Network_Design

Executive Summary for Network Design Project Executive Summary for Network Design Project LaTasha Torney IT230 David Fuschino September 6, 2009 Executive Summary My network project design is for a Tee-shirt Company called Macaroni Clothing. The company has two locations in which tee-shirts are designed. The main office is where the core of the business will take place. The store will also take orders online and need to communicate with the sister store which is ran by 3 employees. The data base server will be located at the main office. My network will be small and based on Ethernet with a shared media10base-t. The physical network would include network cabling, faceplates, and basic infrastructure. Both locations will be able to access on the same network and run off a wireless LAN and use VOIP for voice communication. The network will also use a CAT 5 cable network and a UTP copper base cabling system. The network will also have a wireless LAN at 2 Mbps and one fifth bandwidths through a standard 10base-t-ethernet and a 100Base-t. The wireless connectivity will be at both offices. A file server will be the primary storage device. The server will be set up in a way where data and file can be shared by anyone in the company and be allowed to create and modify shared folders. My network will use the VPN point to point tunneling which will work over an IP internetwork. This will allow employees to work from home taking orders and processing them. Layer 2 tunneling protocol will be used in addition to an IP internetwork which can be used over a frame relay PVCS and X.25 or ATM virtual circuits. This protocol uses the best feature of both PPTP and a Cisco technology. The network design will follow a star topology where each device on the network connects to its own cable or hub. The network operating system will be Windows with antivirus to protect from hacker intrusion. The email server is Microsoft exchange which is a collaborative communications for businesses. Exchange uses a POP3 email account with an ISP or a web based email service. Microsoft office will be used to write memos and power point will display product on the internet. Excel will be used to keep track of employee’s time. Cabling Specifications The network project cabling type will be based on a 10base-T Ethernet which operates at 10mps and also follows a star topology using twisted-pair cabling. Star topology is where each device on the network connects with its own cable to a hub or some other devices. Using 10Base-T Ethernet networks are easy to use and rely on hubs. Each computer in the office will have its own dedicated cable which connects its Ethernet to a port on the hub. Ethernet requires little or sometimes no configuration at all. The Ethernet cable will be constructed using a CAT5 unshielded twisted-pair cable, and terminated with RJ-45 connectors. Because the network is small all the computers in the network will be directly connected to the hub without putting new wiring in the walls. The 10Base-T will use shared media hubs that will represent a logical Ethernet segment that shares the bandwidth of the 10mbps Ethernet segment and competes for collisions. Each port on a shared media hub connects via a UTP cable to a 10Base-T interface which connects printers, scanners and other devices together. Because the network is small an unmanaged hub can be used and is not cost affected but with a non-managed in a managed environment the ability of monitoring and tuning the performance of the network will be lost. Using a managed hub can also detect and repair many network problems which will stop a total failure but is relatively expensive. To give the network a little more speed a 100mps may be considered. The 100Base –T needs network cards and hubs designed for the 100Base-T and only cost a little more than the 10Base-T. In order to be able to upgrade the network in the future a network card that operates 10 or 100 bps will be installed for future flexibility. The hub will automatically sense which card is connected to each port 10 or 100 Mbps and operate accordingly. The cost of a T-Ethernet card will run in between $30-50 each and a 10/100Base-T Ethernet card at about $45-120 each. Local Area Network (LAN) Topologies I chose a star topology because it is easy to manage and uses a hub as the central point of connection. The star topology is the most efficient for a small company. Using topology allows the network to be expanded without difficulty and depends on how many ports are on the hub. Because laptops and desktops will be utilized, a wireless connection will also be established. The star topology may require more cabling but if a device goes down on the network it won’t affect other devices. The network will be using a wireless router. Wireless connection makes browsing the internet easier. Using a wireless network allows an individual to access the internet when he is not connected to a computer with an Ethernet cable. Wireless network-ready laptops can easily move between different networks. Wireless networks are less reliable with connection speeds than connections using an Ethernet cable. This is due to the risk of dead spots where the signal is either weak or non-existent. Weather, and signal interference also play a role in weakening a connection. Wireless networks are extremely susceptible to interference so radio signals, radiation and any other similar type of interference may cause a wireless network to malfunction. LAN requires a lot of cabling and may be costly but the manageability is worth it. Star topology allows the network to continue working even if the network goes down. The only time the network will fail is if the main hub stop working it will shut the whole network down. The IDF is where the star topology connects and the network devices separate in a distribution frame closet. These closets will then link to a main distribution frame closet and is also called MDF. The networks router holds a switch in the main closet. This allows the system to be expandable and easy accessible. This design allows all types of cables to be used. Wide Area Network (WAN) Design A WAN is a wide area network. This term distinguishes a broader telecommunication structure for a local area network. A wide area network connotes public networks. WAN is one of the biggest contributor to a corporate networks cost of ownership. There are different topological and technological options that relate to the fundamentals of a WAN design. Clear channel leased lines are the simplest and most traditional method of interconnecting geographically dispersed sites; however, this is also the most expensive method. The main advantage of synchronous leased lines relates to their technological simplicity. This means that less expertise is required to install and troubleshoot the technology, which can ultimately reduce support costs. VOIP, Remote application user, remote application user, file sharing and transfer, central data storage and backup are some of critical applications that make up WAN. There are many approaches to designing a WAN like cost and how much bandwidth. One of the most popular WAN is the internet. WAN connects multiple networks like LAN and MANs. Routers and switches are interconnected to form a WAN. The switches connect in full mesh and half mesh which are different topologies. WAN’s use packet switching and circuit switching technologies. Packet switching allows user to share common resources so that the infrastructure can make more efficient use. When setting up a carrier’s network, connection is established and customers share the carrier’s network. The carrier can then create virtual circuits between customers sites by which packets of data are delivered from one network to another. WAN technologies function at the lower three layers, physical layer, data link layer and the network layer. The design will include a frame relay which can be used for WAN connectivity from a service provider. The connection to the Frame Relay network is done by attaching a point-to-point link from the customer's DTE to the provider's DCE. In order to make an informed decision about wide area connectivity the requirements of the network as well as the capabilities of FDP’s frame relay service. The main advantage of Frame Relay over point-to-point leased lines is cost. Frame Relay can provide performance similar to that of a leased line, but with significantly less cost over long distances. The reason is because the customer only has to make a dedicated point-to-point connection to the provider's nearest frame switch. From there the data travels over the provider's shared network. The price of leased lines generally increases based on distance. So, this short-haul point-to-point connection is significantly less expensive than making a dedicated point-to-point connection over a long distance. Connecting a WAN within offices to a frame relay a mixture of full and fractional lines should be purchased. A full t-1 line connects each office to the WAN. Frame relays tend to be slow due to network congestion and difficulty ensuring quality of service. Frame relay uses variable-length packets because it is easier to guarantee Quos when using a fixed-length packet. There are various WAN protocols that can be used in place of a frame relay. X.25 and ATM are other WAN protocols that can be used instead of frame relay. X.25 is an older technology that is similar to Frame Relay, but not as efficient. The reasons for its inefficiency are due to the fact that it is an older designed conceived when most telecommunications lines were analog. Since analog lines are inherently noisy X.25 loses a large percentage of through put to error checking overhead when compared to Frame Relay. For modern, digital lines X.25 offers no advantages over Frame Relay and should not be used unless there are no other alternatives available. The main differences between ATM and Frame Relay is that ATM uses a fixed-length packet (called a cell in ATM terminology) where Frame Relay uses variable-length packets. Using fixed-length cells makes quality of service calculations much more straightforward. Good quality of service is important in applications like voice and video conferencing that cannot tolerate significant network delays. The choice to use ATM rather than Frame Relay should be based on the use of these applications as well as pricing and availability. Frame relay seem to be the best connectivity, because it offers a combination of price and performance for the Wide Area Network needs. Increased traffic load, application load, collaboration, distance, separation of data and applications and security/compliance requirements are all dynamics that are completely altering the design requirements for the WAN. Having consistency in application optimization, collaboration, and security WAN Services, among corporate sites large and small, combine to form a WAN advantage that enables business and IT leaders to boost collaboration throughout their business, strengthen security, speed access to data and ideas, optimize application performance end-to-end, and ultimately cut operating costs. Lippis(2009). LAN bandwidth has advanced rapidly with wide area bandwidth trying to keep up. The WAN design can start as a simple hub-and-spoke network. Each supply office and Manufacturing site will have a virtual circuit connected. There should be a virtual circuit between each office on the WAN. This simple design solves the basic connectivity issue. All sites can communicate with the main office and all sites may also communicate with each other by routing layer-3 data through the main office. Network Protocols The network protocol that will be used for my network is TCP/IP. TCP which stands for transmission control protocol is the main transport protocol utilizing in IP networks. This protocol is a connection provides end to end. TCP/IP is mostly used to transfer files, remote login and computer mail. These services should always be used in implementing TCP/IP. TCP makes sure the IP data arrives intact. If not it will resend the data. TCP converts messages and files into data packets that are transmitted over the network connection to the destination computer and then changes into messages or files that can be read by the user. IP provides the transmitting operation. TCP/IP is an active process that communicates between computers and servers to get a connection. TCP/IP can be used on most LAN’s and is more efficient than NOVELL’s SPX/IPX. Peer to peer network will use a fixed IP address and will be effectively managed in a small LAN. TCP/IP is a protocol that is automatically installed and can’t be removed. Network protocol defines rules and convention for communicating between networks. Some protocols support message acknowledgement and data designed for high performance network communication. Higher level protocols interact closer with applications like web browsers and the lower level protocol interact with network adapters and computer hardware. TCP/IP was chosen because it’s more practical and most applications work with it. In order to transport TCP/IP, it must consider application protocol that can be used on the network. Network protocols are implemented with built in services for modern operating systems like Microsoft Windows. There are some lower level TCP/IP and routing protocols that support is implemented in directly hardware to improve performance.   Network Remote Access The network will also have a remote access, so that employees who work from home will be able to tap in to the company data. Remote access is the process that allows connectivity to a resource in a different location. This process can be accessed by using VPN or dial-up. The network can allow limited access or full access allowing a limited number of users to access the network. Encryption is important when trying to establish a remote access connection. Encryption sends the data back and forth between points and can only be read by users that are authorized to do so. Information such as passwords and other content can be accessed if the data is encrypted. VPN is a way to use remote access, which creates a private network through the internet. VPN connection can basically use any resource within a network including mail server, Web server, or database. Firewalls provide VPN access which consolidates and minimizes points of entry to a network. Software solution can also be used to establish VPN connectivity and using firewalls that require two network interfaces. Terminal emulation is another form of remote access which requires a server and a client. Terminal emulation can’t connect a client to a network instead it connects a client to a computer. It then uses it as a remote site and allows someone to connect to a computer to use it. When making a connection over a public network encryption should be utilized. Encryption should be enabled by default that’s why it’s always important to check to see if encryption is enabled. There are many applications associated with terminal emulation. They included desktop support, server access, thin client workstations and offsite access. There are also many terminal emulation products that are available such as Pc anywhere, Terminal Server and Citrix. These are some of the most popular terminal emulation product but there are many more. Web browser is used by many people and has become a popular interface for many applications. Most times when using web browser you are gaining a form of remote access by accessing web based email, online catalog systems and z39.50 gateways. Although UNIX is not thought of as a remote access, it allows remote login by accessing a servers IP address using TELNET. This allows multiple sessions and enables more than one user to log into the server at the same time.  Dial-up connection involves one modem connecting with another over a Public Switched Telephone Network. This creates a temporary and dedicated WAN link. Dial-up can use three possible protocols to make an initial connection. Point-to-Point (PPP), Serial Line Internet Protocol (SLIP) and Asynchronous NetBEUI (ASYBEUI). PPP is almost always the protocol of choice for both server and client. Serial Line Internet Protocol is used as a client in NT or WIN2k only when necessary to connect to an older server that is not supporting PPP. Asynchronous is a Microsoft Proprietary remote access protocol used only for legacy systems such as early versions of Windows NT, Windows for workgroups, or DOS. The dial-up process involves authentication which usually involves a password to access the web. Using passwords can gain unwanted access because access can be gained so easily it should be encrypted by using the strongest possible method that is supported by both server and client. There’s only one protocol that supports dial-up with encryption. When using SLIP or ASYBEUI, the only authentication protocol that can be used is PAP. There are several authentication protocols. Password Authentication Protocol (PAP), Shiva Password Authentication Protocol (SPAP), Challenge Handshake Authentication Protocol (CHAP), Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) Version 1, Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)Version 2 and Extensible Authentication Protocol (EAP). With a remote access server dial up connections are accepted and forwards packets between remote access clients and the network to which the remote access server is connected to. The remote access client is associated by dial-up equipment installed at the remote access client, the remote access server and the WAN infrastructure. Dial-up equipment is basically consisting of an analog modem at the remote access client. For a large corporation the remote server is attached to a modem bank that is made up of hundreds of modems. But PSTN connection isn’t design for data transmission so there are limits to the maximum bit rate of a PSTN connection. When using dial-up remote access server it is required one of the following operating systems which include: Windows Server, Windows Server 2003 or Windows XP. The dial-up remote access requires: Windows 98, Windows Millennium, Windows 2000, Windows 2000 Server, Windows XP, and Windows Server 2003. Dial-up provides a secure data path over a circuit-switched connection. A VPN solution saves the cost of long distance phone service and hardware costs. Dial-up lines are more private then solutions that use a public network like the internet. Although dial-up is a large investment there are continuous expenses throughout the life cycle of the solution. Some of the expenses include hardware purchases, monthly phone costs and ongoing support. Unlike VPN solution users connect to a corporate network of the internet. My network will use the point to point tunneling which will work over an IP internetwork. Layer 2 tunneling protocol will be used in addition to an IP internetwork which can be used over a frame relay PVCS and X.25 or ATM virtual circuits. This protocol uses the best feature of both PPTP and a Cisco technology. Internet Protocol Security provides end to end encryption. VPN sometimes has limited security for wireless users. An advantage of VPN is that the data can be sent from one location to another within the world using an existing and growing infrastructure. VPN extends geographic connectivity, provides well established security methods, reduced operational costs when compared with that of the WAN technology. In addition VPN also provides reduced set-up times, fast network links for remote users, the network topology is simplified, productivity improved due to less constraints when compared with other networking methods, provides Voice over IP protocol (teleconferencing facilities), provides broadband networking compatibility and when compared with infrastructure set up constraints such as that seen with WAN technologies and VPN ensures a faster return on investment. University Dissertations (2009).  VPN provides reduced set-up times, fast network links for remote users, the network topology is simplified, productivity improved due to fewer constraints when compared to other networks and when compared with infrastructure set up constraints like WAN technologies and VPN ensures faster returns. To make sure my network design is well incorporated these five keys will be used. Security, Reliability, Scalability, Network and policy management are important to a successful design. This could be difficult to do when there are three VPNs available. The different types are Site-to-Site VPN where the link is connected across an intranet basis to the main company LAN or it is connected to a partner company LAN through an extranet basis. The VPN server that will be used is the Cisco3000. The Cisco Secure Remote access Solution is a single-appliance VPN solution that extends network access safely and easily to a wide range of users, and devices. It offers the most comprehensive and versatile remote access solution in the industry, which supports the widest range of connectivity options, endpoints, and platforms to meet my network designs changing and diverse remote access needs.     Network Business Applications The company would need several applications to process orders for the company. Microsoft office business edition will be used to handle day to day orders through excel. Reports will be written on a Microsoft word documents. Outlook will be the primary email account used. Employee’s communicate by sending and receiving emails to each other. Outlook provides integrated solutions for managing time and information, connecting across boundaries, and controlling the information that reaches you. Information can be better shared among employees and work will be organized better. PowerPoint presentations will be used to present tee shirt designs to view online. Firewall client will be installed on client computer and protected by a Microsoft server. The firewall will provide enhanced security, application support, and access control for client computer. Backup and Disaster Recovery The design will also include a backup and disaster recovery plan. This plan will insure that important data and files are protected in a case of an emergency. Companies should have a backup/recovery solution just in case a disaster hits. Microsoft exchange and SQl has a server available that backs up data and is also affordable and easy to use. Each solution has to have its own solution, one for backup recovery and one for disaster recovery. It is very expensive for combined solutions but Sonasoft offers an integrated backup/recovery and replication solution which is cheaper than other solutions. Most customers demand quick recovery of emails and databases and instant failover to a local or remote server in an event of a disaster. If a major disaster hit having a backup recovery could mean recovery of a business. Sonasoft is one of the first companies to offer an affordable which is easy to use and automated disaster recovery solution that can be implemented within in a few hours. SonaSafe provides automated disk to disk backup and recovery. Sonasafe is centralized management based software which offers total protection with reliable backup and also offers customers the ability to be up running quickly in a case of destruction. SonaSafe application also maintains a standby server which continuously updates data that is received from the primary system. If the system was to fail the standby system would take over instantly. The standby system can be on site or located at a remote site and still protects against natural or man-made disasters. SonaSafe is a very good investment because it’s easy to use and saves time during a disaster recovery. Many companies are choosing Microsoft exchange and SQL servers because SonaSoft has designed its solution to address specific pain points and needs for customers. Some of the benefits that SonaSoft offers to customers are: Affordability, easy to use disaster recovery, suited for SMB exchange and SQL environments, inexpensive cost effective solutions, standby server can be accessed anywhere, ability to load balance by distributing mailboxes across multiple exchange servers and facilitate migration of Exchange and SQL servers from one version to another. Thomas publishing company (2009). SonaSoft is designed to simply eliminate human error in the backup and recovery process. SonaSafe provides cost effective disaster recovery strategy for all company sizes. A company should be up within 48 hours of a disaster to be viable this will begin to shape the DRP procedures. This allows the business to calculate the amount of time it would take to execute the recovery plan and have the business back in order in a timely manner. The recovery system should be tested, configured and retested at least 24 hours prior to launching it. The setup takes 40 hours to complete. The recovery plan should be written in detailed. A recovery team should also be established and each member should be assigned specific duties. Various aspects of the network like the database, servers, bridges/routers and communications links. Each network should be specified who repairs or reconstructs and how the data recovery process occurs. The data that has the most priority should be recovered first and a checklist or test procedure should be created to verify that everything is working normal once the repairs and data recovery takes place. Once the DRP is in place it should always be tested on a regular basis. Performing a component-level restoration of the largest database will allow you to get a realistic assessment of the recovery procedure. Performing a periodic walk through every now and then will assure that everyone knows their roles in an event of a disaster. The plan should be tested regularly to make sure all parts are working properly and the test results should be recorded and update the DRP to address any shortcomings. As your business environment changes, so should your DRP. Reexamine the plan every year on a high level: Do you still need every part of the plan' Do you need to add to it' Will the budget need to be adjusted to accommodate changes to the plan' As applications, hardware, and software are added to your network, they must be brought into the plan. New employees must be trained on recovery procedures. New threats to business seem to pop up every week and a sound DRP takes all of them into account. Jupitermedia (2007) The disaster recovery plan document is information for the disaster recovery during an emergency. Some of the information in the document included information of the authors and owners with their contract details. The document information, purpose, scope, assumptions, exclusions, system description, roles and responsibilities, contact details, activation procedures, execution procedures and reconstitution procedures are all the contents that are included in the DRP. The disaster recovery plan also needs to be kept up to date and tested because a plan that is not tested is as bad as not having a plan at all. The maintenance plan of the document recommends the following: periodic mock drills, experience capture, and periodic updates. By following these maintenance procedures a successful recovery plan will be implemented. Industry studies report that more than 90 percent of business records are now produced electronically. However, almost half of these records are never reproduced in paper form. When a disaster occurs, small businesses may be faced with lost data, downgraded revenue forecasts, loss of customer confidence and sometimes potential liability. Network Security Creating a backup and disaster recovery plan ensures that business systems continue to run as needed in case of a disaster. There are several things to consider when creating a backup and recovery plan. Cost and need are two factors to consider when creating a recovery plan. Small to mid-size businesses face additional challenges because of limited budgets when developing disaster recovery and business continuity plans when compared to their larger counterparts. The first step in conducting a recovery and disaster plan is considering the risk analysis. Getting an analysis of all the possible risk that threaten the systems uptime and evaluate are the most important things that may affect the computer system. The risk could be a virus attack or even an accidental deletion which could be caused by a flood or a fire. The risks should be ranked by priority like the probability and the impact. They should also be rank as low, medium or high. A utility failure like power failure could rank as high probability and high impact. The next step in creating a recovery and backup plan would be to establish the budget. There are several questions that need to be answered to suppress the risk like how much will it cost for the recovery and backup' Can the threat be detected before it hits' How do I reduce the possibility of a risk from happening' Whatever the amount that is spent to make sure a recovery and backup is implemented is worth it. When deciding on a recovery plan both IT and business operation decide and agree on what data and applications are most important to the company and need to be recovered quickly in a case of a disaster. Disaster recovery budgets vary from company to company but they typically run between 2 and 8 percent of the overall IT budget. Companies for which system availability is crucial usually are on the higher end of the scale, while companies that can function without it are on the lower end. However, these percentages may be too small. For a large IT shop 15 percent is a best practice rule of thumb according to Emerson. Jupitermedia Corporation (2007) A company should be up within 48 hours of a disaster to be viable this will begin to shape the DRP procedures. This allows the business to calculate the amount of time it would take to execute the recovery plan and have the business back in order in a timely manner. The recovery system should be tested, configured and retested at least 24 hours prior to launching it. The setup takes 40 hours to complete. The recovery plan should be written in detailed. A recovery team should also be established and each member should be assigned specific duties. Various aspects of the network like the database, servers, bridges/routers and communications links. Each network should be specified who repairs or reconstructs and how the data recovery process occurs. The data that has the most priority should be recovered first and a checklist or test procedure should be created to verify that everything is working normal once the repairs and data recovery takes place. Once the DRP is in place it should always be tested on a regular basis. Performing a component-level restoration of the largest database will allow you to get a realistic assessment of the recovery procedure. Performing a periodic walk through every now and then will assure that everyone knows their roles in an event of a disaster. The plan should be tested regularly to make sure all parts are working properly and the test results should be recorded and update the DRP to address any shortcomings. As your business environment changes, so should your DRP. The disaster recovery plan document is information for the disaster recovery during an emergency. Some of the information in the document included information of the authors and owners with their contract details. The document information, purpose, scope, assumptions, exclusions, system description, roles and responsibilities, contact details, activation procedures, execution procedures and reconstitution procedures are all the contents that are included in the DRP. The disaster recovery plan also needs to be kept up to date and tested because a plan that is not tested is as bad as not having a plan at all. The maintenance plan of the document recommends the following: periodic mock drills, experience capture, and periodic updates. By following these maintenance procedures a successful recovery plan will be implemented. References Cisco Systems (1992-2009) Jupitermedia Corporation. Building small Businesses (2007) Concentrix. Small business Servers (2009) Black, Ulysses. PPP and L2TP: Remote Access Communications (1999) CBS Interactive Inc (2009) Microsoft TechNet (2009) About.com Networking (2009) Technewsworld (2009)