
||||
3. See all settings.
|
||||
4. Click Filters and Blocked Addresses.
|
||||
5. Check the box next to the filter.
|
||||
|
|
@ -1,34 +1,16 @@
|
|||
# IT Infrastructure Documentation
|
||||
|
||||
### Purpose of Documentation
|
||||
# Introduction
|
||||
|
||||
The purpose of this documentation is to ensure that all aspects of KH3 Group's IT infrastructure are thoroughly documented to support business continuity and streamline operations.
|
||||
The purpose of this documentation is to ensure that all the IT infrastructure is properly documented for reference and business continuation.
|
||||
|
||||
In June 2020, it was discovered that many systems required password resets due to a lack of documentation. This gap led to disruptions and inefficiencies. To prevent similar issues in the future, this documentation initiative will create a comprehensive record of system configurations, credentials, and other critical IT details.
|
||||
In June of 2020, it was discovered that many systems required password resets because most of them were not documented. This lack of documentation caused inconvenience and disruptions. To avoid such issues in the future, this documentation effort aims to provide a comprehensive record of the IT infrastructure, including system configurations and credentials.
|
||||
|
||||
### Background
|
||||
An IT roadmap was developed in early 2020, which serves as a guiding framework for KH3's technological direction. This documentation will align with the roadmap to ensure consistency and enable efficient management of the IT infrastructure.
|
||||
|
||||
In early 2020, an IT roadmap was established to guide KH3 Group's technological strategy and growth. This documentation will align with the roadmap, ensuring a consistent and structured approach to managing the IT environment.
|
||||
By documenting the infrastructure, we can establish a reliable source of information for troubleshooting, maintenance, and future planning. It will also facilitate the onboarding process for new team members and help ensure the smooth continuity of business operations.
|
||||
|
||||
### Benefits
|
||||
This documentation will cover various aspects of the IT infrastructure, including network architecture, hardware configurations, software applications, security protocols, and any other relevant information. It will serve as a valuable resource for the IT team, providing a centralized repository of information that can be easily accessed and updated as needed.
|
||||
|
||||
By maintaining detailed and accurate documentation, we aim to:
|
||||
|
||||
- **Support Troubleshooting and Maintenance**: Provide a reliable source of information for diagnosing issues and maintaining systems.
|
||||
- **Simplify Onboarding**: Facilitate knowledge transfer to new team members, reducing learning curves.
|
||||
- **Ensure Business Continuity**: Enable smooth operations and rapid recovery in the event of personnel changes or system disruptions.
|
||||
|
||||
### Scope
|
||||
|
||||
This documentation will cover the following areas:
|
||||
|
||||
- **Network Architecture**: Layout and structure of network components.
|
||||
- **Hardware Configurations**: Specifications and details of physical devices.
|
||||
- **Software Applications**: Inventory and configurations of software tools.
|
||||
- **Security Protocols**: Password management, access controls, and compliance guidelines.
|
||||
- **Other Relevant Information**: Any additional resources necessary for managing the IT infrastructure.
|
||||
|
||||
### Conclusion
|
||||
|
||||
Investing in comprehensive IT documentation will enhance the efficiency and reliability of our infrastructure, reducing risks and ensuring a resilient, well-organized environment. Let’s work together to build a robust documentation repository that will serve as a valuable resource for KH3 Group.
|
||||
By investing time and effort into comprehensive documentation, we can improve the overall efficiency and reliability of our IT systems. It will contribute to a more organized and resilient infrastructure, reducing the risk of disruptions and enhancing the ability to respond effectively to any technical challenges that may arise.
|
||||
|
||||
Let's work together to create a robust and up-to-date documentation repository that will serve as a valuable asset for the organization.
|
||||
|
|
|
|||
4
docs/services/docker/droneci.md
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
# DroneCI
|
||||
DroneCI is an automation tool that simplifies the testing and deployment of software changes, improving collaboration and code quality. It automates build and test processes, integrates with version control systems, and provides visibility for team members. By reducing manual tasks and enhancing collaboration, DroneCI accelerates the software development cycle and ensures reliable code deployments.
|
||||
|
||||
DroneCI and Gitea work together to automate the creation of KH3's IT documentation website. DroneCI connects to the Gitea IT repository and automatically builds the mkDocs website whenever there are changes to the code or documentation. This ensures that the website is always up-to-date without requiring manual intervention. It simplifies the process, saves time, and helps keep KH3's IT documentation easily accessible for the team.
|
||||
5
docs/services/docker/gitea.md
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
# Gitea
|
||||
Gitea is a self-hosted, lightweight Git service that provides a user-friendly interface for managing source code repositories. It allows teams to collaborate on software development projects by providing features like version control, issue tracking, and code reviews. Gitea simplifies the process of setting up a Git server, making it accessible to individuals and small teams who want to keep their codebase secure and under their control.
|
||||
|
||||
|
||||
Gitea is a platform used to store and manage all of KH3's IT documentation and configuration files. It provides a secure and collaborative space where the team can work together to update and organize these important resources. Gitea allows multiple team members to make edits, track changes, and communicate efficiently. It integrates with other tools and services, making it easier to connect the documentation with other IT processes. Overall, Gitea simplifies the management of KH3's IT documentation and promotes effective collaboration within the team.
|
||||
6
docs/services/docker/graylog.md
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
# Graylog
|
||||
Graylog is a special tool that helps people who manage computer systems to keep an eye on how everything is working and fix any problems that come up. It does this by collecting and studying log information from different programs and machines. By putting all the log data in one place, Graylog makes it easy to search for specific information and figure out what might be causing issues. Graylog works with different types of logs and makes it simple to understand what's happening in the computer system. It's like having a detective that helps keep everything running smoothly.
|
||||
|
||||
|
||||
In KH3's infrastructure, there are many different services running, such as websites, databases, and applications. These services generate log data, which contains valuable information about how they are functioning. Graylog acts as a central hub where all these logs are collected and stored.
|
||||
|
||||
5
docs/services/docker/pihole.md
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
# Pi-hole
|
||||
|
||||
Pi-hole is a special tool that blocks ads on your devices when you're using the internet. It runs on a small computer and stops ads from showing up on your screen. This makes your internet faster and keeps your privacy safe by preventing advertisers from tracking you. Setting up Pi-hole is easy, and it gives you control over what you see online. It's like having your own personal ad blocker that makes your browsing experience better.
|
||||
|
||||
Pi-hole is an important tool used in KH3 to manage internet traffic. It acts as the main control point for all devices on your network, blocking unwanted ads and restricting access to malicious websites. Pi-hole also simplifies access to local services by assigning easy-to-remember names instead of complicated IP addresses. It ensures a safer and more efficient internet experience for KH3, enhancing security and productivity.
|
||||
7
docs/services/docker/traefik.md
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
# Traefik
|
||||
Traefik is a smart tool that helps make sure your apps work well. It sits between your devices and the servers hosting your apps, like a traffic controller. It takes the requests from your devices and sends them to the right server, making sure everything runs smoothly.
|
||||
Traefik also balances the work across many servers, so not one server gets too busy. This helps your apps run faster and stay reliable, even when lots of people are using them.
|
||||
|
||||
|
||||
|
||||
It is configured with cloudfare to request and let's you encrypt wildcard certificate [*.office.kh3group.com](*.office.kh3group.com) used by most of the locally hosted services In KH3’s IT infrastructure. Furthermore it is set up automatically to renew the wildcard certificate on 3-month schedule, this ensures it is always up to date. Also it acts as a reverse proxy, working with pinhole that acts as a local DNS to ensure that locally hosted services are reachable by their host name e.g: you can access KH3’s IT documentation on any device on the KH3 local network by visiting [docs.office.kh3group.com](docs.office.kh3group.com)
|
||||