It230 Computer Networking Final Essay Example

It230 Computer Networking Final Essay Network Design Franklin Joel Grimes IT 230 Executive Summary This paper will help to clearly define the network design of XYZ Corporation by ABC Computing. Together we will meet your IT challenges in a seamless, highly organized fashion. What we must address together, are the following: ? What are the goals of the network design project ? What things may be assumed ?  Ã‚  Ã‚  Ã‚  Ã‚   The pros and cons of our proposed IT solutions ? The exact scope of our mutual project constraints Why are we having these IT changes? XYZ has grown quickly over the past few years. You have expanded to many locations and must now be capable of acting and reacting as if XYZ were in one compact, efficient location. A wide area network or WAN will allow all areas to function as if they were under one roof, sharing resources in a secure environment. Topologies, what are they? Topologies are the logical structures of the network. We need only discuss one. We will be using a star topology. That means that devices will be connected to a central routing switch in a star like fashion. What does that really mean to XYZ? We will write a custom essay sample on It230 Computer Networking Final specifically for you for only $16.38 $13.9/page Order now We will write a custom essay sample on It230 Computer Networking Final specifically for you FOR ONLY $16.38 $13.9/page Hire Writer We will write a custom essay sample on It230 Computer Networking Final specifically for you FOR ONLY $16.38 $13.9/page Hire Writer This means lower cost of installation, simple maintenance, and ease of upgrading. The network connections will be made by way of a virtual private network. For each of you, this simply means that you not need to dial up connections. Connections will be dedicated, efficient, secure and automated. Network business applications will not be changing. The software and operating systems you are accustomed to will remain in place. The method of communications from one to computer to another; running in the background, will be the main changes. Some serious differences will be a new backup and disaster recovery plan. XYZ will now have a hot site facility. This means that in the event of a disaster, the location, back up programs, back up data, and logistical facilities will be ready for immediate use. Cabling Specifications In buildings that currently have a 100Base-T network; XYZ will save a considerable amount of money. This is due to the fact that the new Gigabit network will be able to utilize the existing Cat-5 cable. According to Hallberg (2005) â€Å"1000Base-T networks are notable in that they can run over existing Cat-5 cable but at ten times the speed of 100Base-T networks†. This savings will offset much of the upgrading to switches As opposed to hubs, as will be discussed in detail further in this proposal. Hallberg (2005) further adds that â€Å"running over Cat-5 cable is a significant advantage for lOOOBase-T, because around 75 percent of installed network cabling today is Cat-5, and rewiring an entire building for a new networking standard is an extremely expensive proposition†. 1000Base-T over Cat-5 has these characteristics according to Hallberg (2005): ? Require eight actual wires (four twisted pairs in a single sheath) ? Must use Cat-5 cable or better ? Are limited to a length of 100 meters (328 feet) for each node connection ? Are not limited in the number of nodes in a single logical segment ? Use RJ-45 connectors for all connections Local Area Network (LAN) Topologies A physical star topology will be used. This topology should make an efficient, yet affordable network. According to Hallberg (2005) A star topology is one in which a central unit, called a hub or concentrator, hosts a set of network cables that radiate out to each node on the network.. Each hub usually hosts about 24 nodes; although hubs exist that range in size from two nodes up to 96 nodes. Regardless of the hub size, you can connect multiple hubs together to grow the network in any way that makes sense. Below is an example of a basic physical star topology. [pic] It would be good to remember that â€Å"all the network traffic used on any of the network connections to the hub is echoed to all the other connected nodes on that part icular hub†. (Hallberg 2005) This means that the bandwidth vailable from the hub is the total â€Å"amount of bandwidth available to all nodes connected to the hub in aggregate†. (Hallberg 2005) This is important. Consider that one computer uses fifty megabits per second of a maximum one hundred megabits per second. All of the other computers are limited to the remaining fifty megabits per second shared equally; however, one connection could use up to fifty percent. In another scenario two computers connected to a hub try to send data at the same time. According to Dux Computer Digest (2009); â€Å"a collision is said to occur†. For this reason a pc connected by a hub must negotiate using Carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol. The Ethernet adapters in each pc have the ability to listen and to send, but they can not do both at the same time when connected to a hub. This is called half duplex. There is a better option for this network. This network will use gigabit switches. These switches will operate at 10/100/1000 megabits per second. The speed is a bonus, but the main improvement will be that each pc connected will operate at full duplex. There will be no need to listen for data collisions. This doubles the performance of the individual pc’s network ability. According to Dux Computer Digest (2009) â€Å"An Ethernet switch automatically divides the network into multiple segments, acts as a high-speed, selective bridge between the segments, and supports simultaneous connections of multiple pairs of computers which dont compete with other pairs of computers for network bandwidth. †Ã‚   This will greatly enhance network performance. The switch according to Dux Computer Digest (2009) â€Å"accomplishes this by maintaining a table of each destination address and its port. When the switch receives a packet, it reads the destination address from the header information in the packet. † A temporary direct point to point connection between both ports is made, the packet is sent, and the connection is terminated. The network can usually be updated simply by updating its switches and bridges firmware. This saves time and money as the network grows in its lifecycle. Though the physical topology is star, a logical Ring topology will be used as token passing will sometimes be necessary. The network will consist of 24-port bridges, servers, and workstations. The following diagram will help to explain how the different offices and areas of XYZ Corporation will interface with the resources of the Local Area Network, and by a proxy server connection the Intranet that will serve as XYZ Corporation’s Wide Area Network including internet access. [pic] The addressing and components of the LAN are as follows: †¢ The company will have a network ID 209. 168. 19. 0 and can occupy multiple floors. †¢ The subnet mask will be 225. 225. 225. 192 †¢ There will be a subnet for each floor. †¢ This will allow for future growth of up to 62 hosts per subnet (floor), 4 subnets (floors). One server will be a redundant mirror and will physically reside in another location. †¢ One subnet will have a proxy server with a firewall. All internet access will go through this proxy server. This Local Area Network will offer many benefits. What are these benefits? First, this plan builds an affordable network. The network is capable of me eting current needs and has room for future expansion and affordable updates. This LAN can use the existing CAT-5 Cabling. This network will facilitate one hundred users from multiple groups with custom accessibility at each location and can be further expanded. The LAN will be capable of covering multiple floors, offices and purposes. This LAN will have a higher startup cost than a LAN using hubs, but the enhanced capability and future ease of upgrading will offset the cost over the system’s lifetime. Furthermore, this LAN will use a proxy server for internet access. The switches selected have built in firewalls and may be used as bridges. There will be a main file server and redundant mirror in a remote location. The LAN will have a hot site (a complete backup, physical and digital) in addition to the mirror location. The proxy server will, as previously mentioned, provide connectivity between physical locations by forming a WAN or Wide Area Network. This shall be in the form of an Intranet. The logical topology of the Intranet shall be ring topology. This is not to be confused with the physical topology. This logical topology will allow tokens to be passed throughout the network as needed by administrators. Most offices where users have limited access will have switches that connect directly to file servers and proxy servers. Offices of senior management, executives and administrators will have switches that connect to the file server, the proxy server and may communicate directly with any switches connecting other users in these groups. The file server will be connected to a server that will serve as a local redundant mirror. Further, the proxy server shall connect to another redundant mirror at a remote hot site location. In the event of any disaster, this remote hot site will be ready to continue business as usual. The Logical Layout of the LAN; visually, is as follows (locations may tailor the scope and size); [pic] The networks will need several protocols. Protocols are software that forms the rules that network communications use to negotiate and communicate. The following protocols will be necessary: ? As all locations will use Windows XP, TCP/IP will be the only network protocol necessary. If the existing network uses IPX/SPX printer sharing or file sharing these will be deleted and updated with TCP/IP Wide Area Network (WAN) Design XYZ Corporation has many offices in as many locations around the world. What XYZ needs is an efficient, cost-effective, way to exchange data between all of these offices. What ABC Computing recommends to XYZ is an intranet. According to 2005 Hewlett-Packard Development Company, L. P. (2005) this will be a Wide Area Network and will â€Å"enable customers at different locations to view information and to upload and download information†. The purpose of this paper is to lay out the basic requirements for the â€Å"transmission of data and site to site communication†. (Hewlett-Packard Development Company, L. P. 2005) This paper will also cover the WAN layers as well as the physical and data link layers. This paper will deal with Internet connectivity, bandwidth requirements and necessary equipment and configuration. This paper will make recommendations the â€Å"two major domains of wide area network design; Designing the Physical and Data Link Layers, Designing the Network Layer and Internet†. (Hewlett-Packard Development Company, L. P. 2005) What is a WAN According to (Hewlett-Packard Development Company, L. P. 2005) In the most general sense, a Wide Area Network (WAN) is a geographically dispersed telecommunications network. For the purposes of this paper a WAN is generally defined as a network created to connect two or more Local Area Networks (LANs). WAN discussion could include the interconnection between arriers, but this is beyond the scope of this paper. Below is an example of a basic Wide area network. [pic] LANs can be connected to a WAN whether the LANS are in the same city or elsewhere in the world. Public carrier networks are used frequently to create WAN connections between LANs if these LANS are located in different parts of the world. â€Å"In most regions it is the Public Telephone and Telegraph (PTT) companies, which serve Mexico, Europe, Asia, South America, and other parts of the world†. (Hewlett-Packard Development Company, L. P. 005) Since XYZ has one office in Mexico there will be one connection made from that location via TeleMex, a Mexican PTT. XYZ’s Mexican Bandwidth Requirements The Bandwidth required for this connection will need to be a T1. This location is a LAN with one Network Server and 4 nodes. The location is used simply to interface with local manufacturers for parts. This Mexico LAN will to XYZ’s main office in New York. New York Administrators will have remote access to all functions of the Mexico Server and nodes. XYZ’s New York Bandwidth Requirements The New York office will need a T3 connection (45 MBPS). This is based upon the fact that the New York LAN has 48 nodes accessing the proxy server to gain access to the Internet and the corporate intranet. There are 96 nodes accessing the file server locally, but only 48 nodes have permission to access the Internet or the intranet beyond the proxy server. It has been determined that no more than 32 modes will use access simultaneously and these need no more than one MBPS to function efficiently. This leaves 16 MBPS to send real time information to the redundant backup server at the remote location. This will be more than adequate bandwidth. To achieve this bandwidth it will be necessary to lease the bandwidth from a local Telephone Carrier. It will be necessary to install a T3 (DS3) line card and T3 SMB cabling. At The New York site there will need to be a DNS Server, a Proxy Server, and a file server. The proxy server will give access to the Internet; and thereby the Intranet of xyz. The bandwidth will be distributed locally through the LAN by using gigabit switches. The graphic below depicts how leased bandwidth like a T3 is accomplished in the United States. [pic] Hot site requirements XYZ will lease a hot site in Atlanta Georgia. This site will have duplicate equipment and connections necessary to operate in the event of an emergency. This site will need a T3 available in the event of an emergency. This site will not need to be activated except in the event of a natural disaster or terrorist attack, leaving the New York site compromised. Connections There are four types of circuits used in creating WAN connections when considering both the physical and data link layers: Below is an illustration of the four types of connections used in WANs [pic] XYZ will need Dedicated Physical Circuits. According to Hewlett-Packard Development Company, L. P. (2005) â€Å"Dedicated circuits are permanent circuits dedicated to a single subscriber. The connection is always active†. This will be necessary as the logical topology of the intranet will be ring. Hewlett-Packard Development Company, L. P. (2005) further states concerning dedicated physical circuits that the subscriber purchases dedicated time slots, or channels, that provide a specific amount of bandwidth that is always available for the subscriber to use. The channels in a dedicated circuit are created using time division multiplexing (TDM). In addition to providing guaranteed bandwidth at all times, dedicated circuits provide the most secure and reliable WAN connections available. Virtual Private Network The Intranet developed for XYZ will be set up as a virtual private network or VPN. XYZ has spread beyond physical boundaries. This VPN network solution will be implemented to deal with these needs. IN this wide area network this VPN will be called a VLAN. According to Regan (2004) â€Å"A VLAN is a collection of nodes that are grouped together in a single broadcast domain that is based on something other than physical location†. This VLAN will be logically segmented, organized by functions, and applications. Although users may be in different locations they will communicate as if they were on the same wire. Physically, they will be on different LANS. It will be simple to add and subtract users from this VLAN because there will be no physical connections to setup or delete. The administrator can simply add or delete a user to any location from his location. The network will be segmented into broadcast domains. This will conserve bandwidth. This intelligent switching will be more cost effective. Bandwidth will be manages efficiently. The XYZ VLAN can assign membership by port address. This type of network will be easy to implement and highly cost effective. According to Regan ((2004) â€Å"The ports of a switch can be assigned individually, in groups, in rows, or even across two or more switches, if the switches are properly connected through a trunking protocol. † DHCP will assign IP addresses to XYZ’s network hosts. XYZ will use layer 2 switching because layer 3 does not always support layer 2 bridging. XYZ will use the VLAN Trunking Protocol (VTP) and VTP Domains. VTP, according to Regan (2004) â€Å"is a layer 2 messaging protocol that maintains VLAN configuration consistency throughout a common administration domain†. Administrators can manage user name changes over multiple switches by VTP. Ths will help to keep the naming area clean and clear. VTP protocol will help conserve bandwidth further by pruning. â€Å"VTP pruning only sends broadcasts to trunk links that truly must have the information. † Regan (2004) Having a wide area network will allow all of the locations of XYZ to function as one entity. Latency aside, this will be in real time. Bandwidth is expensive, and our position is that this Network Layout will maximize the usefulness while minimizing the expense of a wide area network. The virtual private network will allow for maximum security while still using internet protocols to run an Intranet. This will be a cost effective way for XYZ to approach networking, both now and will allow for unlimited future growth. Network Protocols Since all operating systems will be Microsoft XP Professional and XYZ Corporation will be operating on a VPN the only Network protocols necessary will be TCP and IP. These protocols operate on the Network and Transport layers of OSI model. Transport The Transport and Network layers main concern is with protocols for delivery and routing of packets. These are generally implemented in software. According to Techexams. net (2009) The Transport layer converts the data received from the upper layers into segments and prepares them for transport. The Transport layer is responsible for end-to-end delivery of entire messages. It allows data to be transferred reliably and a uses sequencing to guarantee that data will be delivered in the same order that it was sent†¦. Examples of protocols that operate on this layer are TCP, UDP, NETBEUI, and SPX. Network The Network layer breaks down segments of data into packets and determines the path or routing as well as delivery of packets across internetworks. Network addressing happens at this level. This is called logical addressing or level 3 addressing. IP addressing is an example of this. Other protocols are IP, IPX, ICMP, RIP, OSPF, and BGP. Devices that operate on this level are routers and switches. It is on this level that most packet filtering and physical firewalls operate. Network Remote Access Making the Choice What the difference between virtual private network (VPN) remote access and dial-up. Both can â€Å"provide network access to remote clients†. (Microsoft Corporation 2009) Both methods provide remote access and both have unique advantages and disadvantages. The choice must be made by weighing the businesses needs individually. XYZ will use a VPN as the primary, remote access network solution. Dial up networking will be available to the I. T. staff. According to Microsoft Corporation (2009) â€Å"A dial-up networking solution provides a secure data path over a circuit-switched connection, and it provides the convenience of direct dial-up connectivity to your network for mobile users†. This connection is terminated when the session is complete. â€Å"Microsoft Corporation (2009 further states that â€Å"In contrast, a VPN solution, by using the Internet as a connection medium, saves the cost of long-distance phone service and hardware costs†. A VPN uses the same protocols as the Internet and uses the backbones of the Internet for its infrastructure. â€Å"VPNS use a variety of security technologies, including tunneling, encryption, and authentication†. (Microsoft Corporation 2009) Using Dial-up Networking If dial up networking is used, a remote user calls a remote access server on the network. These dial up lines are a more private solution than a VPN, but the initial investment and continuing expenses are greater. These greater costs are as follows: †¢ Hardware purchase and installation. †¢ Monthly phone costs. †¢ Ongoing support. The following graphic represents a typical dial up remote access design [pic] Remote Access using a VPN A VPN network access solution allows users to connect to network over the Internet. These VPNS according to (Microsoft Corporation 2009) â€Å"use a combination of tunneling, authentication, and encryption technologies to create secure connections†. Microsoft Corporation (2009) further adds that â€Å"To ensure the highest level of security for a VPN deployment, use Layer Two Tunneling Protocol with Internet Protocol security (L2TP/IPSec)†. When organizations have extensive remote access requirements; they generally implement a VPN solution. A VPN will expenses by using existing Internet infrastructures. A VPN offers these two primary benefits: †¢ Reduced costs. †¢ Sufficient security. Figure  8. 4 shows an example of a simple VPN remote access networking design. The following is a generalized VPN Remote Access Design [pic] Flag as ContentBug pic] Many businesses find both beneficial and incorporate both access types within their structure. Both will allow a business or organization to operate in many geographic areas but function as one entity. XYZ Corporation will choose VPN due to the financial gains and the increased performance. Performance will be improved by reducing latency. Latency is caused by router s delay time. The VPN will operate over a VLAN. Network Business Applications All networking will be handled by Windows networking. We will use Cisco Switches and in those instances we will use their proprietary software. All data, graphic, and design programs will remain unchanged. Backup and Disaster Recovery What is the purpose of a Disaster Recovery Plan (DRP)? According to Axia College Week one reading Intro to IT Security (2007), â€Å"The disaster recovery plan (DRP) describes the exact steps and procedures†¦.. personnel, specifically the IT department, must follow in order to recover critical business systems in the event of a disaster†. Furthermore the main function of the â€Å"DRP is to identify the exact strategy for recovering those processes, specifically IT systems and services that are struck by a disaster. What are the key elements of a DRP? ? Shared site agreements allow companies with similar infrastructures and technology to share resources in the event of a disaster. ? Alternative sites are vendors that specifically offer back up functions in case of disasters. These alternative sites fall under the categories of hot site, cold site, or warm site. ? According to Axia College Week one reading Intro to IT Security (2007), â€Å"A hot-site facility assumes the entire burden of providing backup computing services for the customer. ? A cold site merely provides a location and utilities for a business to function in uring a disaster. This does not include an IT solution. ? A warm site is a compromise of the other two. There is a location, utilities and communications hookups. The business must bring work stations and do their own restoration from a back up. Five Methods of Testing a DRP? †¢ Walk-troughs: Members of the key business units meet to trace their steps through the plan, looking for omissions and inaccuracies. †¢ Simulations: During a practice session, critical personnel meet to perform a dry run of the emergency, mimicking the response to a true emergency as closely as possible. Checklists: A more passive type of testing, members of the key departments check off the tasks for which they are responsible and report on the accuracy of the checklist. This is typically a first step toward a more comprehensive test. †¢ Parallel testing: The backup processing occurs in parallel with production services that never stop. This is a familiar process for those who have installed complex computer systems that run in parallel with the existing production system until the new system proves to be stable. An example of this might be when a company installs a new payroll system: Until the new system is deemed ready for full cut-over, the two systems are operated in parallel. †¢ Full interruption: Also known as the true/false test, production systems are stopped as if a disaster had occurred to see how the backup services perform. They either work (true) or they fail (false) in which case the lesson learned can be as painful as a true disaster. Why does a DRP require testing? We must consider Murphy’s Law. Anything that can go wrong will. Unless the DRP is tested there are many things that can go wrong. Even with testing there may be glitches, but without testing there will certainly be failures. We must anticipate the things that can go wrong. The XYZ Plan XYZ will have a warm site setup. XYZ will conduct yearly walkthroughs of the DRP. They will have quarterly simulations to keep personnel vigilant. XYZ will conduct full interruption testing yearly and parallel testing quarterly. Business Continuity Plan 1. Identify the scope and boundaries of the business continuity plan while communicating the importance of such a plan throughout the organization. 2. Analysis of step 1 the BIA. The BIA measures the operating and financial loss to the organization resulting from a disruption to critical business functions. 3. Once the BIA is complete, those responsible for creating the plan must sell the concept of the BCP to key senior management and obtain organizational and financial commitment. 4. Once the BCP has gained the approval of upper management, each department will need to understand its role in the plan and support and help maintain it. This is an education step. 5. Now the BCP team must implement the plan. This includes the training, testing, and ongoing review and support of the BCP. BCP will utilize a hot site for emergency use. This site will have all data, buildings and equipment to continue operations. Physical Security Threats |Category |Specific Threat | |Weather | | | |Hurricane or tornado | |Fire/Chemical | | | |A train wreck carrying large amounts of chloride etc. |Earth Movement | | | |AN earth quake, mud slide or pyro-plastic flow | |Structural Failure | | | |A floor falling down on to another floor | |Energy | | | |A power outage or brown out | |Biological | | | |An outbreak of deadly avian flu, etc. | |Human |Cracking with malicious intent or a military coup | XYZ will use packet filtering routers and firewalls. According to Techexams. net (2009), These protect a network by only allowing approved packets to pass through the devices. The network administrator can limit the addresses that may communicate with the network. XYZ will keep all unused cables, access points, routers and similar devices in locked cabinets, preferably above the ceiling. All un used ports will be locked down. WIFI signal must not bleed out of the building. All laptops must have all data encrypted. These devices must have GPS location devices installed. They must be further configured with remote boot feature on. They further must be configured to give the Information Resources Manager remote access ability. These laptops must have Norton government wipe disk features installed so that in an emergency an administrator my remotely wipe the hard drive when it comes online. Sarbanes-Oxley (SOX) Act of 2002 There will be special access granted to executive level personnel. They will have access to all areas of the IT system that they have been trained to access. There will be a training schedule to allow these persons to learn and access any areas they need to as there knowledge grows. The Asset control manager will have access to logs and will be able to make periodic inspections to make certain that XYZ is in compliance with the Sarbanes-Oxley (SOX) Act of 2002. Section 404 of SOX requires that company executives and third-party auditors to certify the effectiveness of their technologies and processes in place to assure the integrity of financial reports. Complying with Section 404 means assuring that sensitive records are secure. The Statement on Auditing Standards (SAS) 70 is found useful in meeting these requirements. A SAS 70 is an auditing standard developed by the American Institute of Certified Public Accountants for service organizations. SAS 70 prescribes methods for an auditor to examine control activities. Management level security and executives will have access to all records that pertain to SOX at all times. U. S. government auditors and third party auditors are to have access as well. Data Backup and Disaster Recovery Planning XYZ will utilize a Vault Wise platform for a real time backup of information and systems. This platform was created to provide complete data protection and recovery solutions from application-aware backups(e. g. SQL server table-level, Exchange mailbox brick-level) to device block-level operations on in-service production hardware. This backup system will reside at a secondary location and receive real time mirroring information via the virtual private network. XYZ’S security, disaster recovery planning and implementation and data back up will be in good hands if this plan is diligently followed. As the business grows it will become necessary to review these procedures and policies to insure that XYZ remains resilient. XYZ Corporation will use the vendor Unitrend for Backup and Recovery. Unitrend is designed for small to medium businesses that â€Å"have the same critical reliance on the integrity of their data as enterprises, but often can’t afford the operational expenditure of a dedicated staff or the capital expenditure of replacing their IT infrastructure†. Unitrend (2009) Unitrends (2009) provides enterprise-level data protection, at the lowest total cost of ownership in the industry, through a family of scalable disk-based data protection appliances that integrate and protect existing heterogeneous computer and storage systems through a single, intuitive, graphical user interface. According to Unitrend 92009) this is what makes them stand out from the rest of the industry† †¢ Recovery-7 is Unitrends’ next-generation hardware platform, featuring our most powerful processors, 8GB of RAM, and advanced RAID architecture for maximum protection and flexibility. †¢ Up to 15TB of raw disk capacity; with standard in-line compression, this offers protection for as much as 30-60TB of user data. †¢ Effective cost-per-TB of as little as $500, significantly better than both other data backup appliances, and offerings from the best data deduplication vendors (Data Domain, FalconStor, Exagrid). Unitrends does not offer VMware and a SAN? The reason: †¢ There are almost always important servers â€Å"orphaned† from the SAN—systems running Novell or Solaris, for example—as well as desktop and laptop systems that need protection. These servers and user systems often contain critical data, and firms following best practices choose solutions that protect all the organization’s systems and data. †¢ Vmware and SAN do not protect against viruses. †¢ Unitrend does offer virus protection †¢ Unitrend offers backup and recovery for medium to small bus