Project Proposal NET200 |18 th June 2010 Proposers Sankar/ Mandeep
Project Proposal
NET200 |18th June 2010
Proposers
Sankar/ Mandeep
Project Proposal NET200
networkfalcons.wordpress.com 1
Executive Summary
The ‘there4 travel’ is a new travel agency to be based at Christchurch airport with a branch in
Nelson. The agency wants to implement Information Technology (IT) services at the Christchurch
head office and operate a server based, centrally managed solution to Head Office and the Nelson
branch.
The agency requires,
Internet access
A dedicated line to the Airline Booking System from the Christchurch head office
Research on using virtual private networks for corporate purposes
This proposal aims to design a simple, medium sized network for the ‘there4 travel’ travel agency
based on their RFP.
Project Proposal NET200
networkfalcons.wordpress.com 2
Table of Contents
Executive Summary ................................................................................................................................. 1
Project Charter ........................................................................................................................................ 4
Background ............................................................................................................................................. 6
Analysing Business & Technical Goals .................................................................................................... 7
Business goals ..................................................................................................................................... 8
Technical goals .................................................................................................................................... 8
Scope Statement ..................................................................................................................................... 9
Work Breakdown Structure .................................................................................................................. 10
Physical network diagram ..................................................................................................................... 11
Logical network diagram ....................................................................................................................... 12
Network naming convention ................................................................................................................ 13
Networking device specification and cost ............................................................................................ 14
Router ............................................................................................................................................... 14
Switch ................................................................................................................................................ 15
Router configuration ............................................................................................................................. 16
Router 1 ............................................................................................................................................ 16
Router 2 ............................................................................................................................................ 17
Router 3 ............................................................................................................................................ 17
Subnetting Plan ..................................................................................................................................... 18
Subnet in Christchurch ...................................................................................................................... 18
Subnet in Nelson ............................................................................................................................... 18
Subnet between two Routers ........................................................................................................... 18
Subnet in DMZ .................................................................................................................................. 18
Security plan ......................................................................................................................................... 19
Physical device security .................................................................................................................... 19
Logical security .................................................................................................................................. 19
Logical access controls ...................................................................................................................... 19
Firewalls ............................................................................................................................................ 19
Infrastructure and Data integrity ...................................................................................................... 20
Security awareness training .............................................................................................................. 20
Firewall information/configuration ...................................................................................................... 20
Project Proposal NET200
networkfalcons.wordpress.com 3
Firewall Configuration ....................................................................................................................... 21
Software Plan ........................................................................................................................................ 21
User access diagram ............................................................................................................................. 22
Backup/Disaster recovery plan ............................................................................................................. 23
Merits/ Demerits using VPN ................................................................................................................. 24
Introduction ...................................................................................................................................... 24
Site-to-Site VPN ................................................................................................................................. 24
Point-to-Point VPN ............................................................................................................................ 24
MPLS VPNs ........................................................................................................................................ 25
Merits / Demerits .............................................................................................................................. 25
Conclusion ......................................................................................................................................... 25
Project Proposal NET200
networkfalcons.wordpress.com 4
Project Charter
Project Title Implementation of IT services for ‘there4 travel’
Project start date 2st Aug 2010 Projected finish date 27th Aug 2010
Project Sponsor/ Company’s Representative Cordell Mayshack
Proposers Network Falcons (NWF)
Project Managers Sankar / Mandeep
Project Objectives
To design a simple, medium sized network for the ‘there4 travel’ travel agency based on their RFP.
This includes the following tasks,
Analysing Business & Technical Goals
Logical network diagram
Physical network diagram
Network naming convention
Required internetworking device specifications and costs
Router configurations
Subnetting plan
Security plan (policy & general procedures)
Firewall information and configurations settings
Server, desktop, mobile computer software plan
User access diagram (AD structure, groups, users, resources)
Backup plan
Disaster recovery plan
Benefits and problems with using virtual private networks across the Internet for corporate
purposes
Approach
Accomplish the above objectives before one week of the proposal submission date
Develop detailed analysis of the company’s requirement, design the network and report to
the Project Sponsor
Communicate with the project team and the project sponsor for the updates
Maintain the progress of the project using a blog in a weekly basis
Use the internal staff as much as possible for planning and organising the project
Project Proposal NET200
networkfalcons.wordpress.com 5
Roles and Responsibilities
Name Role Responsibility
Cordell Mayshack CEO Project Sponsor Mark Caukill CIO Monitor project / Project Coordinator Sankar Project Manager Plan and execute project Mandeep Project Manager Plan and execute project
Sign-off
(Cordell Mayshack) (Mark Caukill)
(Sankar) (Mandeep)
Comments
“This project must be done a week before the date of proposal submission date.” Mandeep, Project Manager.
“We are assuming that adequate resource will be available and committed to supporting this project. This project is expected to complete before the deadline without any barriers.” Sankar, Project Manager.
Project Proposal NET200
networkfalcons.wordpress.com 6
Background
Network Falcons (NWF) is one of the leading providers of Information Technology services around
New Zealand for past 10 years. Our clients are all over the globe and still their projects are handled
by our team with 100% success.
NWF sector knowledge spans almost every area of the economy. From the reporting and compliance
requirements of the government and its agencies, through to the highly regulated health sector and
internationally focused needs of our rural companies, NWF combines deep experience with true
understanding to deliver powerful and proven ICT solutions.
NWF have got experience working with Small and Medium level Enterprises (SMEs) using the latest
technologies that are available in the market. Our team has performed well from the day of our first
project and we are happy to share that we have got high user satisfaction rating for the year 2008
and 2009.
NWF is one of the Cisco and Microsoft certified companies in the world. We believe we've
assembled an outstanding group of leaders and managers to guide NWF and its clients. Our motive is
to reduce the cost of the infrastructures and its services in an industry and providing the greater
performance and reliably of our product and services.
Project Proposal NET200
networkfalcons.wordpress.com 7
Analysing Business & Technical Goals
‘there4 travel’ is a new travel agency to be based at Christchurch airport with a branch in Nelson. Its
core business is 40% domestic travel bookings and 60% international travel bookings and packages.
IT services for the company is to be at the Christchurch head office and operate a server based,
centrally managed solution to Head Office and the Nelson branch.
The company consists of:
In Christchurch
1 x CEO/Manager
1 x Assistant Manager
5 x Travel Agents
In Nelson
1 x Manager
1 x Assistant Manager
2 x Travel Agents
2 x Mobile Travel Agents
The travel agency requires:
Internet access for both the branches
A dedicated line to the Airline Booking System from the Christchurch head office
Email service
Research on using virtual private networks for corporate purposes
Project Proposal NET200
networkfalcons.wordpress.com 8
Business goals
Analysing the business goals of the company, NWF makes sure that the entire network is built by
keeping the following points in mind,
IT services should help the company to provide good service and excellent value for money
to its customers
Implementing IT services should increase revenue to the agency
Reducing the operating costs using IT services
Improve communications between the company and the public
IT services should reduce the elapse time in the business
IT infrastructures and services should provide features to the company to offer better
customer support or new customer services to its clients
NWF will build this network with the following business priorities,
Mobility
Security
Resiliency
Business continuity after a disaster
Technical goals
Understanding the company’s core business, and considering the technical goals such as scalability,
availability, performance, security, manageability, usability, adaptability, affordability; the following
trade-off table is designed.
Availability 30
Network performance 20
Scalability 15
Security 15
Affordability 5
Manageability 5
Usability 5
Adaptability 5
Total
100
Project Proposal NET200
networkfalcons.wordpress.com 9
Scope Statement
Preliminary Scope Statement
Servers: If additional servers are required to support this project, they must be compatible with the
network requirements. If it is more economical to enhance the available servers, a detailed
description of enhancements must be submitted to the CEO for approval.
VPN Routers: If the VPN service needs to be implemented in the network, VPN routers/gateways
needs to be ordered and its detailed description document must be submitted to the CEO for
approval.
Project progress report: The progress of the project should be updated regularly on the blog in
weekly basis and weekly progress report must be submitted to the CIO/Project Coordinator.
Team meetings: Arrange team meetings with the project team on weekly basis and find the success
and failures faced by the team in this project.
Technology threat: Aware of the new hardware and software technology updated or launched in the
market, so that project is not out dated on its complete.
Staff increase: If additional staffs are required to support this project, they must be recruited before
two weeks of the expected project starting date. A detailed description of the staffs must be
submitted to CEO for approval.
A detailed description of network and plan according to the RFP must be submitted to CEO for
approval. The CEO must approve a detailed plan describing the additional requirements at least two
weeks before the date of the project initiation.
Project Scope Statement, Version 1
-Available after the agreement-
Project Proposal NET200
networkfalcons.wordpress.com 10
Work Breakdown Structure
Project
Pre-Implementation Implementation Post-Implementation
Order
Hardware/Software
Build Servers, Pcs &
Laptops
Install OS &
Applications
Hardware/Software
builds complete
Backup solution
Establish connectivity
Test & Confirm
operations
Ready to go live
Day 1 live running
Day 2 live running
Decommission of old
equipment (if any)
Update
Documentation
Prepare Project
Report
Project Proposal NET200
networkfalcons.wordpress.com 11
Physical network diagram
Project Proposal NET200
networkfalcons.wordpress.com 12
Logical network diagram
Project Proposal NET200
networkfalcons.wordpress.com 13
Network naming convention
Network Description Naming convention
Domain name
t4t.chc.com
Server 1 in Christchurch
server1
Server 2 in Christchurch
server2
Server in Nelson
server3
Router in Christchurch
r1chc
Router in Nelson
r2nsn
Client Pcs in Christchurch
chc-pc-1, chc-pc-2, …
Client Pcs in Nelson
nsn-pc-1, nsn-pc-2, …
Switch in Christchurch
s1chc
Switch in Nelson
s2nsn
Project Proposal NET200
networkfalcons.wordpress.com 14
Networking device specification and cost
Router
Model Cisco 1941 Integrated Services Router - Router - Ethernet, Fast Ethernet, Gigabit
Ethernet - Cisco IOS IP Base - 2U – external
Cost $ 1,115 USD (www.insight.com)
Specification
General
Depth Device Type Form Factor Height Weight Width
11.5 in Router External - modular - 2U 3.5 in 12.8 lbs 13.5 in
Expansion / Connectivity
Expansion Slots Total (Free) Interfaces
2 ( 2 ) x HWIC ¦ 2 ( 1 ) x CompactFlash Card ¦ 1 ( 1 ) x expansion slot 1 x network - Ethernet 10Base-T/100Base-TX/1000Base-T - RJ-45 ¦ 1 x management - console - RJ-45 ¦ 1 x management - console - mini-USB Type B ¦ 1 x serial - auxiliary - RJ-45 ¦ 2 x USB - 4 pin USB Type A
Memory
Flash Memory RAM
256 MB (installed) / 8 GB (max) 512 MB (installed) / 2 GB (max)
Networking
Compliant Standards Data Link Protocol Features Network / Transport Protocol Remote Management Protocol Routing Protocol
IEEE 802.3ah, IEEE 802.1ah, IEEE 802.1ag Ethernet, Fast Ethernet, Gigabit Ethernet Firewall protection, VPN support, MPLS support, Syslog support, IPv6 support, Class-Based Weighted Fair Queuing (CBWFQ), Weighted Random Early Detection (WRED) IPSec SNMP, RMON OSPF, IS-IS, BGP, EIGRP, DVMRP, PIM-SM, IGMPv3, GRE, PIM-SSM, static IPv4 routing, static IPv6 routing
Project Proposal NET200
networkfalcons.wordpress.com 15
Status Indicators
Link activity, power
Miscellaneous
Compliant Standards CISPR 22 Class A, CISPR 24, EN55024, EN55022 Class A, EN50082-1, CAN/CSA-E60065-00, ICES-003 Class A, CS-03, AS/NZS 3548, FCC CFR47 Part 15, EN300-386, UL 60950-1, IEC 60950-1, EN 60950-1, CSA C22.2 No. 60065, BSMI CNS 13438
Switch
Model Cisco SR224 24-port 10/100 Switch - 13-inch chassis
Cost $ 143 USD (www.superwarehouse.com)
Specification
General
Manufacturer Device Type Enclosure Type
Linksys 24 Port Switch Standalone or Rack mount
Networking
Connectivity Technology Data Transfer Rate Communication Mode Status Indicators Features Compliant Standards Interfaces
10/100 Ethernet Up to 200 Mbps (In Full-Duplex Operation) Full/Half Duplex System, 1 through 16 Auto MDI/MDI-X Cable Detection, Full/Half Duplex Auto-Negotiation, Store-and-Forward Packet Switching, Signal Regeneration, Auto Partitioning IEEE 802.3, 802.3u 24 x 10/100 Ethernet (RJ-45)
Project Proposal NET200
networkfalcons.wordpress.com 16
Router configuration
Router 1
Router host name r1chc
Location Christchurch
Login id vyatta
Login password 123456
Domain name chc.com
Eth0 172.16.0.10/16
Eth1 192.168.254.193/27
Eth2 192.168.254.161/27
Eth3 172.16.0.30/16
Eth4 192.168.254.97/27
NAT enabled
GW 172.16.0.254
DNS 4.2.2.2
SSH service enabled
DHCP server pools ETH1_POOL 192.168.254.194 to 192.168.254.222
ETH2_POOL 192.168.254.163 to 192.168.254.190
ETH2_POOL_2 192.168.254.130 to 192.168.254.158
ETH4_POOL 192.168.254.99 to 192.168.254.126
Firewall Enabled
RIP Enabled
Project Proposal NET200
networkfalcons.wordpress.com 17
Router 2
Router host name r2nsn
Location Nelson
Login id vyatta
Login password 123456
Domain name nsn.com
Eth0 192.168.254.162/27
Eth1 192.168.254.129/27
DHCP relay enabled
DNS 4.2.2.2
SSH service enabled
Firewall enabled
Router 3
Router host name r3dmz
Location Christchurch
Login id vyatta
Login password 123456
Domain name nsn.com
Eth0 192.168.254.98/27
Eth1 192.168.254.97/27
DMZ enabled
DNS 4.2.2.2
SSH service enabled
Firewall disabled
Project Proposal NET200
networkfalcons.wordpress.com 18
Subnetting Plan
No of Hosts: 30
Subnet in Christchurch
Mask 255.255.255.224(27)
Subnet Address 192.168.254.192
First useable Address 192.168.254.193
Last useable Address 192.168.254.222
Broadcast 192.168.254.223
Subnet in Nelson
Mask 255.255.255.224(27)
Subnet Address 192.168.254.160
First useable Address 192.168.254.161
Last useable Address 192.168.254.190
Broadcast 192.168.254.191
Subnet between two Routers
Mask 255.255.255.224(27)
Subnet Address 192.168.254.128
First useable Address 192.168.254.129
Last useable Address 192.168.254.158
Broadcast 192.168.254.159
Subnet in DMZ
Mask 255.255.255.224(27)
Subnet Address 192.168.254.96
First useable Address 192.168.254.97
Last useable Address 192.168.254.126
Broadcast 192.168.254.127
Project Proposal NET200
networkfalcons.wordpress.com 19
Security plan
Physical device security
Servers, Router should be in restricted access areas
The physical access to the room should be limited
Appropriate environmental safeguards are implemented in and near the room
Logical security
Boundaries between network segments are created
Control the flow of traffic between different cable segments
Appropriate VLAN boundaries should be created
Logical access controls
Passwords for devices changed regularly
Implementing password use guidelines
Users are allowed to create complex passwords
Firewalls
Implementing the following rules in the Firewall system
Packet filtering
Circuit filtering
Application gateways
Project Proposal NET200
networkfalcons.wordpress.com 20
Infrastructure and Data integrity Ensuring any traffic on the network is valid traffic to its best. Regular audits and packet lookup is
done to make sure the traffic is stable.
Security awareness training
Responsibilities and awareness of network security should be provided to the staffs with in-depth
training regarding the following;
Security techniques
Methodologies for evaluating threats and vulnerabilities
Selection criteria and implementation controls
The importance of what is at risk if security is not maintained
Firewall information/configuration
There are two types of Firewall used in this network. They are,
Hardware Firewall
Software Firewall
Hardware firewall is implemented in the routers, and the software firewall is implemented in the
servers and clients.
The software firewall/antivirus we use in this network is Symantec Endpoint 11
Key features of Symantec Endpoint
Seamlessly integrates essential technologies such as antivirus, antispyware, firewall,
intrusion prevention, device and application control
Requires only a single agent that is managed by a single management console
Provides unmatched endpoint protection from the market leader in endpoint security
Enables instant NAC upgrade without additional software deployment for each endpoint
Lowers total cost of ownership for endpoint security
Project Proposal NET200
networkfalcons.wordpress.com 21
Firewall Configuration
Rule 1 Allow the traffic from the subnets created
(192.168.254.192), (192.168.254.160), (192.168.254.128), (192.168.254.96)
Rule 2 Block the traffic from the list of Blacklists
Rule 3 Allow traffic from the default protocols (e.g., NetBIOS...)
Rule 4 Enable File sharing
The above rules are configures both in hardware and software firewall in the network to have
additional security.
Software Plan
The following table describes the basic software plan for this network. Depends upon the
requirement, additional software can be installed.
Systems Operating System
Security (Symantec Endpoint)
Backup/ Disaster recovery (Symantec Backup exec)
Office applications
Miscellaneous
Server 1
Windows Server 2008 Standard
Yes (Core)
Yes
Yes
(If req.)
Server 2
Windows Server 2008 core
No
Yes
No
No
Server 3
Windows Server 2008 Standard
Yes(managed)
Yes
Yes
(If req.)
Pcs / Laptops
Windows 7 Professional
Yes(managed)
Yes
Yes
(If req.)
Project Proposal NET200
networkfalcons.wordpress.com 22
User access diagram
Users
Admin Group L1 Group L2
Administrators
E.g. System admins,
Network admins
Domain Users /
Group policy creator
owners
E.g. Managers
Domain Users
E.g. Travel agents and
mobile Travel agents
Project Proposal NET200
networkfalcons.wordpress.com 23
Backup/Disaster recovery plan
We use third party software to manage the backup and disaster recovery plan in this network.
Software Symantec Backup Exec
Features
Backup systems automatically, while you work through scheduled or event-driven backups
Dissimilar Hardware Recovery with Restore anywhere Technology
Offsite Backup Copy to FTP location or secondary disk drive for enhanced disaster recovery
capabilities
Seamless physical to virtual (P2V) and virtual to physical (V2P) conversions for VMware,
Microsoft and Citrix virtual environments
Simplify IT administration by centrally managing backup and recovery tasks for multiple
servers across the entire organization
Replace time-consuming manual and error-prone processes with fast, reliable, automated
recovery to dramatically minimize downtime and avoid disaster
Working
Backup and recovery point is centrally managed from Server1
The recovery points of the server and pcs are stored in a centralized part in Server2
Critical data are backed up regularly on time schedule basis
The disaster recovery is done at any part of the time to any of the systems in the network
Secondary Disaster Recovery plan
The secondary disaster recovery plan is implemented by mirroring the Active Directory
service from server1 to the server2, which will be running he Windows Server 2008 core
So the user groups, policies and critical information are recovered immediately from any point of
time during any disaster in the network.
Project Proposal NET200
networkfalcons.wordpress.com 24
Merits/ Demerits using VPN
Introduction
Virtual Private Network (VPN) encapsulates data transfers between two or more networked devices
not on the same private network so as to keep the transferred data private from other devices on
one or more intervening local or wide area networks. The term "VPN" has taken on many different
meanings in recent years. VPNC has a white paper about VPN technologies that describes many of
the terms used in the VPN market today. In specific, it differentiates between secure VPNs and
trusted VPNs, which are two very different technologies.
For secure VPNs, the technologies that VPNC supports are
IPsec with encryption
L2TP inside of IPsec
SSL with encryption
For trusted VPNs, the technologies that VPNC supports are:
MPLS with constrained distribution of routing information through BGP ("layer 3 VPNs")
Transport of layer 2 frames over MPLS ("layer 2 VPNs")
Site-to-Site VPN
Site-to-site is the same much the same thing as point-to-point except there is no "dedicated" line in
use. Each site has its own internet connection which may not be from the same ISP or even the same
type. One may have a T1 while the other only has DSL. Unlike point-to-point, the routers at both
ends do all the work. They do all the routing and encryption. This is an easy way to connect two
offices without having each user "dail-up" using a PPTP connection. Site-to-site VPNs can work with
hardware or software-based firewall devices. On the software side, you can use something like
‘Clarkconnect’. On the hardware side, you can have many different devices to choose from.
Point-to-Point VPN
A traditional VPN can also come as a point-to-point. These are also referred to as "leased-line VPNs."
Here, two or more networks are connected using a dedicated line from an ISP. These lines can be
packet or circuit switched. The main strength of using a leased line is the direct point-to-point
connection. It does not go out over the public Internet, so there performance is not degraded by
routing problems, latency, and external congestion.
Project Proposal NET200
networkfalcons.wordpress.com 25
MPLS VPNs
MPLS is a true "ISP-tuned" VPN. It requires 2 or more sites connected via the same ISP or an "on-net"
connection. There is a way to configure this using different ISP's or "off-net" but you never get the
same performance.
Merits / Demerits
VPN is considered as a maturing technology and is answering a lot of business communication
problems that were once considered as unavoidable monopolistic overheads. With VPN technology
there are certainly some disadvantages such a limited security for wireless users although more
enhanced technologies are continually emerging on a frequent basis. The advantages of the
technology are that the data can be sent from one location to another within the world using an
existing and continually growing infrastructure, the Internet.
By using encapsulation, encryption and data tracking the data is sent both securely and accurately to
the next user. The main advantage of using VPN over a dedicated WAN or even an Intranet is mainly
based on the cost. In using an existing network (Internet) the operational costs are much lower than
that used with the WAN alternative. Obviously with a huge organisation a dedicated line between
one site and another has many advantages however when that site is overseas the alternative of
mixing with VPN technologies becomes a much more attractive approach. VPN provides a secure link
by using point-to-point protocols and encryption techniques such as Symmetric-key encryption or
Public-key encryption.
So in summary VPN extends geographic connectivity, provides well established security methods,
reduced operational costs when compared with that of the WAN technology. In addition VPN also
provides reduced set-up times, fast network links for remote users, the network topology is
simplified, productivity improved due to less constraints when compared with other networking
methods, provides Voice over IP protocol (teleconferencing facilities), provides broadband
networking compatibility and when compared with infrastructure set up constraints such as that
seen with WAN technologies and VPN ensures a faster return on investment.
Conclusion
VPN is certainly an emerging technology which provides companies a good alternative to the more
expensive WAN technology. VPN utilises the well-established Internet to securely send its data from
one location to another. The VPN connections between users are secure in that tried and tested
encryption methods have been integrated within the system. In addition, VPN caters for mobile
users on the move this by wireless VPN technology and can transfer data such a text, Voice over IP
(VoIP) and image frames.