390 likes | 534 Views
KU Network Project. Eagle 9 We trust on what we know. Design and Documentation By: Team: Eagle 9 Phone:+93795008012 Email: Hasibsahibzada@gmail.com Date:. Contents. Existing Network Infrastructure. Problems with existing network. Network Requirments.
E N D
KU Network Project • Eagle 9 We trust on what we know Design and Documentation By: Team: Eagle 9 Phone:+93795008012 Email: Hasibsahibzada@gmail.com Date:
Contents • Existing Network Infrastructure. • Problems with existing network. • Network Requirments. • Introduction to New KU network. • Services of the New KU network.
Existing network Problems • Trunked ports. • Load on the NOC router. • Single point of failure devices. • NO bandwidth utilization. • Authentication problem. • Usage of one Cache server. • No routing protocols. (NO IP summarization.) • Less usage from layer three switches. • Usage of software based security firewalls. • Complicated Configuration.
Existing Network Services • Internet connections to all faculties • VOIP services • EMAIL service • One cache servers.
New Network Capabilities • Different VLANS for (Data,Voice and Video). • VOIP Services.(LAN and WAN). • Video Conferencing Services in all faculties. • Web Service. • A improved Library. • Database. • Authentication (VPN and RADIUS). • Best Redundancy Links. • Best use of Routing Protocols (OSPF) • Centralized Control.
New Network Capabilities • IP summarizations on ABR routers. • Greater processing speed. • Flexability. • 99.99% data availability & uptime. • Faster information retrieval
VOIP Service structures • Centralized Controll of VOIP. • A: Cisco CallManager 4.01 with SR2a or later
VOIP Service structures • 2)None Centralized VOIP. • Benifites: • Fast connectivity. • Connecting to other Networks. • Istablishing connections to other Universities.
Video Conferencing • High-performance, flexible, and scalable video infrastructure to help you: A: Conduct face-to-face discussions between distributed personnel. B: Reduce travel and expenses C: Enhance collaboration between colleagues, partners, and customers
Video Conferencing Requirments • Cisco Unified Videoconferencing 3500 Series products. • This solutions Provides: • Support for a broad range of standards-based video endpoints. • Continuous presence features displayed at full HD quality . • Advanced conference setup and attendance functions, a range of dynamic layouts, and numerous in-conference controls for an optimal user experience. • Firewall-friendly desktop video to extend your video environment to any networked PC. • File sharing, • Integrated Voice • And lots more ..................................
Web Services • Kabul Univerisity Should have a Web site. • That should provide important informations about Kabul University and its faculties. • And should be an interface for Library and Database of the Kabul University. • It should be placed in the NOC.
Electronic Library • This Library should have all kinds of book found in the Kabul University Library and other international books found on other international libraries. • Access Methods. • 1: Inside access (Students in KU network). • 2: out side access (Remote Users). • Structure of Library. • 1: Primary server in NOC. • 2: secondary in some star center faculties. • Cenchronization occures between these Libraries.
Database • Databases is designed for the information of • 1: Faculties details • 2: Teacher's profiles. • 3: Student's profiles and grades. • 4: Easy Result retrivals. • 5: Classes time tables. • 6: Start and end dates of Classes and more.
Mail Server • Mail server is currently Active on Kabul University from the ISP. • But we can make a mail server too.
Connectivity • The connectivity is an important issue in the KU network. • All the devices are interconnected and is designed to be available 99.9%. • Usage of routing Protocol. • OSPF routing protocol is implemented in our Network to establish connections between all networks. • Routing protocol is used to avoid trunk ports and sub ports and to benefit from ip address summarizations for fast connectivity and fast convergence. • OSPF Structure in KU network. • Three areas are configured (area 0 ,area 1 and area2) on the Network. • These areas are used to betterly summarize IP addresses and to avoid lots of routing updates of routing protocols.
VLANS • Every Faculty has three VLANS • 1: Voice VLAN. • 2: Video Conferencing VLAN. • 3: Data VLAN (Through wired and Aps). • Every VLAN is actually a seperate network and the Switch assigns IP address From a specific network. • VLAN Networks are in available in routing updates and every faculty can reach to them.
Redundant ABRs • blog.chinaunix.net
Security on the network • Security is one of the important part of every network. • Different security messures are concedered here. • Security while Connecting to the KU network.(Authentication) • Using RADIUS Server and VPN. • RADIUS Server • DEFINITION - Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, • enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for • effective network management and security. • As the first process, authentication provides a way of identifying a user, typically by having the user enter a valid user name and valid password before • access is granted. The process of authentication is based on each user having a unique set of criteria for gaining access. The AAA server compares a user's
RADIUS Server • authentication credentials with other user credentials stored in a database. If the credentials match, the user is granted access to the network. • If the credentials are at variance, authentication fails and network access is denied. • How Does RADIUS Server work? • RADIUS is a client/server protocol. The RADIUS client is typically a NAS and the RADIUS server is usually • a daemon process running on a UNIX or Windows NT machine. The client passes user information to designated RADIUS servers and acts on the response that is returned. RADIUS servers receive user connection requests, authenticate the user, and then return the configuration information necessary for the client to deliver service to the user. • A RADIUS server can act as a proxy client to other RADIUS servers or • other kinds of authentication servers.
RADIUS • 1. User initiates PPP authentication to the NAS. • 2. NAS prompts for username and password (if Password Authentication Protocol [PAP]) or CHAP (Challenge Handshake Authentication Protocol [CHAP]). • 3. User replies. • 4. RADIUS client sends username and encrypted password to the RADIUS server. • 5. RADIUS server responds with Accept, Reject. • 6. The RADIUS client acts upon services and services parameters bundled with Accept or Reject.
RADIUS • This server has (Authentication,Accounting and Authorization). ==== AAA Server. • Implementing it in KU network. For inside USERS
RADIUS and VPN • For outside users we have two way • 1: on the previous slides (Dial up connection) • 2: VPN. • • Windows 2000 RADIUS server requires Password Authentication Protocol (PAP) for authenticating a Cisco VPN Client. (IPSec clients) • • Using a RADIUS server that does not support Microsoft Challenge Handshake Authentication Protocol (MSCHAP) requires MSCHAP options to be disabled on the VPN 3000 Concentrator. (Point−to−Point Tunneling Protocol [PPTP] clients) • • Using encryption with PPTP requires the return attribute MSCHAP−MPPE−Keys from RADIUS.(PPTP clients) • • With Windows 2003, MS−CHAP v2 can be used, but the authentication method should be set as "RADIUS with Expiry"
RADIUS and VPN • Components Used: • • Cisco VPN 3000 Concentrator • • Cisco VPN Client
Security on network devices • Network devices like (Switches,Routers,servers). • 1:Using ssh for management of switches and Routers. • 2:Authentications for NOC servers. • NOC Servers like (Monitoring Servers,cach Servers, Exchange Servers and other servers).
Firewalls • Firewalls are very important in different places of our network. • Types of Firewalls in our Network. • Hardware Based Firewalls. • 1: Netscreen 5200 • Features:
Juniper NetScreen 5200 • Location of the netScreen 5200.
Firewalls For Faculties • ABR routers has Hardware firewalls.
Other software based Firewalls • Indian Firewalls. • IPCOP Firewalls with web sence. • Micorsoft ISA firewall.(Has lots of features). • And These firewalls can be used as cach server too.
Redundancy • Redundancy is something that keeps our network up and available for the users. • We have different redundancies in out Network. • 1: Link Redundancies. • Using Patch Panels on every faculties to make redundant links. • Using other fiber optic cores. • 2: Server Redundancies. • Making Primary and secondary servers on different locations. • Using Virtualizations for servers.
Virtualizations • What's a server Virtualization? • Basically, a virtual server, or VM, is an instance of some operating system platform running on any given configuration of server hardware, centrally managed by a virtual machine manager, or hypervisor, and consolidated management tools. • A single instance may operate in isolation or share resources with several other instances of the same (or separate) server platforms. • Primary Benefits of Virtualization. • 1:share its resources • 2:functions as individual entity on the network. • 3:save money. • 4:Centralized server Management. • 5:simple and faster Backup and recovery
Server Virtualization Features • Among the various virtualization methods available, NEC primarily focuses on virtualization software solutions. Because the virtualization software, or hypervisor, used by NEC runs directly on bare hardware (physical servers), our virtualized environments have little overhead. NEC’s proven, reliable solutions are built upon years of experience with virtualization. • Features: