Project Proposal - · PDF file27.08.2010 · Project Proposal NET200 networkfalcons.wordpress.com 1 Executive Summary The ‘there4 travel’ is a new travel agency to be based...

Project Proposal

NET200 |18th June 2010

Proposers

Sankar/ Mandeep

Project Proposal NET200

networkfalcons.wordpress.com 1

Executive Summary

The ‘there4 travel’ is a new travel agency to be based at Christchurch airport with a branch in

Nelson. The agency wants to implement Information Technology (IT) services at the Christchurch

head office and operate a server based, centrally managed solution to Head Office and the Nelson

branch.

The agency requires,

Internet access

A dedicated line to the Airline Booking System from the Christchurch head office

Email

Research on using virtual private networks for corporate purposes

This proposal aims to design a simple, medium sized network for the ‘there4 travel’ travel agency

based on their RFP.



Table of Contents

Executive Summary ................................................................................................................................. 1

Project Charter ........................................................................................................................................ 4

Background ............................................................................................................................................. 6

Analysing Business & Technical Goals .................................................................................................... 7

Business goals ..................................................................................................................................... 8

Technical goals .................................................................................................................................... 8

Scope Statement ..................................................................................................................................... 9

Work Breakdown Structure .................................................................................................................. 10

Physical network diagram ..................................................................................................................... 11

Logical network diagram ....................................................................................................................... 12

Network naming convention ................................................................................................................ 13

Networking device specification and cost ............................................................................................ 14

Router ............................................................................................................................................... 14

Switch ................................................................................................................................................ 15

Router configuration ............................................................................................................................. 16

Router 1 ............................................................................................................................................ 16

Router 2 ............................................................................................................................................ 17

Router 3 ............................................................................................................................................ 17

Subnetting Plan ..................................................................................................................................... 18

Subnet in Christchurch ...................................................................................................................... 18

Subnet in Nelson ............................................................................................................................... 18

Subnet between two Routers ........................................................................................................... 18

Subnet in DMZ .................................................................................................................................. 18

Security plan ......................................................................................................................................... 19

Physical device security .................................................................................................................... 19

Logical security .................................................................................................................................. 19

Logical access controls ...................................................................................................................... 19

Firewalls ............................................................................................................................................ 19

Infrastructure and Data integrity ...................................................................................................... 20

Security awareness training .............................................................................................................. 20

Firewall information/configuration ...................................................................................................... 20



Firewall Configuration ....................................................................................................................... 21

Software Plan ........................................................................................................................................ 21

User access diagram ............................................................................................................................. 22

Backup/Disaster recovery plan ............................................................................................................. 23

Merits/ Demerits using VPN ................................................................................................................. 24

Introduction ...................................................................................................................................... 24

Site-to-Site VPN ................................................................................................................................. 24

Point-to-Point VPN ............................................................................................................................ 24

MPLS VPNs ........................................................................................................................................ 25

Merits / Demerits .............................................................................................................................. 25

Conclusion ......................................................................................................................................... 25



Project Charter

Project Title Implementation of IT services for ‘there4 travel’

Project start date 2st Aug 2010 Projected finish date 27th Aug 2010

Project Sponsor/ Company’s Representative Cordell Mayshack

Proposers Network Falcons (NWF)

Project Managers Sankar / Mandeep

Project Objectives

To design a simple, medium sized network for the ‘there4 travel’ travel agency based on their RFP.

This includes the following tasks,

Analysing Business & Technical Goals

Logical network diagram

Physical network diagram

Network naming convention

Required internetworking device specifications and costs

Router configurations

Subnetting plan

Security plan (policy & general procedures)

Firewall information and configurations settings

Server, desktop, mobile computer software plan

User access diagram (AD structure, groups, users, resources)

Backup plan

Disaster recovery plan

Benefits and problems with using virtual private networks across the Internet for corporate

purposes

Approach

Accomplish the above objectives before one week of the proposal submission date

Develop detailed analysis of the company’s requirement, design the network and report to

the Project Sponsor

Communicate with the project team and the project sponsor for the updates

Maintain the progress of the project using a blog in a weekly basis

Use the internal staff as much as possible for planning and organising the project



Roles and Responsibilities

Name Role Responsibility

Cordell Mayshack CEO Project Sponsor Mark Caukill CIO Monitor project / Project Coordinator Sankar Project Manager Plan and execute project Mandeep Project Manager Plan and execute project

Sign-off

(Cordell Mayshack) (Mark Caukill)

(Sankar) (Mandeep)

Comments

“This project must be done a week before the date of proposal submission date.” Mandeep, Project Manager.

“We are assuming that adequate resource will be available and committed to supporting this project. This project is expected to complete before the deadline without any barriers.” Sankar, Project Manager.



Background

Network Falcons (NWF) is one of the leading providers of Information Technology services around

New Zealand for past 10 years. Our clients are all over the globe and still their projects are handled

by our team with 100% success.

NWF sector knowledge spans almost every area of the economy. From the reporting and compliance

requirements of the government and its agencies, through to the highly regulated health sector and

internationally focused needs of our rural companies, NWF combines deep experience with true

understanding to deliver powerful and proven ICT solutions.

NWF have got experience working with Small and Medium level Enterprises (SMEs) using the latest

technologies that are available in the market. Our team has performed well from the day of our first

project and we are happy to share that we have got high user satisfaction rating for the year 2008

and 2009.

NWF is one of the Cisco and Microsoft certified companies in the world. We believe we've

assembled an outstanding group of leaders and managers to guide NWF and its clients. Our motive is

to reduce the cost of the infrastructures and its services in an industry and providing the greater

performance and reliably of our product and services.



Analysing Business & Technical Goals

‘there4 travel’ is a new travel agency to be based at Christchurch airport with a branch in Nelson. Its

core business is 40% domestic travel bookings and 60% international travel bookings and packages.

IT services for the company is to be at the Christchurch head office and operate a server based,

centrally managed solution to Head Office and the Nelson branch.

The company consists of:

In Christchurch

1 x CEO/Manager

1 x Assistant Manager

5 x Travel Agents

In Nelson

1 x Manager

1 x Assistant Manager

2 x Travel Agents

2 x Mobile Travel Agents

The travel agency requires:

Internet access for both the branches

A dedicated line to the Airline Booking System from the Christchurch head office

Email service

Research on using virtual private networks for corporate purposes



Business goals

Analysing the business goals of the company, NWF makes sure that the entire network is built by

keeping the following points in mind,

IT services should help the company to provide good service and excellent value for money

to its customers

Implementing IT services should increase revenue to the agency

Reducing the operating costs using IT services

Improve communications between the company and the public

IT services should reduce the elapse time in the business

IT infrastructures and services should provide features to the company to offer better

customer support or new customer services to its clients

NWF will build this network with the following business priorities,

Mobility

Security

Resiliency

Business continuity after a disaster

Technical goals

Understanding the company’s core business, and considering the technical goals such as scalability,

availability, performance, security, manageability, usability, adaptability, affordability; the following

trade-off table is designed.

Availability 30

Network performance 20

Scalability 15

Security 15

Affordability 5

Manageability 5

Usability 5

Adaptability 5

Total

100



Scope Statement

Preliminary Scope Statement

Servers: If additional servers are required to support this project, they must be compatible with the

network requirements. If it is more economical to enhance the available servers, a detailed

description of enhancements must be submitted to the CEO for approval.

VPN Routers: If the VPN service needs to be implemented in the network, VPN routers/gateways

needs to be ordered and its detailed description document must be submitted to the CEO for

approval.

Project progress report: The progress of the project should be updated regularly on the blog in

weekly basis and weekly progress report must be submitted to the CIO/Project Coordinator.

Team meetings: Arrange team meetings with the project team on weekly basis and find the success

and failures faced by the team in this project.

Technology threat: Aware of the new hardware and software technology updated or launched in the

market, so that project is not out dated on its complete.

Staff increase: If additional staffs are required to support this project, they must be recruited before

two weeks of the expected project starting date. A detailed description of the staffs must be

submitted to CEO for approval.

A detailed description of network and plan according to the RFP must be submitted to CEO for

approval. The CEO must approve a detailed plan describing the additional requirements at least two

weeks before the date of the project initiation.

Project Scope Statement, Version 1

-Available after the agreement-



Work Breakdown Structure

Project

Pre-Implementation Implementation Post-Implementation

Order

Hardware/Software

Build Servers, Pcs &

Laptops

Install OS &

Applications

Hardware/Software

builds complete

Backup solution

Establish connectivity

Test & Confirm

operations

Ready to go live

Day 1 live running

Day 2 live running

Decommission of old

equipment (if any)

Update

Documentation

Prepare Project

Report



Physical network diagram



Logical network diagram



Network naming convention

Network Description Naming convention

Domain name

t4t.chc.com

Server 1 in Christchurch

server1

Server 2 in Christchurch

server2

Server in Nelson

server3

Router in Christchurch

r1chc

Router in Nelson

r2nsn

Client Pcs in Christchurch

chc-pc-1, chc-pc-2, …

Client Pcs in Nelson

nsn-pc-1, nsn-pc-2, …

Switch in Christchurch

s1chc

Switch in Nelson

s2nsn



Networking device specification and cost

Router

Model Cisco 1941 Integrated Services Router - Router - Ethernet, Fast Ethernet, Gigabit

Ethernet - Cisco IOS IP Base - 2U – external

Cost $ 1,115 USD (www.insight.com)

Specification

General

Depth Device Type Form Factor Height Weight Width

11.5 in Router External - modular - 2U 3.5 in 12.8 lbs 13.5 in

Expansion / Connectivity

Expansion Slots Total (Free) Interfaces

2 ( 2 ) x HWIC ¦ 2 ( 1 ) x CompactFlash Card ¦ 1 ( 1 ) x expansion slot 1 x network - Ethernet 10Base-T/100Base-TX/1000Base-T - RJ-45 ¦ 1 x management - console - RJ-45 ¦ 1 x management - console - mini-USB Type B ¦ 1 x serial - auxiliary - RJ-45 ¦ 2 x USB - 4 pin USB Type A

Memory

Flash Memory RAM

256 MB (installed) / 8 GB (max) 512 MB (installed) / 2 GB (max)

Networking

Compliant Standards Data Link Protocol Features Network / Transport Protocol Remote Management Protocol Routing Protocol

IEEE 802.3ah, IEEE 802.1ah, IEEE 802.1ag Ethernet, Fast Ethernet, Gigabit Ethernet Firewall protection, VPN support, MPLS support, Syslog support, IPv6 support, Class-Based Weighted Fair Queuing (CBWFQ), Weighted Random Early Detection (WRED) IPSec SNMP, RMON OSPF, IS-IS, BGP, EIGRP, DVMRP, PIM-SM, IGMPv3, GRE, PIM-SSM, static IPv4 routing, static IPv6 routing



Status Indicators

Link activity, power

Miscellaneous

Compliant Standards CISPR 22 Class A, CISPR 24, EN55024, EN55022 Class A, EN50082-1, CAN/CSA-E60065-00, ICES-003 Class A, CS-03, AS/NZS 3548, FCC CFR47 Part 15, EN300-386, UL 60950-1, IEC 60950-1, EN 60950-1, CSA C22.2 No. 60065, BSMI CNS 13438

Switch

Model Cisco SR224 24-port 10/100 Switch - 13-inch chassis

Cost $ 143 USD (www.superwarehouse.com)

Specification

General

Manufacturer Device Type Enclosure Type

Linksys 24 Port Switch Standalone or Rack mount

Networking

Connectivity Technology Data Transfer Rate Communication Mode Status Indicators Features Compliant Standards Interfaces

10/100 Ethernet Up to 200 Mbps (In Full-Duplex Operation) Full/Half Duplex System, 1 through 16 Auto MDI/MDI-X Cable Detection, Full/Half Duplex Auto-Negotiation, Store-and-Forward Packet Switching, Signal Regeneration, Auto Partitioning IEEE 802.3, 802.3u 24 x 10/100 Ethernet (RJ-45)



Router configuration

Router 1

Router host name r1chc

Location Christchurch

Login id vyatta

Login password 123456

Domain name chc.com

Eth0 172.16.0.10/16

Eth1 192.168.254.193/27

Eth2 192.168.254.161/27

Eth3 172.16.0.30/16

Eth4 192.168.254.97/27

NAT enabled

GW 172.16.0.254

DNS 4.2.2.2

SSH service enabled

DHCP server pools ETH1_POOL 192.168.254.194 to 192.168.254.222

ETH2_POOL 192.168.254.163 to 192.168.254.190

ETH2_POOL_2 192.168.254.130 to 192.168.254.158

ETH4_POOL 192.168.254.99 to 192.168.254.126

Firewall Enabled

RIP Enabled



Router 2

Router host name r2nsn

Location Nelson

Login id vyatta


Domain name nsn.com

Eth0 192.168.254.162/27

Eth1 192.168.254.129/27

DHCP relay enabled

DNS 4.2.2.2

SSH service enabled

Firewall enabled

Router 3

Router host name r3dmz

Location Christchurch

Login id vyatta


Domain name nsn.com

Eth0 192.168.254.98/27

Eth1 192.168.254.97/27

DMZ enabled

DNS 4.2.2.2

SSH service enabled

Firewall disabled



Subnetting Plan

No of Hosts: 30

Subnet in Christchurch

Mask 255.255.255.224(27)

Subnet Address 192.168.254.192

First useable Address 192.168.254.193

Last useable Address 192.168.254.222

Broadcast 192.168.254.223

Subnet in Nelson

Mask 255.255.255.224(27)




Broadcast 192.168.254.191

Subnet between two Routers

Mask 255.255.255.224(27)




Broadcast 192.168.254.159

Subnet in DMZ

Mask 255.255.255.224(27)




Broadcast 192.168.254.127



Security plan

Physical device security

Servers, Router should be in restricted access areas

The physical access to the room should be limited

Appropriate environmental safeguards are implemented in and near the room

Logical security

Boundaries between network segments are created

Control the flow of traffic between different cable segments

Appropriate VLAN boundaries should be created

Logical access controls

Passwords for devices changed regularly

Implementing password use guidelines

Users are allowed to create complex passwords

Firewalls

Implementing the following rules in the Firewall system

Packet filtering

Circuit filtering

Application gateways



Infrastructure and Data integrity Ensuring any traffic on the network is valid traffic to its best. Regular audits and packet lookup is

done to make sure the traffic is stable.

Security awareness training

Responsibilities and awareness of network security should be provided to the staffs with in-depth

training regarding the following;

Security techniques

Methodologies for evaluating threats and vulnerabilities

Selection criteria and implementation controls

The importance of what is at risk if security is not maintained

Firewall information/configuration

There are two types of Firewall used in this network. They are,

Hardware Firewall

Software Firewall

Hardware firewall is implemented in the routers, and the software firewall is implemented in the

servers and clients.

The software firewall/antivirus we use in this network is Symantec Endpoint 11

Key features of Symantec Endpoint

Seamlessly integrates essential technologies such as antivirus, antispyware, firewall,

intrusion prevention, device and application control

Requires only a single agent that is managed by a single management console

Provides unmatched endpoint protection from the market leader in endpoint security

Enables instant NAC upgrade without additional software deployment for each endpoint

Lowers total cost of ownership for endpoint security



Firewall Configuration

Rule 1 Allow the traffic from the subnets created

(192.168.254.192), (192.168.254.160), (192.168.254.128), (192.168.254.96)

Rule 2 Block the traffic from the list of Blacklists

Rule 3 Allow traffic from the default protocols (e.g., NetBIOS...)

Rule 4 Enable File sharing

The above rules are configures both in hardware and software firewall in the network to have

additional security.

Software Plan

The following table describes the basic software plan for this network. Depends upon the

requirement, additional software can be installed.

Systems Operating System

Security (Symantec Endpoint)

Backup/ Disaster recovery (Symantec Backup exec)

Office applications

Miscellaneous

Server 1

Windows Server 2008 Standard

Yes (Core)

Yes

Yes

(If req.)

Server 2

Windows Server 2008 core

No

Yes

No

No

Server 3

Windows Server 2008 Standard

Yes(managed)

Yes

Yes

(If req.)

Pcs / Laptops

Windows 7 Professional

Yes(managed)

Yes

Yes

(If req.)



User access diagram

Users

Admin Group L1 Group L2

Administrators

E.g. System admins,

Network admins

Domain Users /

Group policy creator

owners

E.g. Managers

Domain Users

E.g. Travel agents and

mobile Travel agents



Backup/Disaster recovery plan

We use third party software to manage the backup and disaster recovery plan in this network.

Software Symantec Backup Exec

Features

Backup systems automatically, while you work through scheduled or event-driven backups

Dissimilar Hardware Recovery with Restore anywhere Technology

Offsite Backup Copy to FTP location or secondary disk drive for enhanced disaster recovery

capabilities

Seamless physical to virtual (P2V) and virtual to physical (V2P) conversions for VMware,

Microsoft and Citrix virtual environments

Simplify IT administration by centrally managing backup and recovery tasks for multiple

servers across the entire organization

Replace time-consuming manual and error-prone processes with fast, reliable, automated

recovery to dramatically minimize downtime and avoid disaster

Working

Backup and recovery point is centrally managed from Server1

The recovery points of the server and pcs are stored in a centralized part in Server2

Critical data are backed up regularly on time schedule basis

The disaster recovery is done at any part of the time to any of the systems in the network

Secondary Disaster Recovery plan

The secondary disaster recovery plan is implemented by mirroring the Active Directory

service from server1 to the server2, which will be running he Windows Server 2008 core

So the user groups, policies and critical information are recovered immediately from any point of

time during any disaster in the network.



Merits/ Demerits using VPN

Introduction

Virtual Private Network (VPN) encapsulates data transfers between two or more networked devices

not on the same private network so as to keep the transferred data private from other devices on

one or more intervening local or wide area networks. The term "VPN" has taken on many different

meanings in recent years. VPNC has a white paper about VPN technologies that describes many of

the terms used in the VPN market today. In specific, it differentiates between secure VPNs and

trusted VPNs, which are two very different technologies.

For secure VPNs, the technologies that VPNC supports are

IPsec with encryption

L2TP inside of IPsec

SSL with encryption

For trusted VPNs, the technologies that VPNC supports are:

MPLS with constrained distribution of routing information through BGP ("layer 3 VPNs")

Transport of layer 2 frames over MPLS ("layer 2 VPNs")

Site-to-Site VPN

Site-to-site is the same much the same thing as point-to-point except there is no "dedicated" line in

use. Each site has its own internet connection which may not be from the same ISP or even the same

type. One may have a T1 while the other only has DSL. Unlike point-to-point, the routers at both

ends do all the work. They do all the routing and encryption. This is an easy way to connect two

offices without having each user "dail-up" using a PPTP connection. Site-to-site VPNs can work with

hardware or software-based firewall devices. On the software side, you can use something like

‘Clarkconnect’. On the hardware side, you can have many different devices to choose from.

Point-to-Point VPN

A traditional VPN can also come as a point-to-point. These are also referred to as "leased-line VPNs."

Here, two or more networks are connected using a dedicated line from an ISP. These lines can be

packet or circuit switched. The main strength of using a leased line is the direct point-to-point

connection. It does not go out over the public Internet, so there performance is not degraded by

routing problems, latency, and external congestion.



MPLS VPNs

MPLS is a true "ISP-tuned" VPN. It requires 2 or more sites connected via the same ISP or an "on-net"

connection. There is a way to configure this using different ISP's or "off-net" but you never get the

same performance.

Merits / Demerits

VPN is considered as a maturing technology and is answering a lot of business communication

problems that were once considered as unavoidable monopolistic overheads. With VPN technology

there are certainly some disadvantages such a limited security for wireless users although more

enhanced technologies are continually emerging on a frequent basis. The advantages of the

technology are that the data can be sent from one location to another within the world using an

existing and continually growing infrastructure, the Internet.

By using encapsulation, encryption and data tracking the data is sent both securely and accurately to

the next user. The main advantage of using VPN over a dedicated WAN or even an Intranet is mainly

based on the cost. In using an existing network (Internet) the operational costs are much lower than

that used with the WAN alternative. Obviously with a huge organisation a dedicated line between

one site and another has many advantages however when that site is overseas the alternative of

mixing with VPN technologies becomes a much more attractive approach. VPN provides a secure link

by using point-to-point protocols and encryption techniques such as Symmetric-key encryption or

Public-key encryption.

So in summary VPN extends geographic connectivity, provides well established security methods,

reduced operational costs when compared with that of the WAN technology. In addition VPN also

provides reduced set-up times, fast network links for remote users, the network topology is

simplified, productivity improved due to less constraints when compared with other networking

methods, provides Voice over IP protocol (teleconferencing facilities), provides broadband

networking compatibility and when compared with infrastructure set up constraints such as that

seen with WAN technologies and VPN ensures a faster return on investment.

Conclusion

VPN is certainly an emerging technology which provides companies a good alternative to the more

expensive WAN technology. VPN utilises the well-established Internet to securely send its data from

one location to another. The VPN connections between users are secure in that tried and tested

encryption methods have been integrated within the system. In addition, VPN caters for mobile

users on the move this by wireless VPN technology and can transfer data such a text, Voice over IP

(VoIP) and image frames.

Project Proposal - · PDF file27.08.2010 · Project Proposal NET200 networkfalcons.wordpress.com 1 Executive Summary The ‘there4 travel’ is a new travel agency to be based...

Documents