ILLUSTRATED ACCOMPLISHMENTS 1999 – PRESENT My name is Tim Loftus. I am an expert IT Architect & IT Infrastructure Manager with years of hands-on, in-the- trenches experience. The following slides illustrate where I have been, what I have been doing for the past few years and demonstrate how I can apply my skills and expertise to your advantage. I would be happy to speak with you, so please don’t hesitate to contact me. email: [email protected]mobile phone: (001)732-740-8329
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
ILLUSTRATED ACCOMPLISHMENTS 1999 – PRESENT
My name is Tim Loftus.I am an expert IT Architect & IT Infrastructure Manager with years of hands-on, in-the-
trenches experience.
The following slides illustrate where I have been, what I have been doing for the past few years and demonstrate
how I can apply my skills and expertise to your advantage.
I would be happy to speak with you, so please don’t hesitate to contact me.
Network Design IllustrationsThe following 19 slides were created while performing as an IT Architect
with IBM Global Services between 2000 and 2007.
This is an abbreviated compilation of presentation slides from actual reports that were presented to IBM client executives between 2001 and 2007. Company names and addresses have been removed or masked.
Timothy R. LoftusIT Manager, IBM IT Infrastructure Architect, Avaya IP Telephony SpecialisteMail; [email protected]; 732-740-8329Profile; http://www.linkedin.com/in/timloftusTwitter@Tim_Loftus
Network Architecture and Design Methodology
The network architecture development is driven by business requirements (support
business expansion while providing full services to new and existing customers) and
existing constraints (installed terminals, telephone systems, desk top PCs, etc.).
During the assessment, each of the eleven locations visited and surveyed, provided key
information for the development of the new Architecture and Design.
IT Infrastructure Architecture
Developement
IT Infrastructure
Specified
Design
IT Infrastructure
Detailed
Component Design
Guiding Principles
Business Drivers
Current Environment Constraints
IT CapabilitiesIn fr a s t r u ct u r e
Re q u ir e m e n t s t
Category ‘A’ Locations in the Network Design
Category ‘A’ locations are unique in that they support full redundancy and fault tolerance to
the frame relay network and to a high speed Internet Service Provider (ISP). Two
locations are planned for Category ‘A’ locations; the Corporate Data Center and in
Glendale, NY. The Data Center was selected for its role as the data processing hub for all
of the company. Glendale was selected for several reasons including the number of PCs
on the LAN and the access to service providers in the New York City area.
Category ‘A’ locations support Internet access, VPN, MS domain controller and DHCP
(Dynamic Host Configuration Protocol) server. Category ‘A’ locations will provide DNS
(Domain Name Server), DHCP and Microsoft domain controllers. Data Center link, router
and switch load balancing is accomplished with the use of the Cisco 11154 Load Balancer
systems in the design. This will allow LAN equipment and ERP system interfaces can be
balanced. Layer 2, load balancing and switching provides a high-speed facility that can
quickly re-converge around device or link failures. Most device failures will be transparent
to users.
Frame Relay Network
SDSERIESCataly st 350 0 XL
PWR
SDSERIESCataly st 350 0 XL
PWR
DSU/CSU
NETGEAR
AT&T
POP
DSU/CSU
T1
T1
V.35
V.35
Cisco 3524XL10/100 Switches
Currently installed Netgear 10/100 Switches & Hubs
Digital
PW R
11154 Load Balancer
PW R
11154 Load Balancer
Cisco 11154Load Balancers
Layer 3 routing
IP/OSPF
Layer 2 switching
ethernet/spanning tree
MestaMed Host
Terminal Mux
192.0.0.1
to Internet
to Internet
File & Print Server
Call Manager Server
SD
CISC O YST EMSS
Cisco 2650SERIE S
SD
CISC O YST EMSS
Cisco 2650SERIE S
IP Router
Cisco 2651
Category ‘B’
Category ‘B’ locations are mid-size offices of 30 or more employees usually hosting at least
one Microsoft file and print server.
Frame Relay Network
SDSERIESCatalyst 3500 XL
PWR
DSU/CSU
V.35
IP Router
Cisco 1751
Cisco 3550
10/100 Switch
Layer 3 routing
IP/OSPF
Layer 2 switching
ethernet/spanning tree
IP enabled Terminal Mux
File & Print Server
AT&T
POPT1 PVC to Easton
SDCISCO Y ST EMSS Cisco 1700
PWR
OK
WIC0ACT/CH0
ACT/CH1
WIC0ACT/CH0
ACT/CH1
ETHACT
COL
SE RIES
ROUTER
SDSERIESCa talyst 3500 XL
PWR
Cisco 3550
10/100 Switches
Category ‘C’
Category ‘C’ locations are small offices with 6 to 29 employees that do not utilize a central
file and print server
DSU/CSU
T1V.35
Layer 3 routing
IP/OSPF
Layer 2 switching
ethernet/spanning tree
IP enabled Terminal Mux
PVC to Easton
Frame Relay Network
AT&T
POP
IP Router
Cisco 1751
SDCISCO YS TEM SS Cisco 1700
PWR
OK
WIC0ACT/CH0
ACT/CH1
WIC0ACT/ CH0
ACT/CH1
ETHACT
COL
SERIESROUTER
SDS ERIESCatalyst 3500 XL
PWR
Cisco 3550
10/100 Switches
Category ‘D’
Category ‘D’ locations are small offices with less than 5 employees. This category utilizes
the less reliable, but less costly Internet VPN method. Added attention is given to security;
Ds o
1 0
0
1 L
I S
NETGEAR
Digital
MestaMed Host
DSU/CSU
10/100 Switch
ISP Router
Firewall
Proxy / NATSDSERIESCatalyst3500 XL
PWR
Data CenterDMZ
SDPOWERACTIVITYCis co 2600
CISCOYSTEMSS
SERIES
NETGEAR
DSU/CSU
ISP Router
Firewall
Proxy / NATSDSERIESCatalyst3500 XL
PWRGlendale, NY
DMZ
SDPOWERACTIVITYCis co 2600
CISCOYSTEMSS
SERIES
Enterprise Frame Relay
Network
DSU/CSU AT&T
POP
DSU/CSU
T1
T1
V.35
V.35
Layer 3 routing
IP/OSPF
DSU/CSU AT&T
POP
DSU/CSU
T1
T1
V.35
V.35
Layer 3 routing
IP/OSPF
Internet
SDSERIESCatalyst3500 XL
PWR
SDSERIESCatalyst3500 XL
PWR
SDSERIESCatalyst3500 XL
PWR
SDSERIESCatalyst3500 XL
PWR PWR
11154 Load Balancer
PWR
11154 Load Balancer
Cisco 3550
10/100 Switches
Cisco 3550
10/100 Switches
Cisco 11154Load Balancers
ISP #1
ISP #2
SDCISCO YSTEMSS
Cisco 2650
SERIESSD
CISCO YSTEMSS
Cisco 2650
SERIESIP Router
Cisco 2651
SDCISCO YSTEMSS
C isco 2650
SERIESSD
CISCO YSTEMSS
C isco 2650
SERIESIP Router
Cisco 2651
10/100 Switch
back up path
FW & VPN Gateway
Cisco PIX
SDCISCOYSTEMSS PIX F irewal l
SERIES
SDCISCOYSTEMSS PIX F irewal l
SERIES
FW & VPN Gateway
Cisco PIX
back up path
VPN
Internet
Build and implement Internet connectivity at the Data Center with a back up connection in
Glendale. The Glendale link can be configured to handle some services (i.e. remote access
VPN or B2B VPN or Web Server Hosting) to distribute traffic volume.
Work with the ISPs to provide inbound fail-over through BGP4 rerouting.
S Y ES
T
T
Minimal Protection
(ISP router)
external facing
services
internal services
external security boundry
internal security boundry
LAN connected
PCs
external domain public
Internet
Enterprise Network
Maximum Protection
Corporate Data
firewallfirewall
Reduced Protection / Increased
Vulnerability
secure VPN
Conceptual Security Boundaries Illustration;
State Government Disaster Recovery Plan Conceptual Illustration;
To secure internal data, the Extranet network segment must be separated from
home network segments. Communications with customer/partner networks
must be carefully managed.
• Utilize the Extranet server operating system security to protect data access
• Implement a firewall between the Extranet and the enterprise network to
restrict access
• Apply filters on routers to prevent one partner from accessing another partner
through the Corporate network.
• Isolate un-trusted access from the enterprise network
• Contain majority of external access to dedicated servers in Extranet domain
• Control and validate access to enterprise assets through the firewall
Extranet Frame Relay
Network
FTP servers
Firewall
Business
Partner
Data Center
Enterprise Network
BusinessPartner
BusinessPartner
BusinessPartner
Trading Firm Local Network Component Architecture & Documentation
Traders Access Layer Servers User (IDF) Access Layer
Distribution Layer
Distribution Layer
Core Layer Core Layer
WAN Layer WAN LayerCat 6509
CC560M-004CRP-W01
Cat 6509
sf560ds-sv1
Cat 6509
sf560ds-sv2
Cat 6509
sf560ds-tr1
Cat 6509
sf560ds-tr2
Cat 6509
sf560ds-id1
Cat 6509
sf560ds-id2
Cat 3524
sf560ac-tr3
Cat 3524
sf560ac-tr4
Cat 3524
sf560ac-tr1
Cat 3524
sf560ac-tr2
Cat 3524
sf560ac-sv3
Cat 3524
sf560ac-sv4
Cat 3524
sf560ac-sv1
Cat 3524
sf560ac-sv2
Cat 3524
sf560ac3-2
Cat 3524
sf560ac4-1
Cat 3524
sf560ac2-2
Cat 3524
sf560ac3-1
VLAN90 VLAN92 VLAN94 VLAN96
VLAN300 VLAN301
VLAN16 VLAN18 VLAN20 VLAN22
IP:10.96.1.0 IP:10.96.2.0
10.96.0.1 10.96.0.2
10.96.0.11 10.96.0.12
10.96.0.4 10.96.0.510.96.0.7 10.96.0.8
10.96.17.0/23 10.96.19.0/23 10.96.21.0/23
Cat 3524
sf560ac4-2
VLAN2410.96.23.0/23 10.96.25.0/23
10.96.103.010.96.101.0
10.96.91.0 10.96.93.0 10.96.95.0 10.96.97.0
Cat 6509
CC560M-004CRP-W02
Cat 6509
CS560M-004CRP-B01
Cat 6509
CS560M-004CRP-B02
University Campus Conceptual Design
Using virtual LANs, student network traffic is kept separate from academic and
administrative traffic to maintain security and streamline throughput.
VLANs are structured in such a way that user groups can be kept separate. This can allow for a more secure network computing environment.
All shared computing resources such as file servers and printers should reside on the same VLAN as the resource's users to maintain optimal levels of performance.
Resource virtual cohabitation is especially important when campus routing is centralized.
Servers are secured through standard operating system security.
Route between VLANs utilizing manually coded, static routes. Configure to filter and block unwanted traffic from crossing into neighboring VLANs.
Centralized layer 3 switching (routing) provides for a simple, easily managed static architecture.
Routing/ Blocking Method
Office of
Computer Services
VLAN
Academic Computing
VLAN #1
Academic Computing
VLAN #2
Academic Computing
VLAN #3
Administration
VLAN #1
Student Networking VLAN #1
Student Networking VLAN #2
Student Networking VLAN #3
University Campus Conceptual Design
Logical VLAN assignments and physical IDF map overlay. Actual IDF to MDF to MDF
connectivity shown as well as the VLANs present in each IDF switch.
• IDF switch VLAN assignments color coded.• MDFs function as cabling concentration points for IDFs.
OCS
ACAD1
ACAD2
ACAD3
ADMIN
RESNET1
RESNET2
RESNET3
VLAN
legend
West College
Reamer Campus Center
Arts
Yulman Theater
Old Chapel
Nott Memorial
27 Terrace Lane
Richmond
South S&E (CS Lab)
Steinmetz, Butterfield
Fieldhouse
Olin North
Olin South
North S&E (ME)
Bailey Hall
Pasta Lab
North S&E (Physics)
Social Sciences
South S&E (Bio, Chem,
Dean)
OCS Machine Room
Alumni Gym (N & S)
Chi Psi HumanitiesLamont
Shaffer Library
2nd floor
Shaffer Library
Basement
Smith
Sillman
Whitaker
36 Union Avenue
17 South Lane
Feigenbaum Hall
Grant Admissions
Psi Upsilon
Dudley
69 Union Ave.
Edwards
Lenox 1294
Potter
Raymond
Davidson North
Davidson South
Fox NorthChester Arthur
Fox SouthWebster
North Colonnade
Sillman Hall
MDF 3
Hickok
MDF 2Arts
MDF 5
Peschel
MDF 1
Library
MDF 4
North College Bronner
Becker Wells
Facilities & Achilles
Rink
McKean
reference spreadsheets on previous pages for port/station details
University Campus IP Address Design
The proposed 6 bit mask provides 62 subnets and 1022 host addresses per subnet
allowing for campus growth. 1022 available station addresses per subnet allow for
growth in stations per VLAN and ample cushion for address reservation.
Available IP addresses for a 6 bit, fixed length subnet mask (255.255.252.0)
Recommendation;Group subnet addresses together to allow for the implementation of different masks at some latter time.
Do not use subnets 0 and 63.
No. Subnet Address Hosts From Hosts To Broadcast Address
new 4-digit extensioncurrent extensionsMain List Number
IP TERMINAL 4621D01A GRY
SPKRPH 4690IP WITH MICS
Dialing within the Corporate network (15 locations) is a 4-digit extension
To dial out requires a 9 prefix
Unused Prefixes;
Unused sets of 100 extensions;
IP TERMINAL 4602SW GRY
IP TERMINAL 4610SW GRY
Avaya Engineering PackagesThe following 7 slides were created while performing as a Systems Engineer with
Avaya between 2007 and 2009.
These presentation slides were provided to Avaya clients with Bill of
Material spreadsheets between 2007 and 2009. Company names
and addresses have been removed or masked.
Timothy R. LoftusIT Manager, IBM IT Infrastructure Architect, Avaya IP Telephony SpecialisteMail; [email protected]; 732-740-8329Profile; http://www.linkedin.com/in/timloftusTwitter@Tim_Loftus
McGraw Hill Company, 2 Penn Plaza, 22nd Floor, New York City
The design being implemented is an upgrade from older to current technology. The MGH office at 2 Penn Plaza will migrate from MCC, fiber connect and CM3.1
to G650s, IP Connect and CM5. McGraw Hill is not anticipating new features or functionality with this upgrade.
All 19” cabinets are being provided by McGraw Hill. There is a slight space issue so the customer wants to move cabinets around after implementation. The
intent is to utilize the space being vacated by the MCC cabinets. No exact determination has been made regarding how this will be accomplished. The wall field
is adjacent to the cabinets. See diagram below. The arrangement of cabinets should be discussed with Jim Duffy at McGraw Hill. No ESS or LSPs are
supported by the 2 Penn Plaza system. Media server is S8720. Media servers will receive DAL2.
Juan Alvarez, ATAC System Designer, made the following notes;
* All CM licenses count upgraded to CM5 EE from CM3 EE.
* IP softphone and IP agent licenses were NOT upgraded here.
* Call Center software was NOT upgraded at this point either. Note: 2 Penn Plaza has 5200 CC licenses. It is very unlikely that MGH is using all of them and in
case the want to upgrade CC software, they probably don't want to upgrade the whole count.
* All MCC cabinets replaced with G650
* Systems migrated to IP connect. Single IPSI and single Media Resource per PN. [Later changed to Duplicated for High Reliability]
2009I established a Limited Liability Corporation in NJ to establish myself as a top IT resource.
The following 5 slides illustrate my most recent activity.
BUSINESS ARCHITECTURE = What is the mission of the business? Study the Mission Statement and conduct interviews ('What are we doing?")
How is the business executing the mission? ('How are we doing it?')
How is the business providing value to the customer? (perception of the business)
ANALYSISCan the IT Architecture be utilized to benefit, improve or even change the Business Architecture?
Can the IT Architecture be utilized to improve the business customer's experience?
Develop the end state the VISION
GAPS1. Can the vision be supported by current IT operations staff? Can the staff
be supplemented?
2. Can we get from where we are to the VISION and can the staff get us there?
3. What will the cost be?
4. What will the timeframe be?
5. What will be the success indictors that can be
measured and reported? When and how often?
6. What tools are needed?
Create a PLAN to address GAPSInclude;
1. Business processes
2. resource utilization (internal & external)
3. budgets
4. time lines
EXECUTE1. Acquire necessary tools
2. Create external requirements (talent and hardware)
3. Build measurements
4. Report measurements to the business
5. Establish documentation
6. Establish Operational procedures
7. Upon completion, set up a schedule with the business to re-take measures
Business Architecture Analysis1. Develop the VISION 2. Create a plan 3. Execute
A client was experiencing routing issues that prevented communications on the HQ LAN.Graphic for the client’s campus LAN recommendation supporting IP Traffic (IPT & Data Communications)
Edgewater
VOICEDATA
Carrier Links to Internet
Management SwitchVLANmgt / VLANdata2
server server
Suggested VLAN designin accordance with stated requirements
VLANiptVLANdata5VLANmgt
VLANiptVLANdata5VLANmgt
VLANiptVLANdata3VLANmgt
VLANiptVLANdata3VLANmgt
Timothy R. LoftusFree Knowledge NetworkFebruary 2, 2012
VLAN names changed so they do not have any relation to IP addresses
VLAN 101 – Network Management -Name changed to VLANmgt
VLAN 102 – Servers/Other network devices - Name changed to VLANdata2
VLAN 103 – Administrative/Health Center Name changed to VLANdata3
VLAN 104 – Residential Use - Name changed to VLANdata4
VLAN 105 – Guest Access - Name changed to VLANdata5
VLAN 106 – Security/Access Control - Not used in design (VLANmgt can be utilized)
VLAN 107 – VOIP - Name changed to VLANipt
VLANiptVLANdata3VLANmgt
VLANmgtVLANipt
VLANmgtVLANdata2VLANdata3VLANdata4VLANdata5
IPT PBX
VLANmgtVLANipt
Router
VLAN NAME
IP NETWORKS
BELONGING TO
VLAN
VLANiptall telephone IP
subnet addresses
VLANdata1
10.6.90.0
10.6.93.0
10.6.96.0
10.6.99.0
VLANdata3
10.6.91.0
10.6.94.0
10.6.97.0
10.6.100.0
VLANdata4
10.6.1.0
10.6.2.0
10.6.106.0
VLANdata5other addresses as
required
Cloud Sourcing (contract work)
Dissatisfied with the current hosted IPT service, my client requested a consultative analysis and recommendation. The following activities and output followed:
1. Troubleshoot the current service2. Produced a PowerPoint report of findings3. Recommended a course of action4. Telephony and data RFQs were completed and sent to six bidders5. Selected four cloud provider bidders to compete for the service6. Meetings and negotiations were conducted with each bidder at the client’s office7. After negotiations final responses were reviewed and a recommendation was
presented to the client8. With the client - a cloud service provider was selected for voice and data services9. implementation/cutover was completed within 8 weeks
Free Knowledge Network, LLC March – August, 2012
Client Service Investigative Report: Page 5 of 8 graphically illustrates current issues that must be addressed.
Telephony Network Topology Map (Summary)* Multiple Internet networks traversed (5) / BGP gateways traversed (4)* Routers traversed for a one-way trip is estimated at 26 – this high number will introduce jitter* There can be no guarantees for delay and jitter across multiple network gateways and routers *The exact location of the SIP gateway is undetermined