1 / 34

CPE 5013 Assignment Number 2 Network Administration Project

CPE 5013 Assignment Number 2 Network Administration Project. Presentation Contents. Organisational Context IP Addressing Scheme Selected site technologies LAN/WAN Connections Devices Employed Security Overall Network Topology Other Considerations Cost and Time to Deploy.

norman-garrison
Download Presentation

CPE 5013 Assignment Number 2 Network Administration Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CPE 5013Assignment Number 2Network Administration Project

  2. Presentation Contents • Organisational Context • IP Addressing Scheme • Selected site technologies • LAN/WAN Connections • Devices Employed • Security • Overall Network Topology • Other Considerations • Cost and Time to Deploy

  3. The Organisation - WorthWools • 10 Business Units (BU) + 1 Corporate Group • Each BU has 15 Retail Sites • 4 Large Local BUs • 4 Small Local BUs • 2 Large Overseas BUs • Each Local BU has 3 Retail Sites in each State • 7 Headquarters Offices • 2 Overseas Regional HQs • 4 State Regional HQ • 1 Corporate HQ – also a State Regional HQ

  4. WorthWools - Business Units

  5. Large Retail Site Unit Office/Site Structure 1 Corporate Headquarters 4 2 State Overseas Region HQ Region HQ 4 4 2 Large Small Retail Unit Retail Unit Large Small Large Retail Site 1 Retail Site 1 Retail Site 1 15 15 15 Large Small Large Retail Site 15 Retail Site 15 Retail Site 15

  6. IP Addressing – 10.x.x.x • Minimise internet routable addresses – cost/security • External IP address for each retail outlet and each HQ only • Also needed for externally accessible servers - SSL gateway • Option of 3rd party hosting for external web site • All hosts to be assigned a private IP address 10.x.x.x • Each site to be internally routable • 10 Business Units – allow maximum 32 – requires 5 bits • 15 Retail Outlets per BU – allow maximum 32 – requires 5 bits • 7 Headquarters sites also need to be allocated • Allocate 10 bits (/18 subnet mask) for site ID using VLSM

  7. IP Addressing – 10.x.x.x /18BU/Outlet Illustration • BU Outlet Host ID • 10. 11111 111.11 000000.00000000 • IP Network Address for BU #1, Outlet #1 ? • 10. 00001 000.01 000000.00000000 • 10. 00001 000.01 000000.00000000 • 10.1000.1000000.0 • 10.8.64.0

  8. Business Unit/Retail Site IP Addressing – 10.0.0.0 /18

  9. IP AddressingVLAN/Host Addresses • Still have 14 bits available • Much more than needed for number of hosts at each site • Can use some bits for further subnetting – VLANs • VLANs useful for security and decreased congestion • eg. Accounting different VLAN to other departments • Reduced traffic visibility to internal staff or hackers • Able to develop firewall rules to provide further controls • Reduces broadcast traffic – restricted to host on same VLAN • Allocate 6 bits for VLAN Number – maximum 64 per site • Remaining octet used for host ID – maximum 254 hosts per VLAN

  10. IP Addressing – 10.x.x.xFurther Subnetting via VLAN • BU Outlet VLAN Host ID • 10. 11111 111.11 111111. 11111111 • IP Address for BU #1, Outlet #1, VLAN #1, Host #1? • 10. 00001 000.01 000001. 00000001 • 10. 00001 000.01 000001. 00000001 • 10.1000.1000001.1 • 10.8.65.1

  11. Further Subnetting – VLANs

  12. User Requirements • 2 users per Small BU Retail Site • Limited traffic, standard applications • 20 users per Large Retail Site • Moderate traffic, standard applications • 20 users per Overseas Regional HQ • Moderate traffic, standard, custom and ad-hoc applications • 80 users per State Regional HQ • Moderate traffic, standard, custom and ad-hoc applications • 100 users per Corporate HQ • Moderate traffic, standard, custom and ad-hoc applications

  13. Corporate Objectives • Ensure functionality • Match application requirements • Infrastructure match for traffic requirement • Minimise fixed and variable costs • Lowest cost hardware • Low maintenance costs • Communications and data secure • Traffic encrypted • Secure data storage & regular backups • Robust configuration/patching/upgrade management • Maximise uptime • Rapid problem resolution • Scalability

  14. Selected Technology – Small Retail • Thin client PCs • Connected to corporate HQ via internet and SSL • Applications executed remotely - virtualization • Functionality • Limited applications available via terminal server • Low traffic requirement allows ADSL internet connection • Cost • Low cost hardware • Ongoing Citrix Presentation Server licensing fees • Claimed that support costs cut by 80-90% vs PC • Security • Data kept centrally and backed up • Applications kept, patched, configured centrally • SSL VPN connection, Unified Threat Management software • Uptime • Lower support requirement, all clients the same for sparing • Extremely scalable

  15. SSL/Internet Request Document Thin Client or Mobile User SSL Encypted VPN Corporate HQ – Small Retail Regional HQ – Mobile User Virtual Terminal Sessions Small Retail Site or Mobile User

  16. Selected Technology – Large Retail • “Smart Client” PCs • Connected to Regional HQ via Leased Line with IPSec VPN • Applications, data streamed from HQ - cached on local PC • Reduced load on server and communications traffic • Functionality • Speed requirement met via leased line and local processing • Cost • Low cost hardware • Ongoing Citrix Presentation Server licensing fees • Low support costs • Security • Data kept centrally and backed up • Applications kept, patched, configured centrally • IPSec VPN connection, VLANs, Firewalls • Uptime • Lower support requirement, all clients the same for sparing • Extremely scalable

  17. Leased Line IPSec VPN “Smart” Client Regional HQ Software Streaming Large Retail Site

  18. Large Retail Topology Leased Line Hardware IPSec VPN To Regional HQ Workstation 3 VLAN 10 Router Switch Workstation 2 VLAN 20 Workstation 1 VLAN 10

  19. Selected Technology – HQs • Full PCs • HQs connected via Leased Lines with IPSec VPN • Applications kept on local PC • Data policies for use of local file server vs PC hard disk • Functionality • Custom and ad-hoc applications available • Speed requirement met via leased line and local processing • Cost • Highest cost hardware • Scale economies through centralised IT resource at HQ for support • Security • Data policies for use of local file server • IPSec VPN connections, VLANs, Firewalls, DMZ • E-Mail Server kept on DMZ at Corporate HQ • Web Server kept on DMZ at Corporate HQ or hosted externally • Uptime • Centralised HQ support • Scalability • IP addressing to enable growth

  20. Regional HQ Topology Internet Including SSL VPN From Mobile User Leased Line Hardware IPSec VPN From Large Retail Workstation 3 VLAN 10 Router Router Switch De-Militarized Zone Proxy Server Workstation 2 VLAN 20 Workstation 1 VLAN 10 Servers Including Virtual Terminal Server Laptop PC VLAN 30

  21. Corporate/Overseas HQ Topology Leased Line Hardware IPSec VPN From Large Retail and Regional HQ Internet Including SSL VPN From Small Retail/Mobile Workstation 3 VLAN 10 Router Router Switch De-Militarized Zone Proxy Server Workstation 2 VLAN 20 Workstation 1 VLAN 10 Servers Including Virtual Terminal Server, Mail Server, Web Server Laptop PC VLAN 30

  22. WorthWools – The Network Overseas HQ 2 Countries Corporate HQ 1 State IPSec VPN Mobile User IPSec VPN Internet Small Retail Region HQ 4 States Large Retail 12 per Region HQ IPSec VPN

  23. Network TopologyAssignment 1 Link - Wireless • No wireless at retail sites • Not necessary for usage • Wireless perimeter too physically close to public areas • At headquarters allow wireless • Able to roam between offices and meeting rooms • Security implementation – 802.11i • 802.1X EAP-TLS Authentication – Radius/Certificates • AES Encryption • Access Points central – limited signal beyond perimeter • Rogue access point and intrusion detection sensors

  24. Network TopologyReliability/Uptime • Measures to consider for increased reliability/uptime • Server mirroring • RAID data storage • Leased Line ISP reliability/redundant routing paths • Failover to connections via internet • DNS/Web Caching at regional HQs • Mailbox servers at regional HQs – Gateway at corporate HQ • Long DHCP lease periods at retail sites

  25. 755m 47pp 16m pp 18m Office 1 Office 2 Office 3 Office 4 Office 5 Office 6 104m 6pp 12m 22m 18m 16m 20m 16m 48m 6pp 9m 21m 13m 15m 17m 19m 9m 180m 10pp 8m 10m 8m 8m 15m 19m 17m 23m 21m MDF 7m 7m 15m 19m 23m 9m 15m 19m 23m 9m 348m 18pp 15m 19m 23m 10m 7m 1pp 15m 19m 23m 10m 16m 20m 24m 11m 16m 20m 24m 11m Elevator 60m 6pp Data Cabling Cost EstimateCable Lengths – HQ Floor

  26. Data Cabling Cost Estimate • Cat 6 cable to hosts, host leads, wall connectors • Existing cable needs to be removed ? • Below floor or in ceiling ? • Raceways and cable trays • Multimode fibre backbone – laid, not pulled • Cabinets, redundant power supplies, patch panels, patch leads • Building modifications and cable shielding in certain places • Labour cost – design, installation, testing and certification • Varies Widely - use rule of thumb total cost of $300/connection • Corporate HQ = 150 connections = $45,000 • Regional HQ = 100 connections = $30,000 • Large Retail Site = 20 connections = $6,000 • Small Retail Site = 2 connections = $600

  27. Costs - Small Retail Site • Low up front cost due to basic PC • Additional advantage of low ongoing support costs, stable platform • Gartner estimate of annual cost of $8-10k annually for unmanaged PC

  28. Costs - Large Retail Site • Low up front cost due to basic PC and scale economies • Low ongoing support costs, stable platform vs annual license fees • Still very economical vs Gartner estimate

  29. Costs – Overseas HQ • Higher up front cost – could be offset via hardware leasing • Higher ongoing support costs due to additional application requirements • Support costs will be high due to remote smaller HQ

  30. Costs – Regional HQ • Higher up front cost – could be offset via hardware leasing • No client licensing fees after first year • Higher ongoing support costs due to additional application requirements • Costs, security contained due to concentrated HQ site

  31. Costs – Corporate HQ • Similiar to State regional HQ • Additional costs due to central services – E-Mail Gateway, Web Site • Central storage site • SSL VPN Gateway for small retail sites

  32. Total Up-Front Cost • Total first year cost of $ 4.5 million • Up front cost reduced due to adoption of minimalist client philosophy • Hardware leasing available if further cost smoothing preferred • Inexpensive given size of organisation

  33. Total Per Annum Cost • Annual costs higher due to licensing fees • Small price to pay if promise of reduced IT visits by 80-90% results • Lower support costs • Higher uptime – revenue impact

  34. Network TopologyTime to Roll Out • Accelerated roll-out • Minimalist Thin Client implementation at small sites • Minimalist Smart Client implementation at large sites • Option to pilot the configurations • Identical implementations across Business Units • Rapid roll out once one implementation type stabilised • Total time for deployment dependent on budget • For an organisation this large expected time circa two years

More Related