Documente Academic
Documente Profesional
Documente Cultură
Module Title and Code: CE00382-2 Hardware and Software Systems and Networks II
Date Assigned:
HSSN II
STUDENT DECLARATION
I hereby declare that, I understand what is meant by plagiarism The implication of plagiarism is known to me This project is all my work and I have acknowledged any use of the published or unpublished works of other people
HSSN II
TABLE OF CONTENTS
LIST OF FIGURES ................................................................................................................... 4 LIST OF TABLES ..................................................................................................................... 5 EXECUTIVE SUMMARY ....................................................................................................... 6 BACKGROUND ....................................................................................................................... 7 PROBLEM ANALYSIS ............................................................................................................ 8 REQUIREMENTS SPECIFICATION ...................................................................................... 9 ASSUMPTIONS ...................................................................................................................... 10 TRANSMISSION MEDIA ...................................................................................................... 12 NETWORK TYPE AND TOPOLOGY .................................................................................. 14 INTERNET CONNECTION ................................................................................................... 15 CONNECT BRANCH OFFICES ............................................................................................ 16 VPN (VIRTUAL PRIVATE NETWORK) ..................................................................... 16 COMMUNICATION............................................................................................................... 16 VOIP (VOICE OVER IP) ................................................................................................ 16 SERVERS AND NETWORKING DEVICES ........................................................................ 18 FIREWALL ..................................................................................................................... 18 PROXY SERVER............................................................................................................ 18 FILE SERVER ................................................................................................................. 18 DATABASE SERVER .................................................................................................... 18 DHCP SERVER............................................................................................................... 19 DNS SERVER ................................................................................................................. 19 BACKUP SERVER ......................................................................................................... 19 WEB SERVER ................................................................................................................ 19
HSSN II
MAIL SERVER ............................................................................................................... 19 PRINTER SERVER......................................................................................................... 19 ANTIVIRUS SERVER.................................................................................................... 19 VPN SERVER ................................................................................................................. 20 DC SERVER.................................................................................................................... 20 ROUTER.......................................................................................................................... 20 LOAD BALANCER ........................................................................................................ 20 BACKBONE SWITCH ................................................................................................... 20 LAYER 2 SWITCHES .................................................................................................... 20 SECURITY MEASURES........................................................................................................ 21 BACKUP MECHANISM ........................................................................................................ 21 NETWORK DESIGN .............................................................................................................. 22 GROUND FLOOR .............................................................................................................. 22 1ST FLOOR .......................................................................................................................... 23 SERVER ROOM ................................................................................................................. 24 2ND FLOOR.......................................................................................................................... 25 IP ADDRESSING................................................................................................................ 25 VLAN (Virtual Local Area Network).............................................................................. 25 OVERALL NETWORK DIAGRAM .................................................................................. 27 WAN .................................................................................................................................... 28 REFERENCES AND BIBLIOGRAPHY ................................................................................ 29 APPENDIX .............................................................................................................................. 31 GANTT CHART.................................................................................................................. 31
HSSN II
LIST OF FIGURES
Figure 1: Transmission media categorization .......................................................................... 12 Figure 2: Client/server architecture.......................................................................................... 14 Figure 3: Star topology ............................................................................................................ 14 Figure 4: Server room network diagram .................................................................................. 24 Figure 5: WAN implementation .............................................................................................. 28
HSSN II
LIST OF TABLES
Table 1: Comparison of transmission media for selection....................................................... 12 Table 2: Speed comparison ...................................................................................................... 12 Table 3: Categories of UTP cable ............................................................................................ 13 Table 4: Wi-Fi standards.......................................................................................................... 13 Table 5: IP Addressing............................................................................................................. 26
HSSN II
EXECUTIVE SUMMARY
ICT Resources locally own a 3 storey building and has staffs of 40 members, which is expected to grow in future. The business is developed and spread out in 3 strategic locations throughout South East Asia. The business is already having local sales offices operating. There will be new offices also to be established in future at overseas locations that need to be incorporated in
the same network. The type of network topology needed within the office has to be determined. The types of computer and number of printers, audio devices, microphones, LCD projectors and multifunction peripherals needed should also be considered.
HSSN II
BACKGROUND
The ICT Resources Malaysia Public Limited Company has been the only supplier of business equipment and office supplies of its kind in South East Asia. Being the only supplier the company did not have any need of making major investments into the business. But recently there has aroused a nationally recognized competitor with plans to put ICT Resources out of business. Therefore to respond to this matter they have decided to invest a substantia l amount of money for the companys development As the network consultant hired in this company, the network proposal for the company is presented below. The scenario and the problems and the proposed solutions for these problems followed by the network diagrams are presented in the following chapters.
HSSN II
PROBLEM ANALYSIS
1. The network of the main office is to be distributed in the 3 storey building located locally.
2. It should provide network access to 35-40 staff members and also allow future increase in number 3. Save and share data of the transactions, and other operations carried out at the company. 4. Widen the business to reach new opportunities 5. The local retail sales offices have to be connected to the same network. 6. The networks of the 3 locations throughout South East Asia should be connected. 7. Allow future establishment of overseas offices that will incorporate the retail concept with local sales offices. 8. Identification of the peripherals needed.
HSSN II
REQUIREMENTS SPECIFICATION
1. Estimate the number of access points needed and the number of extra access points that might be needed for future expansions.
4. Authentications and restrictions for data sharing for different levels of requests made by different management levels.
5. Data sharing among the terminals connected within the office, among offices has to be secure, speed and also integrity of the data has to be maintained. Block unnecessary, irrelevant and insecure requests for the data and monitor the requests.
6. Determine the data backup mechanisms in all offices including the sales offices. 7. Implement a mechanism to keep track of the new opportunities and be updated to expand the business scope to answer the competition from other companies. Internet connection, website and email services implementation.
8. Sales offices local and overseas both, shall be easily connected to the company network any time required. Allow future expansions.
9. Communication should happen between the offices and sales offices throughout the business.
HSSN II
ASSUMPTIONS
The company will agree to implement a website and an email system although it is mostly a marketing requirement and not a networking requirement. The network will be implemented to support this idea.
The overseas sales offices and local sales offices networks will be connected to the local head office.
Cost of implementing the network is not a concern. But, unnecessary costs have to be avoided. The business functional sectors are sales and marketing, administration and reception located on the ground floor; server room, ICT department, Finance department and conference room located on the 1st floor and research and development, human resources, operations departments and cafeteria on the 2nd floor.
Proxy server and the firewall will be configured based on the business rules. All departments are allowed to connect to the local and overseas sales offices with no exceptions. The company has a total of around 10 branches with 5 staff in each location. 1Mbps bandwidth is enough for each branch user to connect to the main office. Therefore 1 branch would require at least 12 Mbps bandwidth with 2Mbps extra for extensions. Therefore total of 120 Mbps peak bandwidth is required.
The Wi-Fi connectivity is also provided to non-staff users to connect to the internet. T3 carrier lines are provided by the ISP for the main office. Since branches do not require such a high bandwidth, T2 or T1 lines are implemented as it provides sufficient bandwidth and are also provided by the respective ISPs.
10
HSSN II
In case of an emergency, Wi-Fi connection can be used to maintain the network. Wi-Fi connection is sufficient for this. Also all or most of the devices are Wi-Fi enabled.
11
HSSN II
TRANSMISSION MEDIA
Ease of installation and attenuation (only 3 storeys and therefore this distance is less) is not important in selecting a transmission media for this network. Security, extendibility and speed should be mainly considered.
Table 1: Comparison of transmission media for selection
(Anon,n.d.) Fiber optic is difficult to extend and is expensive. Coaxial have low speed and STP are difficult to extend and install when compared with UTP cable.
12
HSSN II
(Florida Centre for Instructional Technology College of Education, 2009) Cat6 is the best type of UTP cable because of the high speed. Cat6 cable is better than Cat5 and 5e because of its improved transmission performance and immunity for interferences. RJ 45 is the standard connector used for UTP cable. Cross-over UTP is used to connect similar devices and Straight UTP to connect different devices. Wi-Fi facility is also provided throughout the building. A single Wi-Fi antenna will be sufficient as the building is small. The reason to have a Wi-Fi connection is to connect peripheral devices to the network and as a backup option in case of an emergency.
Table 4: Wi-Fi standards
Out of the Wi-Fi standards above, 802.11a and 802.11b can be eliminated because if the less distance and speed respectively. 802.11n is the newest standard and is not still supported by most devices. Therefore 802.11g is best suitable for this network. It has a good speed as well as a sufficient propagation distance. Wireless connection will allow the outside users to simply browse the internet and the staff to connect to network as well. 13
HSSN II
Bus, ring, star, mesh and tree are the common network topologies. Out of these topologies, star topology was selected as suitable for this network (see figure below).
(Florida Centre for Instructional Technology College of Education, 2009) This topology was selected because it allows easy impleme ntation, maintenance and extending of the network. But a major disadvantage is that, this topology is expensive to implement.
14
HSSN II
INTERNET CONNECTION
Internet connection is needed to run the web server, mail server and the VPN server. Apart from these mandatory needs, the staffs need to browse the internet. Speed is the main consideration when choosing the connection. Dial- up, ADSL, T-Carrier line (T1, T2, T3) are some of the connectivity types available. Dial- up is not a very good option mainly because of its low speed and inconsistent connection. ADSL provides a dedicated connection and the variety of speed and cost choices to be chosen from. But, it has some limitations of signals depending on the distance from the ISP because of attenuation. T-carrier line is a connection with high bandwidth. T1 line has 1.544Mbps, T2 has 6Mbps bandwidth and T3 has 44.736mbps bandwidth. According to the assumption a bandwidth of 100Mbps is required. Therefore the best option is to have three T3 connections which will provide roughly a bandwidth of 132Mbps. The best advantage of using a T-Carrier is that it can be configured to carry both data and voice signals as needed. (Kioskea,n.d.) A static public IP block is purchased from the ISP for the main office.
15
HSSN II
COMMUNICATION
To communicate inside the main office and among the offices (voice) normal telephones can be used. But this communication is expensive when compared with the other option readily available, VOIP. VOIP (VOICE OVER IP) VOIP is a less expensive and easy to implement technology over the existing network. It is effective in this network because long distance calls are needed frequently on this business. VOIP is also capable to conduct web conferences with distant offices, assuming that necessary technology is implemented in those locations. Other peripherals required for this communication should also be made available. IP PBX is the device used to implement VOIP technology. This has a SIP server which is used to setup calls and send them over the network. IP phones can directly connect to the IP PBX to get VOIP calls.
16
HSSN II
17
HSSN II
takes the responsibility of storing and managing data files to allow sharing handles the file requests and sends them over the network acts as a remote hard disk drive for other computers to store files on the network helps to make quick and reliable backups
DATABASE SERVER The database server is needed to, Store, retrieve and manipulate data. To search, sort, index the data, to reduce network traffic Provide security because of it being located centrally Allow concurrent access to data
(eUKhost LTD,2010)
18
HSSN II
Out of static and dynamic IP addressing methods, dynamic IP was chosen because this method allows easy extending of the network. Since this is a time consuming task to be manually, DHCP server is used. (Vicomsoft Ltd, 2010) The DHCP server allows the automatic configuration of the network and monitoring in the dynamic IP concept. Since the IPs for the hosts comes from a pool of IP, the IPs will not be wasted as it will be provided for a lease time. In case of an addition or removal of a new host, it will require only the DHCP server to be updated. DNS SERVER DNS server identifies the IP addresses of the names of the hosts being requested. BACKUP SERVER This server is needed to keep back up of the data stored in the network. This server should be large enough to store the data been backed up. WEB SERVER This server is needed to host the company website. It will respond to all http requests for the website. MAIL SERVER Mail server is responsible for sending and receiving emails. It also can be configured to block certain IPs that sends spam. Mail server uses SMTP protocol to deliver email to the recipients mail server and POP3 is used to access mails and download messages. PRINTER SERVER Print server is needed because the printers are not dedicated for the computers. With the use of this server, any number of computers can share the printers. The print jobs will be queued in the server when print requests arrive. ANTIVIRUS SERVER Internet and email might cause malicious programs to enter the network and if it happens, it affects the whole network. Therefore antivirus guard is mandatory. Without having guards separately on individual machines, which requires a lot of bandwidth for updating, it is better to have an antivirus server. This server updates its antivirus and locally updates the client machines. 19
HSSN II
VPN server authenticates the VPN clients attempting to make the connection. It verifies whether the client has the required permissions and if so, it allows the connection to be established. DC SERVER Domain is a logical group of devices. These domains can be controlled by the DC Server. Active Directory is included in the domain controller. It is the database that stores users details and domain details. ROUTER The router will have a built in NAT mechanism embedded to convert private address to public address and vice versa. It will also have a built in CSU/DSU to convert data frames used in LAN to a frame that suits WAN or internet, and vice versa. LOAD BALANCER Load balancer is used to distribute IP traffic over multiple servers. The need to have a load balancer is to improve the performance of the servers by optimal utilization. It is importa nt to have a load balancer in this network because the amount of requests varies always and cannot be predetermined. BACKBONE SWITCH The backbone switch is a layer 3 switch with 24 ports. The reason to select a layer 3 switch is because they are capable of performing routing on all the ports at a high speed. The servers, internet connection other layer 2 switches all are connected to this switch. This switch can also be configured to support VLAN that contributes in improving network security. LAYER 2 SWITCHES Layer 2 manageable switches will be connecting nodes in the network. The connection to these switches initiates from the layer 3 backbone switch. The nodes of the network will be connected in star topology to this switch. Similarly these switches will be connected to the layer 3 backbone switch.
20
HSSN II
SECURITY MEASURES
IPSec (Internet Protocol Security) is the protocol used in VPN connection. This protocol ensures confidentiality and authentication by encapsulating the original IP
packet containing security headers and authentication information in a new IP packet. Wireless transmission uses WPA (Wi-Fi Protected Access) protocol. This protocol authenticates the network with a PSK (Pre-Shared Key) protocol which is difficult to be extracted from packets. However, the network security completely depends on the
PSK. Firewall and proxy server protects network from serving and requesting unauthorized requests Anti- virus server protects the network from malicious attacks. The departments are divided into VLANs that prevents unauthorized access. Domains are created for the network users with different privileges and users need to provide authentication details to connect to the network. Filtering the Wi-Fi connection for outside users and staff users is done by their Mac addresses they use to connect.
BACKUP MECHANISM
The internet connection is provided to the network in three T3 lines from two different ISPs. Therefore even if one ISP fails, still the network can function although
with limitations. Backups of the system will be scheduled to be taken in 3 locations. At the main office, at a local sales office and an overseas sales office. Wi-Fi connection can be established in the network devices in case of a failure in cabling or switches.
21
HSSN II
NETWORK DESIGN
GROUND FLOOR
Administration
IP Phone IP Phone IP Phone LO-AD-IP2 LO-AD-IP1 LO-AD-IP3 Ethernet Printer L0-AD-PR1 Ethernet Printer L0-AD-PR2 L0-AD-PC1
L0-AD-PC2
Reception
L20-S2
L0-RC-PC1
L20-S1
L0-SM-PC1
L0-SM-PC2 IP Phone L0-SM-IP3 L0-SM-PC3 IP Phone IP Phone IP Phone L0-SM-IP1 L0-SM-IP4 L0-SM-IP2
L0-SM-PC4
L0-SM-PC5
L0-SM-PC6 IP Phone L0-SM-IP9 IP Phone Ethernet Printer Ethernet Printer L0-SM-IP8 L0-SM-PC10 L0-SM-PR1 L0-SM-PR2 IP Phone L0-SM-IP10
L0-SM-PC7
L0-SM-PC8 L0-SM-PC9
Above is the network diagram for ground floor. The terminals are connected to the layer 2 switches in star topology. This floor has the sales and marketing department, the administration and the reception. The reason to have these departments in this floor is because these are the departments that the customers interact mostly and therefore it is 22
HSSN II
important that they are located in an easy location. Both the switches in these floors are layer 2 - 24 ports. Therefore there are 48 ports as a whole in this floor. These switches get access to network through the layer 3 backbone switch in the server room. Wi-Fi facility will also be available for the outside users (customers) as the router is located in the 1st floor. Although in the diagram, the switches seems to be dedicated for the departments, it is not so. The VLAN technology allows any device from any department to connect to any switch. Therefore extending the network is not limited by the switches. The peripherals in each department are estimated to suit the business functionalities, all the printers and PCs are directly connected to the network.
1S T FLOOR
Finance
IP Phone Ethernet Printer L1-FI-IP1 IP Phone L1-FI-IP2 L1-FI-PR1 IP Phone L1-FI-IP3
L1-FI-PC5
L1-FI-PC4
Conference Room
Speaker
L1-FI-PC2
IP Phone L1-CR-IP1
Microphone
L21-S1
Server Room
L31-S1 L1-IT-PC1
L1-IT-PC2
L1-IT-PC3
ICT
L1-IT-PC4 L1-IT-PC5
IP phone L1-IT-IP1 IP phone L1-IT-IP2 IP phone L1-IT-IP3 IP phone IP phone L1-IT-IP4 Ethernet Printer L1-IT-IP5 L1-IT-PR1
23
HSSN II
This is the network diagram for the 1st floor. This floor has the server room, ICT department, conference room and the finance department. Server room is the most important location of the whole network and will be discussed separately. This is also similar to the ground floor network. The same mechanisms are used in this floor as well. The terminals are connected to layer 2 switches with 24 ports each. Conference is where all the voice and video conferences occur between various parties. Therefore, projectors, web cameras, speakers, microphones that are needed for this communication, are deployed in this room. These devices are connected to the PC in this room and are not connected to the network as it is not necessary. Also these devices can be removed and plugged into any other device, especially laptops. Since external parties often visit this location it is important to provide them with Wi-Fi facilities. This floor has the Wi-Fi router that is directly connected to the layer 3 backbone switch. It is important to have the Wi-Fi router in this floor because then it will be able to cover the whole building since this is the middle storey. Another reason is that most external devices that needs web communication are connected from this floor using Wi-Fi connection. Having the Wi-Fi router in this floor provides maximum bandwidth for these users.
SERVER ROOM
To Layer 2 switches From ISP
VPN Server Mail server Database server Web server Anti-Virus Server databaseserver vpnserver mailserver webserver antivirusserver mail.ictresources.com www.ictresources.com
DC Server dcserver
The servers located in this room are discussed in the above chapters. All these servers are directly connected to the layer3 backbone switch. The reason is to provide highest possible bandwidth and quick access as all the requests passes through these servers. The layer 3 switch is a 24 port switch. Therefore this switch is enough for future expansions of the network as well. The layer3 switch will be configured to direct the traffic to the relevant
24
HSSN II
servers as required. This is another reason to connect the servers directly to the layer3 backbone switch.
2ND FLOOR
Research and Development
L3-OP-PC1 Ethernet Printer L3-OP-PR1 L3-RD-PC5 L3-RD-PC4 L3-RD-PC3 L3-RD-PC6 Ethernet Printer L3-RD-PR1
L3-OP-PC3 L3-OP-PC4
L3-OP-PC2
IP phone L3-RD-IP1
L3-RD-PC2
Operations
L3-OP-PC5
IP phone L3-RD-IP2
IP phone L3-RD-IP3
IP phone L3-RD-IP4
IP phone L3-OP-IP3
L22-S2
IP phone L3-RD-IP5
IP phone L3-RD-IP6
L3-HR-PC2
Human Resources
This floor is also similar to any other floor. It only has departments that require basic facilities. No complex or new network implementations are available in this floor. The switches used in this floor are also layer 2 24 port switches.
IP ADDRESSING
VLAN (Virtual Local Area Network) Employees work in different departments and therefore Employers have different groups and those groups have different privileges and security expectations. To this employers should be assigned to different LANs. This LAN consists with users from head office and also with remote users. Sometimes local users login to this
25
HSSN II
private network from outside the head office. What ever happened they should belongs to same LAN. To enable this we are using VLAN concept. Each VLAN is created on layer 3 switch using IPs. This Layer 3 should be configured to support VLAN.
Table 5: IP Addressing
VLAN 1 2 3 4 5 6 7 8 9 10
Network Wi-Fi router Sales and Marketing Server Room ICT Department Research and Development Finance HR Department Operations Reception Conference Room
Hosts 32 32 16 16 16 16 16 16 4 4
Start IP 192.168.22.0/27 192.168.22.32/27 192.168.22.64/28 192.168.22.80/28 192.168.22.96/28 192.168.22.112/28 192.168.22.128/28 192.168.22.144/28 192.168.22.160/30 192.168.22.164/30
End IP 192.168.22.31/27 192.168.22.63/27 192.168.22.79/28 192.168.22.95/28 192.168.22.111/28 192.168.22.127/28 192.168.22.143/28 192.168.22.159/28 192.168.22.163/30 192,168.22.167/30
The number of hosts was decided with extra access points to allow network scalability.
26
HSSN II
Load Balancer Layer 2 switch 1st Floor L21-S2 Firewall firewall Layer 2 switch 2nd Floor L22-S2
VPN Server Mail server Database server Web server Anti-Virus Server databaseserver vpnserver mailserver webserver antivirusserver mail.ictresources.com www.ictresources.com
DC Server dcserver
Above is the overall network diagram. There are three T-3 carrier lines coming from two different ISPs through the routers. These connections pass through the load balancer and filters through the firewall before it reaches the LAN. The firewall directly connects to the layer 3 backbone switch which connects all the servers and other secondary switches. The devices used are described in the above chapters.
27
HSSN II
WAN
T2 /T 1
li n
Sales Office 2
T2/ T1 line
Internet
li /T1 T2 ne
T2 /T 1
T2 /T 1
lin
This figure shows the WAN network. The branches are connected via VPN tunnels using internet. The main branch uses high bandwidth T-3 lines. Simple ADSL connection might be sufficient for the branch offices to connect to the internet, but the 2 branches which keep backups of the central database might need to have a T1 or T2 line. Detailed de scription of the VPN technology implemented to achieve this connectivity is available in the previous chapters,
28
HSSN II
Anon.,(n.d.)Transmission
Media,[online]
available
from
Anon.,(n.d.),Wireless
Media,[online]
available
from
Florida Centre for Instructional Technology College of Education, (2009),Cabling [online] available from http://fcit.usf.edu/network/chap4/chap4.htm [Accessed on 29th September 2010]
Kioskia,(n.d.),
Leased
Lines
T1,T2,T3,[online]
available
from
Bright Hub
Inc.,(2010) , Why do
we need
firewall,
What
ismyipaddress,(2010),What
is
proxy
server,
[online]
available
from
eUKhost
LTD(2010),
Database
server,[online]
available
from
29
HSSN II
Vicomsoft
Ltd,(
2010),DHCP.[online]
available
from
Anoon.,(n.d.),
IPSec
Introduction,[online]
available
from
30
HSSN II
APPENDIX
GANTT CHART
31