Submitted By: Maheeka Jayasuriya (CB003346)

Submitted To: Mr. Balachandran Gnanasekaraiyar

Module Title and Code: CE00382-2 Hardware and Software Systems and Networks II

Intake Code: HF09B1SE

Assignment Title: Network Plan for ICT Resources Company

Date Assigned:

Date Due: 12 October 2010

th

Asia Pacific Institute of Information Technology

HSSN II

STUDENT DECLARATION
I hereby declare that, I understand what is meant by plagiarism The implication of plagiarism is known to me This project is all my work and I have acknowledged any use of the published or unpublished works of other people

--------------------------------Maheeka Jayasuriya CB003346 12.10.2010

Asia Pacific Institute of Information Technology

HSSN II

TABLE OF CONTENTS

LIST OF FIGURES ................................................................................................................... 4 LIST OF TABLES ..................................................................................................................... 5 EXECUTIVE SUMMARY ....................................................................................................... 6 BACKGROUND ....................................................................................................................... 7 PROBLEM ANALYSIS ............................................................................................................ 8 REQUIREMENTS SPECIFICATION ...................................................................................... 9 ASSUMPTIONS ...................................................................................................................... 10 TRANSMISSION MEDIA ...................................................................................................... 12 NETWORK TYPE AND TOPOLOGY .................................................................................. 14 INTERNET CONNECTION ................................................................................................... 15 CONNECT BRANCH OFFICES ............................................................................................ 16 VPN (VIRTUAL PRIVATE NETWORK) ..................................................................... 16 COMMUNICATION............................................................................................................... 16 VOIP (VOICE OVER IP) ................................................................................................ 16 SERVERS AND NETWORKING DEVICES ........................................................................ 18 FIREWALL ..................................................................................................................... 18 PROXY SERVER............................................................................................................ 18 FILE SERVER ................................................................................................................. 18 DATABASE SERVER .................................................................................................... 18 DHCP SERVER............................................................................................................... 19 DNS SERVER ................................................................................................................. 19 BACKUP SERVER ......................................................................................................... 19 WEB SERVER ................................................................................................................ 19

Asia Pacific Institute of Information Technology

HSSN II

MAIL SERVER ............................................................................................................... 19 PRINTER SERVER......................................................................................................... 19 ANTIVIRUS SERVER.................................................................................................... 19 VPN SERVER ................................................................................................................. 20 DC SERVER.................................................................................................................... 20 ROUTER.......................................................................................................................... 20 LOAD BALANCER ........................................................................................................ 20 BACKBONE SWITCH ................................................................................................... 20 LAYER 2 SWITCHES .................................................................................................... 20 SECURITY MEASURES........................................................................................................ 21 BACKUP MECHANISM ........................................................................................................ 21 NETWORK DESIGN .............................................................................................................. 22 GROUND FLOOR .............................................................................................................. 22 1ST FLOOR .......................................................................................................................... 23 SERVER ROOM ................................................................................................................. 24 2ND FLOOR.......................................................................................................................... 25 IP ADDRESSING................................................................................................................ 25 VLAN (Virtual Local Area Network).............................................................................. 25 OVERALL NETWORK DIAGRAM .................................................................................. 27 WAN .................................................................................................................................... 28 REFERENCES AND BIBLIOGRAPHY ................................................................................ 29 APPENDIX .............................................................................................................................. 31 GANTT CHART.................................................................................................................. 31

Asia Pacific Institute of Information Technology

HSSN II

LIST OF FIGURES
Figure 1: Transmission media categorization .......................................................................... 12 Figure 2: Client/server architecture.......................................................................................... 14 Figure 3: Star topology ............................................................................................................ 14 Figure 4: Server room network diagram .................................................................................. 24 Figure 5: WAN implementation .............................................................................................. 28

Asia Pacific Institute of Information Technology

HSSN II

LIST OF TABLES
Table 1: Comparison of transmission media for selection....................................................... 12 Table 2: Speed comparison ...................................................................................................... 12 Table 3: Categories of UTP cable ............................................................................................ 13 Table 4: Wi-Fi standards.......................................................................................................... 13 Table 5: IP Addressing............................................................................................................. 26

Asia Pacific Institute of Information Technology

HSSN II

EXECUTIVE SUMMARY
ICT Resources locally own a 3 storey building and has staffs of 40 members, which is expected to grow in future. The business is developed and spread out in 3 strategic locations throughout South East Asia. The business is already having local sales offices operating. There will be new offices also to be established in future at overseas locations that need to be incorporated in

the same network. The type of network topology needed within the office has to be determined. The types of computer and number of printers, audio devices, microphones, LCD projectors and multifunction peripherals needed should also be considered.

Asia Pacific Institute of Information Technology

HSSN II

BACKGROUND
The ICT Resources Malaysia Public Limited Company has been the only supplier of business equipment and office supplies of its kind in South East Asia. Being the only supplier the company did not have any need of making major investments into the business. But recently there has aroused a nationally recognized competitor with plans to put ICT Resources out of business. Therefore to respond to this matter they have decided to invest a substantia l amount of money for the companys development As the network consultant hired in this company, the network proposal for the company is presented below. The scenario and the problems and the proposed solutions for these problems followed by the network diagrams are presented in the following chapters.

Asia Pacific Institute of Information Technology

HSSN II

PROBLEM ANALYSIS
1. The network of the main office is to be distributed in the 3 storey building located locally.

2. It should provide network access to 35-40 staff members and also allow future increase in number 3. Save and share data of the transactions, and other operations carried out at the company. 4. Widen the business to reach new opportunities 5. The local retail sales offices have to be connected to the same network. 6. The networks of the 3 locations throughout South East Asia should be connected. 7. Allow future establishment of overseas offices that will incorporate the retail concept with local sales offices. 8. Identification of the peripherals needed.

Asia Pacific Institute of Information Technology

HSSN II

REQUIREMENTS SPECIFICATION
1. Estimate the number of access points needed and the number of extra access points that might be needed for future expansions.

2. The peripherals and the quantities needed to have to be estimated.

3. Identify a suitable network topology to be implemented within the office.

4. Authentications and restrictions for data sharing for different levels of requests made by different management levels.

5. Data sharing among the terminals connected within the office, among offices has to be secure, speed and also integrity of the data has to be maintained. Block unnecessary, irrelevant and insecure requests for the data and monitor the requests.

6. Determine the data backup mechanisms in all offices including the sales offices. 7. Implement a mechanism to keep track of the new opportunities and be updated to expand the business scope to answer the competition from other companies. Internet connection, website and email services implementation.

8. Sales offices local and overseas both, shall be easily connected to the company network any time required. Allow future expansions.

9. Communication should happen between the offices and sales offices throughout the business.

Asia Pacific Institute of Information Technology

HSSN II

ASSUMPTIONS
The company will agree to implement a website and an email system although it is mostly a marketing requirement and not a networking requirement. The network will be implemented to support this idea.

The overseas sales offices and local sales offices networks will be connected to the local head office.

Cost of implementing the network is not a concern. But, unnecessary costs have to be avoided. The business functional sectors are sales and marketing, administration and reception located on the ground floor; server room, ICT department, Finance department and conference room located on the 1st floor and research and development, human resources, operations departments and cafeteria on the 2nd floor.

Proxy server and the firewall will be configured based on the business rules. All departments are allowed to connect to the local and overseas sales offices with no exceptions. The company has a total of around 10 branches with 5 staff in each location. 1Mbps bandwidth is enough for each branch user to connect to the main office. Therefore 1 branch would require at least 12 Mbps bandwidth with 2Mbps extra for extensions. Therefore total of 120 Mbps peak bandwidth is required.

The Wi-Fi connectivity is also provided to non-staff users to connect to the internet. T3 carrier lines are provided by the ISP for the main office. Since branches do not require such a high bandwidth, T2 or T1 lines are implemented as it provides sufficient bandwidth and are also provided by the respective ISPs.

10

Asia Pacific Institute of Information Technology

HSSN II

In case of an emergency, Wi-Fi connection can be used to maintain the network. Wi-Fi connection is sufficient for this. Also all or most of the devices are Wi-Fi enabled.

11

Asia Pacific Institute of Information Technology

HSSN II

TRANSMISSION MEDIA

Figure 1: Transmission media categorization

Ease of installation and attenuation (only 3 storeys and therefore this distance is less) is not important in selecting a transmission media for this network. Security, extendibility and speed should be mainly considered.
Table 1: Comparison of transmission media for selection

Table 2: S peed comparison

Media Wireless Fiber Optic UTP STP Coaxial

Speed 2-6Mbps 100-2Gbps 4-10Gbps 16-155Mbps 10Mbps

(Anon,n.d.) Fiber optic is difficult to extend and is expensive. Coaxial have low speed and STP are difficult to extend and install when compared with UTP cable.

12

Asia Pacific Institute of Information Technology

Table 3: Categories of UTP cable

HSSN II

(Florida Centre for Instructional Technology College of Education, 2009) Cat6 is the best type of UTP cable because of the high speed. Cat6 cable is better than Cat5 and 5e because of its improved transmission performance and immunity for interferences. RJ 45 is the standard connector used for UTP cable. Cross-over UTP is used to connect similar devices and Straight UTP to connect different devices. Wi-Fi facility is also provided throughout the building. A single Wi-Fi antenna will be sufficient as the building is small. The reason to have a Wi-Fi connection is to connect peripheral devices to the network and as a backup option in case of an emergency.
Table 4: Wi-Fi standards

Out of the Wi-Fi standards above, 802.11a and 802.11b can be eliminated because if the less distance and speed respectively. 802.11n is the newest standard and is not still supported by most devices. Therefore 802.11g is best suitable for this network. It has a good speed as well as a sufficient propagation distance. Wireless connection will allow the outside users to simply browse the internet and the staff to connect to network as well. 13

Asia Pacific Institute of Information Technology

HSSN II

NETWORK TYPE AND TOPOLOGY

Out of the two types of networks, client/server and peer-to-peer; client/server network was chosen because it allows sharing resources over the network. The centralized concept makes it easy to monitor, backup, extend and also to maintain integrity of the data. The main advantage is that this network allows simultaneous requests to be managed easily.

Figure 2: Client/server architecture

Bus, ring, star, mesh and tree are the common network topologies. Out of these topologies, star topology was selected as suitable for this network (see figure below).

Figure 3: S tar topology

(Florida Centre for Instructional Technology College of Education, 2009) This topology was selected because it allows easy impleme ntation, maintenance and extending of the network. But a major disadvantage is that, this topology is expensive to implement.

14

Asia Pacific Institute of Information Technology

HSSN II

INTERNET CONNECTION
Internet connection is needed to run the web server, mail server and the VPN server. Apart from these mandatory needs, the staffs need to browse the internet. Speed is the main consideration when choosing the connection. Dial- up, ADSL, T-Carrier line (T1, T2, T3) are some of the connectivity types available. Dial- up is not a very good option mainly because of its low speed and inconsistent connection. ADSL provides a dedicated connection and the variety of speed and cost choices to be chosen from. But, it has some limitations of signals depending on the distance from the ISP because of attenuation. T-carrier line is a connection with high bandwidth. T1 line has 1.544Mbps, T2 has 6Mbps bandwidth and T3 has 44.736mbps bandwidth. According to the assumption a bandwidth of 100Mbps is required. Therefore the best option is to have three T3 connections which will provide roughly a bandwidth of 132Mbps. The best advantage of using a T-Carrier is that it can be configured to carry both data and voice signals as needed. (Kioskea,n.d.) A static public IP block is purchased from the ISP for the main office.

15

Asia Pacific Institute of Information Technology

HSSN II

CONNECT BRANCH OFFICES

The main buildings LAN needs to be connected to the LANs of other local and overseas sales offices. Wireless, ADSL, VPN and Leased Line connections can be used for this. Since all the buildings are not located close by, wireless connection is not suitable. Connecting using ADSL or leased lines via routers configured to connect the LANS is another option. Leased lines are faster than ADSL because it has a direct and a dedicated connection. However, this is also not a good option because distant locations will be expensive to be connected in this method. The advantage of using VPN is that it reduces the implementation cost since a physical path need not be created. It is also a secure, scalable technology. VPN (VIRTUAL PRIVATE NETWORK) VPN allows the organization to be virtually available on a different location and possible to be accessed privately by those who are authorized. VPN requires an internet connection to function. Establishing virtual connection between the LANs is VPN tunnelling.

COMMUNICATION
To communicate inside the main office and among the offices (voice) normal telephones can be used. But this communication is expensive when compared with the other option readily available, VOIP. VOIP (VOICE OVER IP) VOIP is a less expensive and easy to implement technology over the existing network. It is effective in this network because long distance calls are needed frequently on this business. VOIP is also capable to conduct web conferences with distant offices, assuming that necessary technology is implemented in those locations. Other peripherals required for this communication should also be made available. IP PBX is the device used to implement VOIP technology. This has a SIP server which is used to setup calls and send them over the network. IP phones can directly connect to the IP PBX to get VOIP calls.

16

Asia Pacific Institute of Information Technology

HSSN II

17

Asia Pacific Institute of Information Technology

HSSN II

SERVERS AND NETWORKING DEVICES

FIREWALL Firewall is a mandatory requirement of a network mainly to protect company confidential data and avoid network hijack. (Bright Hub Inc., 2010) Firewall can be hardware or software. Hardware firewall is capable of protecting a LAN at once where as software firewall is that it should be installed individually on each computer and configured. Therefore, hardware firewall was chosen for this network although it is expensive, complicated and requires trained staff to maintain. PROXY SERVER Proxy server is needed to reduce network traffic by caching pages or files frequently used and to filter web requests by configuring the proxy server to block certain websites depending on business policies. (Whatismyipaddress,2010) FILE SERVER File server,

takes the responsibility of storing and managing data files to allow sharing handles the file requests and sends them over the network acts as a remote hard disk drive for other computers to store files on the network helps to make quick and reliable backups

DATABASE SERVER The database server is needed to, Store, retrieve and manipulate data. To search, sort, index the data, to reduce network traffic Provide security because of it being located centrally Allow concurrent access to data

(eUKhost LTD,2010)

18

Asia Pacific Institute of Information Technology DHCP SERVER

HSSN II

Out of static and dynamic IP addressing methods, dynamic IP was chosen because this method allows easy extending of the network. Since this is a time consuming task to be manually, DHCP server is used. (Vicomsoft Ltd, 2010) The DHCP server allows the automatic configuration of the network and monitoring in the dynamic IP concept. Since the IPs for the hosts comes from a pool of IP, the IPs will not be wasted as it will be provided for a lease time. In case of an addition or removal of a new host, it will require only the DHCP server to be updated. DNS SERVER DNS server identifies the IP addresses of the names of the hosts being requested. BACKUP SERVER This server is needed to keep back up of the data stored in the network. This server should be large enough to store the data been backed up. WEB SERVER This server is needed to host the company website. It will respond to all http requests for the website. MAIL SERVER Mail server is responsible for sending and receiving emails. It also can be configured to block certain IPs that sends spam. Mail server uses SMTP protocol to deliver email to the recipients mail server and POP3 is used to access mails and download messages. PRINTER SERVER Print server is needed because the printers are not dedicated for the computers. With the use of this server, any number of computers can share the printers. The print jobs will be queued in the server when print requests arrive. ANTIVIRUS SERVER Internet and email might cause malicious programs to enter the network and if it happens, it affects the whole network. Therefore antivirus guard is mandatory. Without having guards separately on individual machines, which requires a lot of bandwidth for updating, it is better to have an antivirus server. This server updates its antivirus and locally updates the client machines. 19

Asia Pacific Institute of Information Technology VPN SERVER

HSSN II

VPN server authenticates the VPN clients attempting to make the connection. It verifies whether the client has the required permissions and if so, it allows the connection to be established. DC SERVER Domain is a logical group of devices. These domains can be controlled by the DC Server. Active Directory is included in the domain controller. It is the database that stores users details and domain details. ROUTER The router will have a built in NAT mechanism embedded to convert private address to public address and vice versa. It will also have a built in CSU/DSU to convert data frames used in LAN to a frame that suits WAN or internet, and vice versa. LOAD BALANCER Load balancer is used to distribute IP traffic over multiple servers. The need to have a load balancer is to improve the performance of the servers by optimal utilization. It is importa nt to have a load balancer in this network because the amount of requests varies always and cannot be predetermined. BACKBONE SWITCH The backbone switch is a layer 3 switch with 24 ports. The reason to select a layer 3 switch is because they are capable of performing routing on all the ports at a high speed. The servers, internet connection other layer 2 switches all are connected to this switch. This switch can also be configured to support VLAN that contributes in improving network security. LAYER 2 SWITCHES Layer 2 manageable switches will be connecting nodes in the network. The connection to these switches initiates from the layer 3 backbone switch. The nodes of the network will be connected in star topology to this switch. Similarly these switches will be connected to the layer 3 backbone switch.

20

Asia Pacific Institute of Information Technology

HSSN II

SECURITY MEASURES
IPSec (Internet Protocol Security) is the protocol used in VPN connection. This protocol ensures confidentiality and authentication by encapsulating the original IP

packet containing security headers and authentication information in a new IP packet. Wireless transmission uses WPA (Wi-Fi Protected Access) protocol. This protocol authenticates the network with a PSK (Pre-Shared Key) protocol which is difficult to be extracted from packets. However, the network security completely depends on the

PSK. Firewall and proxy server protects network from serving and requesting unauthorized requests Anti- virus server protects the network from malicious attacks. The departments are divided into VLANs that prevents unauthorized access. Domains are created for the network users with different privileges and users need to provide authentication details to connect to the network. Filtering the Wi-Fi connection for outside users and staff users is done by their Mac addresses they use to connect.

BACKUP MECHANISM
The internet connection is provided to the network in three T3 lines from two different ISPs. Therefore even if one ISP fails, still the network can function although

with limitations. Backups of the system will be scheduled to be taken in 3 locations. At the main office, at a local sales office and an overseas sales office. Wi-Fi connection can be established in the network devices in case of a failure in cabling or switches.

21

Asia Pacific Institute of Information Technology

HSSN II

NETWORK DESIGN

GROUND FLOOR
Administration
IP Phone IP Phone IP Phone LO-AD-IP2 LO-AD-IP1 LO-AD-IP3 Ethernet Printer L0-AD-PR1 Ethernet Printer L0-AD-PR2 L0-AD-PC1

L0-AD-PC2

Reception

L0-AD-PC3 L0-RC-IP1 Ethernet Printer L0-AD-PR3 L0-RC-PR1

L20-S2

L0-RC-PC1

L20-S1

L0-SM-PC1

From Layer 3 Backbone Switch

L0-SM-PC2 IP Phone L0-SM-IP3 L0-SM-PC3 IP Phone IP Phone IP Phone L0-SM-IP1 L0-SM-IP4 L0-SM-IP2

L0-SM-PC4

Sales and Marketing

L0-SM-PC5

IP Phone IP Phone IP Phone L0-SM-IP5 L0-SM-IP7 L0-SM-IP6

L0-SM-PC6 IP Phone L0-SM-IP9 IP Phone Ethernet Printer Ethernet Printer L0-SM-IP8 L0-SM-PC10 L0-SM-PR1 L0-SM-PR2 IP Phone L0-SM-IP10

L0-SM-PC7

L0-SM-PC8 L0-SM-PC9

Figure 4: Ground floor network diagram

Above is the network diagram for ground floor. The terminals are connected to the layer 2 switches in star topology. This floor has the sales and marketing department, the administration and the reception. The reason to have these departments in this floor is because these are the departments that the customers interact mostly and therefore it is 22

Asia Pacific Institute of Information Technology

HSSN II

important that they are located in an easy location. Both the switches in these floors are layer 2 - 24 ports. Therefore there are 48 ports as a whole in this floor. These switches get access to network through the layer 3 backbone switch in the server room. Wi-Fi facility will also be available for the outside users (customers) as the router is located in the 1st floor. Although in the diagram, the switches seems to be dedicated for the departments, it is not so. The VLAN technology allows any device from any department to connect to any switch. Therefore extending the network is not limited by the switches. The peripherals in each department are estimated to suit the business functionalities, all the printers and PCs are directly connected to the network.

1S T FLOOR
Finance
IP Phone Ethernet Printer L1-FI-IP1 IP Phone L1-FI-IP2 L1-FI-PR1 IP Phone L1-FI-IP3

L1-FI-PC5

L1-FI-PC4

IP Phone L1-FI-IP4 L1-FI-PC3 IP Phone L1-FI-IP5 LCD Projector Web-Camera

Conference Room

Speaker

L1-FI-PC2

IP Phone L1-CR-IP1

Microphone

L1-CR-PC1 L21-S2 L1-FI-PC1

L21-S1

Server Room

L31-S1 L1-IT-PC1

L1-IT-PC2

L1-IT-PC3

ICT
L1-IT-PC4 L1-IT-PC5

IP phone L1-IT-IP1 IP phone L1-IT-IP2 IP phone L1-IT-IP3 IP phone IP phone L1-IT-IP4 Ethernet Printer L1-IT-IP5 L1-IT-PR1

Wi-Fi Router ICT_wifi

Figure 5: 1st floor network diagram

23

Asia Pacific Institute of Information Technology

HSSN II

This is the network diagram for the 1st floor. This floor has the server room, ICT department, conference room and the finance department. Server room is the most important location of the whole network and will be discussed separately. This is also similar to the ground floor network. The same mechanisms are used in this floor as well. The terminals are connected to layer 2 switches with 24 ports each. Conference is where all the voice and video conferences occur between various parties. Therefore, projectors, web cameras, speakers, microphones that are needed for this communication, are deployed in this room. These devices are connected to the PC in this room and are not connected to the network as it is not necessary. Also these devices can be removed and plugged into any other device, especially laptops. Since external parties often visit this location it is important to provide them with Wi-Fi facilities. This floor has the Wi-Fi router that is directly connected to the layer 3 backbone switch. It is important to have the Wi-Fi router in this floor because then it will be able to cover the whole building since this is the middle storey. Another reason is that most external devices that needs web communication are connected from this floor using Wi-Fi connection. Having the Wi-Fi router in this floor provides maximum bandwidth for these users.

SERVER ROOM
To Layer 2 switches From ISP

Layer 3 Backbone Switch L31-S1

Wi-Fi Router ICT_wifi

DNS Server dnsserver

DHCP Server dhcpserver

VPN Server Mail server Database server Web server Anti-Virus Server databaseserver vpnserver mailserver webserver antivirusserver mail.ictresources.com www.ictresources.com

Print server printserver

Proxy server proxyserver

Backup server backupserver

File server fileserver

DC Server dcserver

SIP Server sipserver

Figure 4: Server room network diagram

The servers located in this room are discussed in the above chapters. All these servers are directly connected to the layer3 backbone switch. The reason is to provide highest possible bandwidth and quick access as all the requests passes through these servers. The layer 3 switch is a 24 port switch. Therefore this switch is enough for future expansions of the network as well. The layer3 switch will be configured to direct the traffic to the relevant

24

Asia Pacific Institute of Information Technology

HSSN II

servers as required. This is another reason to connect the servers directly to the layer3 backbone switch.

2ND FLOOR
Research and Development
L3-OP-PC1 Ethernet Printer L3-OP-PR1 L3-RD-PC5 L3-RD-PC4 L3-RD-PC3 L3-RD-PC6 Ethernet Printer L3-RD-PR1

L3-OP-PC3 L3-OP-PC4

L3-OP-PC2

IP phone L3-RD-IP1

L3-RD-PC2

Operations

L3-OP-PC5

IP phone L3-RD-IP2

IP phone L3-OP-IP1 L3-RD-PC1 IP phone L3-OP-IP2 L22-S1

IP phone L3-RD-IP3

IP phone L3-RD-IP4

IP phone L3-OP-IP3

L22-S2

IP phone L3-OP-IP4 IP phone L3-OP-IP5

IP phone L3-RD-IP5

IP phone L3-RD-IP6

IP phone L3-HR-IP5 L3-HR-PC1 IP phone L3-HR-IP4

From Layer 3 Backbone Switch

L3-HR-PC2

Human Resources

L3-HR-PC3 Ethernet Printer L3-HR-PR1

IP phone L3-HR-IP1 L3-HR-PC4 L3-HR-PC5

IP phone L3-HR-IP3 IP phone L3-HR-IP2

Figure 6: 2nd floor network diagram

This floor is also similar to any other floor. It only has departments that require basic facilities. No complex or new network implementations are available in this floor. The switches used in this floor are also layer 2 24 port switches.

IP ADDRESSING
VLAN (Virtual Local Area Network) Employees work in different departments and therefore Employers have different groups and those groups have different privileges and security expectations. To this employers should be assigned to different LANs. This LAN consists with users from head office and also with remote users. Sometimes local users login to this

25

Asia Pacific Institute of Information Technology

HSSN II

private network from outside the head office. What ever happened they should belongs to same LAN. To enable this we are using VLAN concept. Each VLAN is created on layer 3 switch using IPs. This Layer 3 should be configured to support VLAN.

Table 5: IP Addressing

VLAN 1 2 3 4 5 6 7 8 9 10

Network Wi-Fi router Sales and Marketing Server Room ICT Department Research and Development Finance HR Department Operations Reception Conference Room

Hosts 32 32 16 16 16 16 16 16 4 4

Start IP 192.168.22.0/27 192.168.22.32/27 192.168.22.64/28 192.168.22.80/28 192.168.22.96/28 192.168.22.112/28 192.168.22.128/28 192.168.22.144/28 192.168.22.160/30 192.168.22.164/30

End IP 192.168.22.31/27 192.168.22.63/27 192.168.22.79/28 192.168.22.95/28 192.168.22.111/28 192.168.22.127/28 192.168.22.143/28 192.168.22.159/28 192.168.22.163/30 192,168.22.167/30

The number of hosts was decided with extra access points to allow network scalability.

26

Asia Pacific Institute of Information Technology

HSSN II

OVERALL NETWORK DIAGRAM

ISP 1 ISP 2 T3 line 44 Mbps T3 line 44 Mbps T3 line 44 Mbps Layer 2 switch Ground Floor L20-S2 Layer 2 switch Ground Floor L20-S1

Router Router Router

Layer 2 switch 1st Floor L21-S1

Load Balancer Layer 2 switch 1st Floor L21-S2 Firewall firewall Layer 2 switch 2nd Floor L22-S2

Layer 3 Backbone Switch L31-S1

Layer 2 switch 2nd Floor L22-S1 Wi-Fi Router ICT_wifi

DNS Server dnsserver

DHCP Server dhcpserver

VPN Server Mail server Database server Web server Anti-Virus Server databaseserver vpnserver mailserver webserver antivirusserver mail.ictresources.com www.ictresources.com

Print server printserver

Proxy server proxyserver

Backup server backupserver

File server fileserver

DC Server dcserver

SIP Server sipserver

Figure 7: Overall network diagram

Above is the overall network diagram. There are three T-3 carrier lines coming from two different ISPs through the routers. These connections pass through the load balancer and filters through the firewall before it reaches the LAN. The firewall directly connects to the layer 3 backbone switch which connects all the servers and other secondary switches. The devices used are described in the above chapters.

27

Asia Pacific Institute of Information Technology

HSSN II

WAN

Main Office Sales Office 1

lin e
l T3 i ne

Overseas Sales Office 3

T2 /T 1

li n

Sales Office 2
T2/ T1 line

Internet
li /T1 T2 ne
T2 /T 1

T2 /T 1

lin

Overseas Sales Office 1

Overseas Sales Office 2

Figure 5: WAN implementation

This figure shows the WAN network. The branches are connected via VPN tunnels using internet. The main branch uses high bandwidth T-3 lines. Simple ADSL connection might be sufficient for the branch offices to connect to the internet, but the 2 branches which keep backups of the central database might need to have a T1 or T2 line. Detailed de scription of the VPN technology implemented to achieve this connectivity is available in the previous chapters,

28

Asia Pacific Institute of Information Technology

HSSN II

REFERENCES AND BIBLIOGRAPHY

Anon.,(n.d.)Transmission

Media,[online]

available

from

http://www.cs.nott.ac.uk/~mvr/G6DINC/2TransMedia.pdf [Accessed: 28th September 2010]

Anon.,(n.d.),Wireless

Media,[online]

available

from

http://www.comptechdoc.org/independent/networking/cert/netwireless.html [Accessed 28th September 2010]

Florida Centre for Instructional Technology College of Education, (2009),Cabling [online] available from http://fcit.usf.edu/network/chap4/chap4.htm [Accessed on 29th September 2010]

Kioskia,(n.d.),

Leased

Lines

T1,T2,T3,[online]

available

from

http://en.kioskea.net/contents/technologies/tx.php3 [accessed on 03rd October 2010]

Bright Hub

Inc.,(2010) , Why do

we need

firewall,

[online] available from

http://whatismyipaddress.com/proxy-server [accessed on: 5th October 2010]

What

ismyipaddress,(2010),What

is

proxy

server,

[online]

available

from

http://whatismyipaddress.com/proxy-server, [accessed on: 05th October 2010]

eUKhost

LTD(2010),

Database

server,[online]

available

from

http://blog.eukhost.com/webhosting/database-server/, [accessed on: 06th October 2010]

29

Asia Pacific Institute of Information Technology

HSSN II

Vicomsoft

Ltd,(

2010),DHCP.[online]

available

from

http://www.vicomsoft.com/knowledge/reference/dhcp1.html#5 [ accessed 0n: 06th October 2010]

Anoon.,(n.d.),

IPSec

Introduction,[online]

available

from

http://www.comptechdoc.org/independent/security/vpn/vpnipsecintro.html[ accessed on: 09th October 2010]

30

Asia Pacific Institute of Information Technology

HSSN II

APPENDIX
GANTT CHART

31